|
Plagegeister aller Art und deren Bekämpfung: Vermutlich Gehackt. Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.07.2015, 19:43 | #1 | |
| Vermutlich Gehackt. Was tun? Hallo werte Mitglieder des Trojaner Boards, ich habe die Befürchtung, dass ich Opfer eines Hackers bin. Der Verdacht beruht darauf, dass ich einen Drohanruf (Morddrohungen etc.) auf mein Handy bekam, mit unterdrückter Nummer. Die Person war mir fremd und sie machte Angaben zu meinem Namen, meinen Wohnort (Sadtteil) und hatte natürlich meine Nummer. Ich gehe davon aus, das die es von meiner IP hat, doch woher er meine Nummer hat ist mir unbekannt (mein Handy war aber über das Wlan verbunden). Ich war einen Tag ohne Router, sondern nur mit dem Modem unterwegs und zack. Ich habe Wochen vorher schon die Drohung bekommen gehackt zu werden von einer Person, die ich nur online über Steam kannte und die in meiner Steam Freundesliste war (und daher vermutlich die IP hatte). Was ist zu tun, um mein System zu sichern? Die Polizei ist eingeschaltet, doch ich habe die Befürchtung, das er mich noch spionieren könnte. Ich habe mit Avast und Spybot nach Viren gescannt, aber mein System ist angeblich sauber. Woher kann er sonst meine Nummer haben? Ich habe sie auf keiner Seite außer Paypal angegeben und auf Steam, meiner Email und Paypal andere Passwörter. Ich achtete immer sehr darauf, mir nichts einzufangen, aber gegen einen Hacker ist man wohl relativ machtlos. Was ist euer Rat? Hier mal ein Hijackthoislog, falls er hilft: Zitat:
|
13.07.2015, 19:57 | #2 |
/// the machine /// TB-Ausbilder | Vermutlich Gehackt. Was tun? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
13.07.2015, 20:23 | #3 |
| Vermutlich Gehackt. Was tun? Danke für die Antwort. Hier die Dateien.
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by [user] (administrator) on [user]-PC on 13-07-2015 21:17:15 Running from E:\Downloads Loaded Profiles: [user] (Available Profiles: [user] & [user2]) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\afwServ.exe (Avast Software) F:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) F:\Program Files\AVAST Software\Avast\ng\ngservice.exe (CMedia) C:\Program Files\ASUS Xonar D1 Audio\Customapp\AsusAudioCenter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Advanced Micro Devices Inc.) F:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) F:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Trend Micro Inc.) E:\Downloads\HiJackThis204(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => F:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-18] (Avast Software s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] => F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => F:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\Run: [Dxtory Update Checker 2.0] => F:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-17] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => F:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-18] (Avast Software s.r.o.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-28] (Avast Software s.r.o.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158 Tcpip\..\Interfaces\{5D6E13FD-ADDB-4F36-80F3-79C63EC79F63}: [DhcpNameServer] 80.69.103.78 80.69.102.158 FireFox: ======== FF ProfilePath: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Extension: Ghostery - C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default\Extensions\firefox@ghostery.com.xpi [2014-11-17] FF Extension: BetterTTV - C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-11-17] FF Extension: Adblock Plus - C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - F:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - F:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-17] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - F:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - F:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; F:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-18] (Avast Software s.r.o.) R2 avast! Firewall; F:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-06-22] (Avast Software s.r.o.) R3 AvastVBoxSvc; F:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-18] (Avast Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-10] () S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.) S3 Microsoft Office Groove Audit Service; F:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) S4 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S4 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S4 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-18] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-06-22] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-18] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-06-22] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-18] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-18] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-18] (Avast Software s.r.o.) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-11-17] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-18] () R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0004.sys [28768 2014-12-17] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 VBoxAswDrv; F:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-18] (Avast Software) S3 WinRing0_1_2_0; \??\F:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-13 21:17 - 2015-07-13 21:17 - 00000000 ____D C:\FRST 2015-07-13 20:11 - 2015-07-13 20:12 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Raptr 2015-07-13 20:11 - 2015-07-13 20:11 - 00000000 ____D C:\Users\[user]\AppData\Roaming\library_dir 2015-07-13 20:11 - 2015-07-13 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2015-07-13 20:11 - 2015-07-13 20:11 - 00000000 ____D C:\Program Files (x86)\Raptr 2015-07-13 20:10 - 2015-07-13 20:10 - 00052335 _____ C:\Windows\SysWOW64\CCCInstall_201507132010563129.log 2015-07-13 20:10 - 2015-07-13 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-07-13 20:09 - 2015-07-13 20:09 - 00000000 ____D C:\ProgramData\ATI 2015-07-13 20:08 - 2015-07-13 20:08 - 00000000 ____D C:\Program Files\AMD 2015-07-09 19:05 - 2015-07-09 19:05 - 00000000 ____D C:\Users\[user]\Documents\ProcAlyzer Dumps 2015-07-07 19:03 - 2015-07-09 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-01 03:00 - 2015-07-01 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2015-06-29 10:44 - 2015-06-29 10:44 - 00000000 ____D C:\Users\[user]\AppData\Local\Logitech® Webcam-Software 2015-06-29 10:42 - 2015-06-29 10:42 - 00000000 ____D C:\Users\[user]\Documents\Videomaskenprojekte 2015-06-29 10:42 - 2015-06-29 10:42 - 00000000 ____D C:\ProgramData\LogiShrd 2015-06-29 10:38 - 2015-06-29 10:38 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Leadertech 2015-06-29 10:38 - 2015-06-29 10:38 - 00000000 ____D C:\ProgramData\Logitech 2015-06-29 10:37 - 2015-06-29 10:37 - 00001624 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2015-06-29 10:37 - 2015-06-29 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-06-29 10:35 - 2015-06-29 10:38 - 00000000 ____D C:\Program Files\Common Files\logishrd 2015-06-29 10:35 - 2015-06-29 10:35 - 00008150 _____ C:\Windows\system32\lvcoinst.log 2015-06-26 23:31 - 2015-06-26 23:39 - 00000000 ___RD C:\Users\[user]\Dropbox 2015-06-26 23:31 - 2015-06-26 23:31 - 00001230 _____ C:\Users\[user]\Desktop\Dropbox.lnk 2015-06-26 23:30 - 2015-06-26 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-26 23:29 - 2015-07-13 20:34 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-06-26 23:29 - 2015-07-13 20:16 - 00001208 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-06-26 23:29 - 2015-06-26 23:38 - 00000000 ____D C:\Users\[user]\AppData\Local\Dropbox 2015-06-26 23:29 - 2015-06-26 23:31 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-06-26 23:29 - 2015-06-26 23:29 - 00004208 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2015-06-26 23:29 - 2015-06-26 23:29 - 00003956 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2015-06-26 23:29 - 2015-06-26 23:29 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Dropbox 2015-06-26 23:29 - 2015-06-26 23:29 - 00000000 ____D C:\ProgramData\Dropbox 2015-06-23 04:09 - 2015-06-23 04:09 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 11941000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 10087472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 07927568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 07407400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 01191320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-06-23 04:05 - 2015-06-23 04:05 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2015-06-23 04:03 - 2015-06-23 04:03 - 21612032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-06-23 03:59 - 2015-06-23 03:59 - 47782912 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-06-23 03:59 - 2015-06-23 03:59 - 00235008 _____ C:\Windows\system32\clinfo.exe 2015-06-23 03:58 - 2015-06-23 03:58 - 39712256 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-06-23 03:57 - 2015-06-23 03:57 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-06-23 03:57 - 2015-06-23 03:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-06-23 03:55 - 2015-06-23 03:55 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll 2015-06-23 03:55 - 2015-06-23 03:55 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll 2015-06-23 03:33 - 2015-06-23 03:33 - 06476288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2015-06-23 03:33 - 2015-06-23 03:33 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2015-06-23 03:33 - 2015-06-23 03:33 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2015-06-23 03:28 - 2015-06-23 03:28 - 05067264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2015-06-23 03:27 - 2015-06-23 03:27 - 30749184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-06-23 03:25 - 2015-06-23 03:25 - 00093184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2015-06-23 03:25 - 2015-06-23 03:25 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2015-06-23 03:22 - 2015-06-23 03:22 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2015-06-23 03:22 - 2015-06-23 03:22 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2015-06-23 03:21 - 2015-06-23 03:21 - 25296896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-06-23 03:21 - 2015-06-23 03:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll 2015-06-23 03:20 - 2015-06-23 03:20 - 03437632 _____ C:\Windows\system32\atiumd6a.cap 2015-06-23 03:19 - 2015-06-23 03:19 - 00660224 _____ C:\Windows\SysWOW64\atiapfxx.blb 2015-06-23 03:19 - 2015-06-23 03:19 - 00660224 _____ C:\Windows\system32\atiapfxx.blb 2015-06-23 03:19 - 2015-06-23 03:19 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-06-23 03:19 - 2015-06-23 03:19 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-06-23 03:19 - 2015-06-23 03:19 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-06-23 03:19 - 2015-06-23 03:19 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-06-23 03:19 - 2015-06-23 03:19 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-06-23 03:18 - 2015-06-23 03:18 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-06-23 03:18 - 2015-06-23 03:18 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-06-23 03:16 - 2015-06-23 03:16 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-06-23 03:14 - 2015-06-23 03:14 - 00670720 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00245760 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll 2015-06-23 03:14 - 2015-06-23 03:14 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-06-23 03:14 - 2015-06-23 03:14 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2015-06-23 03:14 - 2015-06-23 03:14 - 00160256 _____ C:\Windows\system32\atieah64.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-06-23 03:12 - 2015-06-23 03:12 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2015-06-23 03:12 - 2015-06-23 03:12 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2015-06-23 03:11 - 2015-06-23 03:11 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-06-23 03:11 - 2015-06-23 03:11 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00663552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-06-23 03:10 - 2015-06-23 03:10 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-06-23 03:09 - 2015-06-23 03:09 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll 2015-06-23 03:09 - 2015-06-23 03:09 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll 2015-06-23 03:07 - 2015-06-23 03:07 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-06-22 21:36 - 2015-06-22 21:36 - 00001000 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-06-22 21:35 - 2015-06-22 21:35 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-06-22 21:35 - 2015-05-18 20:00 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-22 17:58 - 2015-06-22 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-22 17:58 - 2015-06-22 17:58 - 00001060 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-06-22 17:57 - 2015-06-22 17:57 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-06-22 09:14 - 2015-06-22 09:14 - 00830518 _____ C:\Windows\system32\amdicdxx.dat 2015-06-17 08:29 - 2015-06-17 08:29 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\Mozilla 2015-06-17 08:29 - 2015-06-17 08:29 - 00000000 ____D C:\Users\[user2]\AppData\Local\Mozilla 2015-06-17 08:28 - 2015-06-17 08:34 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\OBS 2015-06-17 08:28 - 2015-06-17 08:28 - 00001248 _____ C:\Users\[user2]\Desktop\OBS - Verknüpfung.lnk 2015-06-17 08:26 - 2015-06-17 08:26 - 00114992 _____ C:\Users\[user2]\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-17 08:26 - 2015-06-17 08:26 - 00001425 _____ C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-17 08:26 - 2015-06-17 08:26 - 00000020 ___SH C:\Users\[user2]\ntuser.ini 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Vorlagen 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Startmenü 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Netzwerkumgebung 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Lokale Einstellungen 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Eigene Dateien 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Druckumgebung 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Documents\Eigene Musik 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Documents\Eigene Bilder 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\AppData\Local\Verlauf 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\AppData\Local\Anwendungsdaten 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Anwendungsdaten 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\AVAST Software 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\ATI 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\ASUS 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\Adobe 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Local\VirtualStore 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Local\GWX 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Local\ATI 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2] 2015-06-17 08:26 - 2014-12-10 04:02 - 00000000 ____D C:\Users\[user2]\AppData\Local\Microsoft Help 2015-06-17 08:26 - 2014-11-19 00:43 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\Macromedia 2015-06-17 08:26 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-17 08:26 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-16 05:05 - 2015-07-13 20:25 - 00007507 _____ C:\Users\[user]\Desktop\hijackthis.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-13 20:36 - 2014-11-27 13:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-13 20:33 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-13 20:33 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-13 20:21 - 2014-11-17 15:57 - 01453932 _____ C:\Windows\WindowsUpdate.log 2015-07-13 20:16 - 2015-02-11 13:58 - 00013995 _____ C:\Windows\setupact.log 2015-07-13 20:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-10 11:17 - 2014-11-18 21:33 - 00000000 ____D C:\Users\[user]\AppData\Local\Battle.net 2015-07-10 10:44 - 2014-11-17 16:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-09 23:48 - 2014-11-18 01:54 - 00000000 ____D C:\Users\[user]\AppData\Local\Spotify 2015-07-09 23:20 - 2014-11-18 01:53 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Spotify 2015-07-09 19:11 - 2015-01-15 03:49 - 00000132 _____ C:\Users\[user]\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-07-09 19:03 - 2015-06-04 11:53 - 00000000 ____D C:\AdwCleaner 2015-07-09 01:36 - 2014-11-27 13:01 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-09 01:36 - 2014-11-17 19:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-09 01:36 - 2014-11-17 19:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-09 00:44 - 2015-03-21 16:58 - 00012182 _____ C:\Windows\PFRO.log 2015-07-09 00:44 - 2014-11-17 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-08 00:14 - 2014-11-17 22:45 - 00000000 ____D C:\Users\[user]\AppData\Roaming\OBS 2015-07-07 23:08 - 2015-01-07 14:08 - 00000000 ____D C:\Users\[user]\AppData\Local\Arma 3 2015-07-07 18:23 - 2015-05-26 15:30 - 00000000 ____D C:\Users\[user]\AppData\Local\Deployment 2015-06-30 23:07 - 2015-06-02 12:35 - 00000000 ____D C:\Users\[user]\.chatty 2015-06-30 15:19 - 2014-11-18 01:48 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Audacity 2015-06-30 14:07 - 2014-12-17 18:55 - 00000000 ____D C:\Windows\pss 2015-06-29 21:04 - 2015-04-07 18:49 - 00000000 ____D C:\Users\[user]\Desktop\dayz0.55 2015-06-29 04:17 - 2014-11-18 21:52 - 00000000 ____D C:\Users\[user]\AppData\Roaming\vlc 2015-06-29 02:08 - 2014-11-19 15:48 - 00000000 __SHD C:\Users\[user]\AppData\Local\EmieUserList 2015-06-29 02:08 - 2014-11-19 15:48 - 00000000 __SHD C:\Users\[user]\AppData\Local\EmieSiteList 2015-06-29 02:08 - 2014-11-19 15:48 - 00000000 __SHD C:\Users\[user]\AppData\Local\EmieBrowserModeList 2015-06-26 23:31 - 2014-11-17 15:57 - 00000000 ____D C:\Users\[user] 2015-06-26 21:36 - 2014-11-17 16:38 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-06-25 19:16 - 2015-01-04 22:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-25 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-23 17:19 - 2014-11-17 22:45 - 00000000 ____D C:\Program Files\OBS 2015-06-23 13:30 - 2014-11-17 19:52 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-23 04:08 - 2014-11-06 05:40 - 08890576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-06-23 04:08 - 2014-11-06 05:40 - 01440592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-06-23 04:08 - 2014-11-06 05:40 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-06-23 04:08 - 2014-11-06 05:39 - 08786040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-06-23 03:14 - 2014-11-06 04:26 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-06-23 03:11 - 2014-11-06 04:14 - 01246208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-06-17 10:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-15 20:56 - 2014-11-18 00:59 - 00000828 _____ C:\Users\[user]\Desktop\Dxtory.lnk 2015-06-15 20:56 - 2014-11-18 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0 ==================== Files in the root of some directories ======= 2014-11-20 14:22 - 2015-01-15 03:49 - 0000132 _____ () C:\Users\[user]\AppData\Roaming\Adobe GIF Format CS5 Prefs 2015-01-15 03:49 - 2015-07-09 19:11 - 0000132 _____ () C:\Users\[user]\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-03-17 18:46 - 2015-03-17 18:46 - 0000098 _____ () C:\Users\[user]\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg 2015-03-17 18:16 - 2015-03-17 18:25 - 0006856 _____ () C:\Users\[user]\AppData\Roaming\TheHunterPrimevalSettings_live.bin 2015-03-17 18:15 - 2015-03-17 18:15 - 0000040 _____ () C:\Users\[user]\AppData\Roaming\TheHunterPrimevalSettings_live.cfg Some files in TEMP: ==================== C:\Users\[user]\AppData\Local\Temp\raptrpatch.exe C:\Users\[user]\AppData\Local\Temp\raptr_stub.exe C:\Users\[user]\AppData\Local\Temp\tmp1DEB.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-09 11:18 ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by [user] at 2015-07-13 21:17:34 Running from E:\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1498198781-3518620365-1429332980-500 - Administrator - Disabled) [user] (S-1-5-21-1498198781-3518620365-1429332980-1000 - Administrator - Enabled) => C:\Users\[user] Gast (S-1-5-21-1498198781-3518620365-1429332980-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1498198781-3518620365-1429332980-1002 - Limited - Enabled) [user2] (S-1-5-21-1498198781-3518620365-1429332980-1003 - Administrator - Enabled) => C:\Users\[user2] ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) ASUS Xonar D1 Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - ) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden CCGLauncher version 0.0.0.7 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.0.0.7 - Custom Combat Gaming) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - ) Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com) Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden Dxtory version 2.0.130 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.130 - ExKode Co. Ltd.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios) Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.) Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games) Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North) H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hektor (HKLM-x32\...\Steam App 334070) (Version: - Rubycone) Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PingPlotter 4.00.3 (HKLM-x32\...\{170A0B35-1F88-423B-B023-5B3DF90F9A8E}) (Version: 4.0.3.6 - Pingman Tools, LLC) Raptr (HKLM-x32\...\Raptr) (Version: - ) Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games) SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - ) Slender: The Arrival (HKLM-x32\...\Steam App 252330) (Version: - Blue Isle Studios) Spotify (HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Startfenster (HKLM\...\Startfenster) (Version: - Startfenster) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd) The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED) theHunter: Primal (HKLM-x32\...\Steam App 322920) (Version: - Expansive Worlds) This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios) TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software) TwitchAlerts (HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Vegas Pro 12.0 (64-bit) (HKLM\...\{A7C8BBDE-FE98-11E1-87C9-F04DA23A5C58}) (Version: 12.0.367 - Sony) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Wireshark 1.12.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, hxxp://www.wireshark.org) WS Launcher (HKLM-x32\...\{575E5E77-2C8E-405F-AB8E-9A7418B704CF}) (Version: 0.0.0.9 - Launcher) WS Launcher (HKLM-x32\...\{7F654DB0-0749-43AA-8918-FBE2F9BEB891}) (Version: 3.0.2.5 - Launcher) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 23-06-2015 12:34:28 Geplanter Prüfpunkt 26-06-2015 12:56:31 Windows Update 30-06-2015 13:48:41 Windows Update 01-07-2015 03:00:13 Windows Update 07-07-2015 17:59:42 Windows Update 13-07-2015 20:00:01 Windows Update 13-07-2015 20:17:56 Removed Java 8 Update 45 (64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-07-09 18:55 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {22A7DA14-F00D-4DAE-BAB4-8FACD50F83EB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.) Task: {2CEB3F23-FDC0-4FDE-B59A-ABEC3B65C783} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated) Task: {63B57EB4-5813-406B-BABF-B2B9875E1869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated) Task: {7DFA040F-DA19-4011-B539-8E6DA5A34ED8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.) Task: {AF962107-80FD-4BA0-A768-E223B9F87C63} - System32\Tasks\avast! Emergency Update => F:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-22] (Avast Software s.r.o.) Task: {FA65A090-CEB8-461C-9F0F-E3B77C452C2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-18 20:00 - 2015-05-18 20:00 - 00104400 _____ () F:\Program Files\AVAST Software\Avast\log.dll 2015-05-18 20:00 - 2015-05-18 20:00 - 00081728 _____ () F:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-13 19:55 - 2015-07-13 19:55 - 02956288 _____ () F:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll 2014-11-17 16:31 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar D1 Audio\Customapp\VmixP8.dll 2015-03-28 17:11 - 2015-03-28 17:12 - 40540672 _____ () F:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-17 20:25 - 2015-04-16 19:40 - 00776192 _____ () F:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 02:22 - 2015-04-23 04:16 - 04962816 _____ () F:\Program Files (x86)\Steam\v8.dll 2015-01-20 02:22 - 2015-04-23 04:16 - 01556992 _____ () F:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 02:22 - 2015-04-23 04:16 - 01187840 _____ () F:\Program Files (x86)\Steam\icuuc.dll 2014-11-17 20:25 - 2015-06-04 20:56 - 02407104 _____ () F:\Program Files (x86)\Steam\video.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 02396672 _____ () F:\Program Files (x86)\Steam\libavcodec-56.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00442880 _____ () F:\Program Files (x86)\Steam\libavutil-54.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00479744 _____ () F:\Program Files (x86)\Steam\libavformat-56.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00332800 _____ () F:\Program Files (x86)\Steam\libavresample-2.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00485888 _____ () F:\Program Files (x86)\Steam\libswscale-3.dll 2014-11-17 20:25 - 2015-06-04 20:56 - 00703168 _____ () F:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-11-17 20:25 - 2015-05-11 21:01 - 36302728 _____ () F:\Program Files (x86)\Steam\bin\libcef.dll 2015-05-14 13:51 - 2015-05-11 21:01 - 08958344 _____ () F:\Program Files (x86)\Steam\bin\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 80.69.103.78 - 80.69.102.158 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) ME Service => 2 MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\Services: SDWSCService => 2 MSCONFIG\Services: SEVPNCLIENT => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: UMVPFSrv => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^[user]^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\[user]\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" MSCONFIG\startupreg: LWS => F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: SDTray => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "F:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\[user]\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{D357D961-E459-420E-AED8-41C43388C48C}C:\users\[user]\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\[user]\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{23A91F7B-E589-465B-AC1B-F4FCF82459F0}C:\users\[user]\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\[user]\appdata\local\akamai\netsession_win.exe FirewallRules: [{1ADF1F9B-3FE8-4177-8077-3214478F6BC4}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E10D5ACD-7340-4A78-A83C-C50BDAB0E271}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{348BD086-6F1B-4DBB-ABF3-2F9EE8BF5B97}] => (Allow) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B2B0B0DD-9299-469F-9D3A-86FE2DD6E0F1}] => (Allow) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6F82AEBB-B957-4DF2-90BA-6DD83C757698}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe FirewallRules: [{81BF78AA-DBB9-4CFA-93A7-A40649AB067E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe FirewallRules: [TCP Query User{797D826B-AB5C-4072-82AC-5143840710F8}C:\users\[user]\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\[user]\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{B1726B87-0795-4893-A88F-9253F7DF4E50}C:\users\[user]\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\[user]\appdata\roaming\spotify\spotify.exe FirewallRules: [{A672B2EB-BD37-48F9-8FC1-FFBB1BF241E7}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{96CC6F77-DBE9-4BBA-BDB5-A0300D98C953}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{E25206BC-3C08-46B2-B348-3F18E1489A2B}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3C1DE7D8-D01C-413B-ABA3-6650D2C4E5D0}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{418C25A6-AE4B-413F-9FC8-1AD1A9ACD953}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{BC013988-F13B-45F1-A139-C757219FDBF8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{BD9158BE-D6D1-4F08-BAAD-50D7E902945B}] => (Allow) F:\Program Files (x86)\Battlenet\Battle.net\Battle.net.exe FirewallRules: [{33083C9C-167C-43B9-8736-58085AFF860A}] => (Allow) F:\Program Files (x86)\Battlenet\Battle.net\Battle.net.exe FirewallRules: [{9BAE11BE-6BB8-41AC-9DA8-E493EF1EFCC6}] => (Allow) F:\Program Files (x86)\Hearthstone\Hearthstone\Hearthstone.exe FirewallRules: [{3CBC552F-59FD-4B95-A8F4-1F9748598B1B}] => (Allow) F:\Program Files (x86)\Hearthstone\Hearthstone\Hearthstone.exe FirewallRules: [{F1544B66-CCC4-4952-A038-8ACC791BBFBF}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{C3355802-5561-4DDF-A518-9F15DB383673}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{620FE6A2-44BA-4528-9AC1-9FEE52D1FB72}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{874F3A89-1F43-4F4F-8FEB-23223E50A8F1}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{8CE09709-C7D6-409B-90CF-D75816C8D2B7}] => (Block) F:\Program Files\Photoshop\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe FirewallRules: [{8D0C7839-403B-48C7-8931-7823A4D2D7E8}] => (Block) F:\Program Files\Photoshop\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe FirewallRules: [{DF596239-8964-42AF-BDAD-768DA63E7577}] => (Block) F:\Program Files\Photoshop\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe FirewallRules: [TCP Query User{C9617F72-D45C-47EB-A7E9-D12A9A5C2985}F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe FirewallRules: [UDP Query User{CC366227-F7DC-4D6C-9B0F-E558B29A462A}F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe FirewallRules: [TCP Query User{8D721BF2-BEC9-4762-B70A-62276FBDD35D}F:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) F:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [UDP Query User{7289EE43-DD49-48C2-A805-9F91C73EAC30}F:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) F:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [{C08FDCF6-A84C-4E3B-8D94-36E09761980B}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe FirewallRules: [{6F7B3176-F503-4D39-8B2F-1A26DFCFB647}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe FirewallRules: [{3141EE2F-BF2F-4BC6-BC2F-B6045216214E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe FirewallRules: [{0A778F50-F146-41AC-86C1-C98F955D6276}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe FirewallRules: [{B4349BDE-E254-42C3-85E2-DA2747A3D065}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{49B11CEF-DFA6-4E82-B422-72E60DEBCE0B}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{858058B3-D6F1-4228-9B81-9378C2375395}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe FirewallRules: [{A35F1B94-5D79-40A3-A97D-B94EE915FFA0}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe FirewallRules: [{6B6CD793-037A-450B-9345-A03743332D3D}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{978CDA68-4E54-43FE-94FA-1EFF3CBAEC56}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{AF0DCCE2-8AA0-4ECC-BF93-AD58013FE49D}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe FirewallRules: [{ACF20418-F17E-468F-BD11-18AD1F84DB60}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe FirewallRules: [{3C2946A1-9262-47C8-B4EB-56058104F868}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{12380E54-B8F0-4F5F-9512-4783C43E573F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{00DF5F87-40DA-4661-8550-A7D87E7F7E40}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{ADDE8ACE-FB89-4491-B572-1B22771F0A4E}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [{89481AAE-65DE-46F9-BADE-F23FEEA548C0}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{A3258D18-052A-4F32-AB2F-9D52D9D5DD7D}] => (Allow) F:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{F2411616-A278-4B16-99D2-CB6C08454FBC}] => (Allow) F:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{32760B3F-524B-4047-AAB8-8C8976C330BC}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{2D9B8368-1B7A-42B7-8927-43E9FC38CEBD}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe FirewallRules: [{5C9A358E-FFAF-4B13-BE59-5C879B81B265}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe FirewallRules: [TCP Query User{2653C44E-7536-43C4-A48C-8FA1CDCF583A}F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [UDP Query User{F1B0D6D2-514F-48E5-835D-7BE6B955822B}F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [{4C390EB5-1F5B-4D93-A122-468655376086}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D2E5862C-BADE-4CF7-AB39-5A0ECD1B67AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{989ABF3D-65CE-4C1F-9420-36D4B76D3436}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe FirewallRules: [{2C4015A8-1D18-4526-9FD2-D7E1D459F5ED}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe FirewallRules: [{A3FD2E47-4E36-45F7-AC6B-2F4B2FDCA886}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{6D2B6D23-225F-42CC-9292-31AC4A878460}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{BC234D6B-8B6C-4B14-972E-E528FAD0C0EF}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe FirewallRules: [{9377CE36-6662-4B63-9878-8D89CF91DF5C}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe FirewallRules: [{FAB8A6CD-56B1-44EA-B1C6-F873C1A46E55}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe FirewallRules: [{9D1F9698-2E82-4339-81DF-2C60B31BA822}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe FirewallRules: [TCP Query User{A6F33C2B-B745-4166-8689-0D552D41A300}F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe FirewallRules: [UDP Query User{4F92BE1C-CC34-4B9E-B669-B2FE63D7E9CB}F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe FirewallRules: [TCP Query User{836DBD50-60CF-4FDB-94FB-06234000D4A5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{CCBA68E1-5921-4775-A41F-87733329B614}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{6E428937-E46E-4CD5-8D25-753F2631C9CF}F:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) F:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{E8E52207-0157-4F4A-B51D-C358D85B688F}F:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) F:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{F9969388-637E-4F45-8CED-3BAE75F4E5B8}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{0B767D6E-0722-4188-8AE3-34FFEAB796C3}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [TCP Query User{79DD403C-049D-4040-A15F-E6CA22912645}F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{8972BFB4-E4FB-46E1-B20F-50450AC3DD21}F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{9314D975-B6CF-450A-B5C3-5D933307ACC1}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe FirewallRules: [{2D0B065D-A51A-430F-91CF-3FA7C9D846CF}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe FirewallRules: [{340DF4FF-9C15-4F9E-9C0C-228C705900E8}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{92824602-055E-4F47-AAC2-CB28B4B32326}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{71AD1EE7-EFB5-4E38-8FB0-E091344B7C73}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\theHunterPrimal\launcher\launcher.exe FirewallRules: [{D786540A-DE5C-4820-9572-4A290C0722D8}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\theHunterPrimal\launcher\launcher.exe FirewallRules: [{B084FC52-AD9D-4289-9CD0-2C3AAA7D25CB}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{BE6250F5-8AE5-4345-BB5D-13FEEC3CA8D1}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{5AFDACE3-E962-4848-9781-F836896E02A6}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Hektor\HektorWin.exe FirewallRules: [{8CB2FA5D-63A3-47A6-88E8-F6177F0B3A33}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Hektor\HektorWin.exe FirewallRules: [{A2521D70-4D74-4808-A0DC-06BEB3ABE424}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{1732CA4D-06D5-4C73-AD4B-B7356A67E0D4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{510E0B8F-3AE0-4CCD-80BE-1CF0FF244ECB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{9DCDFCFF-C124-40B4-9A4D-9045BE0C3309}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E9A0E264-F875-4F79-85F9-9725A2051C82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{3A9035EA-5265-4755-BCAE-875DE01ADBA3}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe FirewallRules: [{EB3DF9CA-1D25-4A82-ABC6-E3879CF09B18}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2015 12:47:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x170c Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/09/2015 11:48:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x204 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/09/2015 06:18:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x199c Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 07:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1310 Startzeit: 01d0b9a01652977d Endzeit: 19 Anwendungspfad: F:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe Berichts-ID: Error: (07/08/2015 06:46:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x19fc Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 04:10:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 02:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10bc Startzeit: 01d0b9782de094ab Endzeit: 9 Anwendungspfad: UNKNOWN Berichts-ID: 751c8c20-256b-11e5-9aa3-00ac738c1840 Error: (07/08/2015 02:55:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x17e0 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 12:55:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x1fb4 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/02/2015 12:43:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001aa1 ID des fehlerhaften Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 System errors: ============= Error: (07/10/2015 10:48:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.201.1399.0) Error: (07/10/2015 10:44:46 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (07/09/2015 10:28:50 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/30/2015 02:13:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (06/22/2015 09:40:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/22/2015 06:00:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F319F1B8-7587-4146-AF9C-0D6D77819BF1} Error: (06/15/2015 08:24:46 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden. Error: (06/15/2015 08:24:46 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error: (06/15/2015 08:24:40 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error: (06/10/2015 01:26:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 18% Total physical RAM: 16303.1 MB Available physical RAM: 13233.92 MB Total Virtual: 32604.41 MB Available Virtual: 29332.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:18.09 GB) NTFS Drive d: (Aufnahme) (Fixed) (Total:931.51 GB) (Free:483.55 GB) NTFS Drive e: (Videos) (Fixed) (Total:465.76 GB) (Free:86.61 GB) NTFS Drive f: (Spiele & Programme) (Fixed) (Total:585.94 GB) (Free:338.85 GB) NTFS Drive g: (Daten) (Fixed) (Total:247.92 GB) (Free:154.02 GB) NTFS Drive h: (Technicolor CM) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B5736DE) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9D2D32F1) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 57EFD952) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=247.9 GB) - (Type=07 NTFS) ==================== End of log ============================ Geändert von KlausH123 (13.07.2015 um 20:29 Uhr) |
13.07.2015, 22:28 | #4 |
| Vermutlich Gehackt. Was tun? Ich poste die Ergebnisse nochmal, da das Programm nicht auf dem Desktop lief. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by [user] (administrator) on [user]-PC on 13-07-2015 23:17:55 Running from C:\Users\[user]\Desktop Loaded Profiles: [user] (Available Profiles: [user] & [user2]) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\afwServ.exe (Avast Software) F:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) F:\Program Files\AVAST Software\Avast\ng\ngservice.exe (CMedia) C:\Program Files\ASUS Xonar D1 Audio\Customapp\AsusAudioCenter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Advanced Micro Devices Inc.) F:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) F:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Trend Micro Inc.) E:\Downloads\HiJackThis204(1).exe (Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\[user]\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => F:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-18] (Avast Software s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] => F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => F:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\Run: [Dxtory Update Checker 2.0] => F:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-17] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => F:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-18] (Avast Software s.r.o.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-28] (Avast Software s.r.o.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-28] (Avast Software s.r.o.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158 Tcpip\..\Interfaces\{5D6E13FD-ADDB-4F36-80F3-79C63EC79F63}: [DhcpNameServer] 80.69.103.78 80.69.102.158 FireFox: ======== FF ProfilePath: C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Extension: Ghostery - C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default\Extensions\firefox@ghostery.com.xpi [2014-11-17] FF Extension: BetterTTV - C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-11-17] FF Extension: Adblock Plus - C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\k6znsua0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-17] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - F:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - F:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-17] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - F:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - F:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; F:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-18] (Avast Software s.r.o.) R2 avast! Firewall; F:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-06-22] (Avast Software s.r.o.) R3 AvastVBoxSvc; F:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-18] (Avast Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-10] () S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.) S3 Microsoft Office Groove Audit Service; F:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) S4 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S4 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S4 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-18] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-06-22] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-18] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-06-22] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-18] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-18] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-18] (Avast Software s.r.o.) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-11-17] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-18] () R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0004.sys [28768 2014-12-17] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 VBoxAswDrv; F:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-18] (Avast Software) S3 WinRing0_1_2_0; \??\F:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-13 23:17 - 2015-07-13 23:18 - 00017250 _____ C:\Users\[user]\Desktop\FRST.txt 2015-07-13 23:17 - 2015-07-13 23:17 - 02133504 _____ (Farbar) C:\Users\[user]\Desktop\FRST64(1).exe 2015-07-13 21:17 - 2015-07-13 23:17 - 00000000 ____D C:\FRST 2015-07-13 20:11 - 2015-07-13 20:12 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Raptr 2015-07-13 20:11 - 2015-07-13 20:11 - 00000000 ____D C:\Users\[user]\AppData\Roaming\library_dir 2015-07-13 20:11 - 2015-07-13 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2015-07-13 20:11 - 2015-07-13 20:11 - 00000000 ____D C:\Program Files (x86)\Raptr 2015-07-13 20:10 - 2015-07-13 20:10 - 00052335 _____ C:\Windows\SysWOW64\CCCInstall_201507132010563129.log 2015-07-13 20:10 - 2015-07-13 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-07-13 20:09 - 2015-07-13 20:09 - 00000000 ____D C:\ProgramData\ATI 2015-07-13 20:08 - 2015-07-13 20:08 - 00000000 ____D C:\Program Files\AMD 2015-07-09 19:05 - 2015-07-09 19:05 - 00000000 ____D C:\Users\[user]\Documents\ProcAlyzer Dumps 2015-07-07 19:03 - 2015-07-09 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-01 03:00 - 2015-07-01 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2015-06-29 10:44 - 2015-06-29 10:44 - 00000000 ____D C:\Users\[user]\AppData\Local\Logitech® Webcam-Software 2015-06-29 10:42 - 2015-06-29 10:42 - 00000000 ____D C:\Users\[user]\Documents\Videomaskenprojekte 2015-06-29 10:42 - 2015-06-29 10:42 - 00000000 ____D C:\ProgramData\LogiShrd 2015-06-29 10:38 - 2015-06-29 10:38 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Leadertech 2015-06-29 10:38 - 2015-06-29 10:38 - 00000000 ____D C:\ProgramData\Logitech 2015-06-29 10:37 - 2015-06-29 10:37 - 00001624 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2015-06-29 10:37 - 2015-06-29 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-06-29 10:35 - 2015-06-29 10:38 - 00000000 ____D C:\Program Files\Common Files\logishrd 2015-06-29 10:35 - 2015-06-29 10:35 - 00008150 _____ C:\Windows\system32\lvcoinst.log 2015-06-26 23:31 - 2015-06-26 23:39 - 00000000 ___RD C:\Users\[user]\Dropbox 2015-06-26 23:31 - 2015-06-26 23:31 - 00001230 _____ C:\Users\[user]\Desktop\Dropbox.lnk 2015-06-26 23:30 - 2015-06-26 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-26 23:29 - 2015-07-13 22:34 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-06-26 23:29 - 2015-07-13 20:16 - 00001208 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-06-26 23:29 - 2015-06-26 23:38 - 00000000 ____D C:\Users\[user]\AppData\Local\Dropbox 2015-06-26 23:29 - 2015-06-26 23:31 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-06-26 23:29 - 2015-06-26 23:29 - 00004208 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2015-06-26 23:29 - 2015-06-26 23:29 - 00003956 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2015-06-26 23:29 - 2015-06-26 23:29 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Dropbox 2015-06-26 23:29 - 2015-06-26 23:29 - 00000000 ____D C:\ProgramData\Dropbox 2015-06-23 04:09 - 2015-06-23 04:09 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2015-06-23 04:09 - 2015-06-23 04:09 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 11941000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 10087472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 07927568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 07407400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 01191320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2015-06-23 04:08 - 2015-06-23 04:08 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2015-06-23 04:05 - 2015-06-23 04:05 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys 2015-06-23 04:03 - 2015-06-23 04:03 - 21612032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys 2015-06-23 03:59 - 2015-06-23 03:59 - 47782912 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll 2015-06-23 03:59 - 2015-06-23 03:59 - 00235008 _____ C:\Windows\system32\clinfo.exe 2015-06-23 03:58 - 2015-06-23 03:58 - 39712256 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2015-06-23 03:57 - 2015-06-23 03:57 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-06-23 03:57 - 2015-06-23 03:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-06-23 03:55 - 2015-06-23 03:55 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll 2015-06-23 03:55 - 2015-06-23 03:55 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll 2015-06-23 03:33 - 2015-06-23 03:33 - 06476288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll 2015-06-23 03:33 - 2015-06-23 03:33 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll 2015-06-23 03:33 - 2015-06-23 03:33 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll 2015-06-23 03:28 - 2015-06-23 03:28 - 05067264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll 2015-06-23 03:27 - 2015-06-23 03:27 - 30749184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll 2015-06-23 03:25 - 2015-06-23 03:25 - 00093184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll 2015-06-23 03:25 - 2015-06-23 03:25 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll 2015-06-23 03:22 - 2015-06-23 03:22 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll 2015-06-23 03:22 - 2015-06-23 03:22 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll 2015-06-23 03:21 - 2015-06-23 03:21 - 25296896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2015-06-23 03:21 - 2015-06-23 03:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll 2015-06-23 03:20 - 2015-06-23 03:20 - 03437632 _____ C:\Windows\system32\atiumd6a.cap 2015-06-23 03:19 - 2015-06-23 03:19 - 00660224 _____ C:\Windows\SysWOW64\atiapfxx.blb 2015-06-23 03:19 - 2015-06-23 03:19 - 00660224 _____ C:\Windows\system32\atiapfxx.blb 2015-06-23 03:19 - 2015-06-23 03:19 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe 2015-06-23 03:19 - 2015-06-23 03:19 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll 2015-06-23 03:19 - 2015-06-23 03:19 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll 2015-06-23 03:19 - 2015-06-23 03:19 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2015-06-23 03:19 - 2015-06-23 03:19 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2015-06-23 03:18 - 2015-06-23 03:18 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll 2015-06-23 03:18 - 2015-06-23 03:18 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2015-06-23 03:16 - 2015-06-23 03:16 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap 2015-06-23 03:14 - 2015-06-23 03:14 - 00670720 _____ (AMD) C:\Windows\system32\atieclxx.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00245760 _____ (AMD) C:\Windows\system32\atiesrxx.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll 2015-06-23 03:14 - 2015-06-23 03:14 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll 2015-06-23 03:14 - 2015-06-23 03:14 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll 2015-06-23 03:14 - 2015-06-23 03:14 - 00160256 _____ C:\Windows\system32\atieah64.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe 2015-06-23 03:14 - 2015-06-23 03:14 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll 2015-06-23 03:12 - 2015-06-23 03:12 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll 2015-06-23 03:12 - 2015-06-23 03:12 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll 2015-06-23 03:11 - 2015-06-23 03:11 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2015-06-23 03:11 - 2015-06-23 03:11 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00663552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys 2015-06-23 03:10 - 2015-06-23 03:10 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2015-06-23 03:10 - 2015-06-23 03:10 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll 2015-06-23 03:09 - 2015-06-23 03:09 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll 2015-06-23 03:09 - 2015-06-23 03:09 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll 2015-06-23 03:07 - 2015-06-23 03:07 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll 2015-06-22 21:36 - 2015-06-22 21:36 - 00001000 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk 2015-06-22 21:35 - 2015-06-22 21:35 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-06-22 21:35 - 2015-05-18 20:00 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-22 17:58 - 2015-06-22 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-06-22 17:58 - 2015-06-22 17:58 - 00001060 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-06-22 17:57 - 2015-06-22 17:57 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-06-22 09:14 - 2015-06-22 09:14 - 00830518 _____ C:\Windows\system32\amdicdxx.dat 2015-06-17 08:29 - 2015-06-17 08:29 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\Mozilla 2015-06-17 08:29 - 2015-06-17 08:29 - 00000000 ____D C:\Users\[user2]\AppData\Local\Mozilla 2015-06-17 08:28 - 2015-06-17 08:34 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\OBS 2015-06-17 08:28 - 2015-06-17 08:28 - 00001248 _____ C:\Users\[user2]\Desktop\OBS - Verknüpfung.lnk 2015-06-17 08:26 - 2015-06-17 08:26 - 00114992 _____ C:\Users\[user2]\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-17 08:26 - 2015-06-17 08:26 - 00001425 _____ C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-17 08:26 - 2015-06-17 08:26 - 00000020 ___SH C:\Users\[user2]\ntuser.ini 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Vorlagen 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Startmenü 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Netzwerkumgebung 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Lokale Einstellungen 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Eigene Dateien 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Druckumgebung 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Documents\Eigene Musik 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Documents\Eigene Bilder 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\AppData\Local\Verlauf 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\AppData\Local\Anwendungsdaten 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 _SHDL C:\Users\[user2]\Anwendungsdaten 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\AVAST Software 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\ATI 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\ASUS 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\Adobe 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Local\VirtualStore 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Local\GWX 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2]\AppData\Local\ATI 2015-06-17 08:26 - 2015-06-17 08:26 - 00000000 ____D C:\Users\[user2] 2015-06-17 08:26 - 2014-12-10 04:02 - 00000000 ____D C:\Users\[user2]\AppData\Local\Microsoft Help 2015-06-17 08:26 - 2014-11-19 00:43 - 00000000 ____D C:\Users\[user2]\AppData\Roaming\Macromedia 2015-06-17 08:26 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-17 08:26 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\[user2]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-16 05:05 - 2015-07-13 20:25 - 00007507 _____ C:\Users\[user]\Desktop\hijackthis.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-13 22:36 - 2014-11-27 13:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-13 22:21 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-13 22:21 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-13 22:15 - 2014-11-17 15:57 - 01458208 _____ C:\Windows\WindowsUpdate.log 2015-07-13 20:16 - 2015-02-11 13:58 - 00013995 _____ C:\Windows\setupact.log 2015-07-13 20:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-10 11:17 - 2014-11-18 21:33 - 00000000 ____D C:\Users\[user]\AppData\Local\Battle.net 2015-07-10 10:44 - 2014-11-17 16:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-09 23:48 - 2014-11-18 01:54 - 00000000 ____D C:\Users\[user]\AppData\Local\Spotify 2015-07-09 23:20 - 2014-11-18 01:53 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Spotify 2015-07-09 19:11 - 2015-01-15 03:49 - 00000132 _____ C:\Users\[user]\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-07-09 19:03 - 2015-06-04 11:53 - 00000000 ____D C:\AdwCleaner 2015-07-09 01:36 - 2014-11-27 13:01 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-09 01:36 - 2014-11-17 19:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-09 01:36 - 2014-11-17 19:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-09 00:44 - 2015-03-21 16:58 - 00012182 _____ C:\Windows\PFRO.log 2015-07-09 00:44 - 2014-11-17 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-08 00:14 - 2014-11-17 22:45 - 00000000 ____D C:\Users\[user]\AppData\Roaming\OBS 2015-07-07 23:08 - 2015-01-07 14:08 - 00000000 ____D C:\Users\[user]\AppData\Local\Arma 3 2015-07-07 18:23 - 2015-05-26 15:30 - 00000000 ____D C:\Users\[user]\AppData\Local\Deployment 2015-06-30 23:07 - 2015-06-02 12:35 - 00000000 ____D C:\Users\[user]\.chatty 2015-06-30 15:19 - 2014-11-18 01:48 - 00000000 ____D C:\Users\[user]\AppData\Roaming\Audacity 2015-06-30 14:07 - 2014-12-17 18:55 - 00000000 ____D C:\Windows\pss 2015-06-29 21:04 - 2015-04-07 18:49 - 00000000 ____D C:\Users\[user]\Desktop\dayz0.55 2015-06-29 04:17 - 2014-11-18 21:52 - 00000000 ____D C:\Users\[user]\AppData\Roaming\vlc 2015-06-29 02:08 - 2014-11-19 15:48 - 00000000 __SHD C:\Users\[user]\AppData\Local\EmieUserList 2015-06-29 02:08 - 2014-11-19 15:48 - 00000000 __SHD C:\Users\[user]\AppData\Local\EmieSiteList 2015-06-29 02:08 - 2014-11-19 15:48 - 00000000 __SHD C:\Users\[user]\AppData\Local\EmieBrowserModeList 2015-06-26 23:31 - 2014-11-17 15:57 - 00000000 ____D C:\Users\[user] 2015-06-26 21:36 - 2014-11-17 16:38 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-06-25 19:16 - 2015-01-04 22:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-25 18:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-23 17:19 - 2014-11-17 22:45 - 00000000 ____D C:\Program Files\OBS 2015-06-23 13:30 - 2014-11-17 19:52 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-23 04:08 - 2014-11-06 05:40 - 08890576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2015-06-23 04:08 - 2014-11-06 05:40 - 01440592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2015-06-23 04:08 - 2014-11-06 05:40 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2015-06-23 04:08 - 2014-11-06 05:39 - 08786040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2015-06-23 03:14 - 2014-11-06 04:26 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll 2015-06-23 03:11 - 2014-11-06 04:14 - 01246208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll 2015-06-17 10:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-15 20:56 - 2014-11-18 00:59 - 00000828 _____ C:\Users\[user]\Desktop\Dxtory.lnk 2015-06-15 20:56 - 2014-11-18 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0 ==================== Files in the root of some directories ======= 2014-11-20 14:22 - 2015-01-15 03:49 - 0000132 _____ () C:\Users\[user]\AppData\Roaming\Adobe GIF Format CS5 Prefs 2015-01-15 03:49 - 2015-07-09 19:11 - 0000132 _____ () C:\Users\[user]\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-03-17 18:46 - 2015-03-17 18:46 - 0000098 _____ () C:\Users\[user]\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg 2015-03-17 18:16 - 2015-03-17 18:25 - 0006856 _____ () C:\Users\[user]\AppData\Roaming\TheHunterPrimevalSettings_live.bin 2015-03-17 18:15 - 2015-03-17 18:15 - 0000040 _____ () C:\Users\[user]\AppData\Roaming\TheHunterPrimevalSettings_live.cfg Some files in TEMP: ==================== C:\Users\[user]\AppData\Local\Temp\raptrpatch.exe C:\Users\[user]\AppData\Local\Temp\raptr_stub.exe C:\Users\[user]\AppData\Local\Temp\tmp1DEB.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-09 11:18 ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by [user] at 2015-07-13 23:18:33 Running from C:\Users\[user]\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1498198781-3518620365-1429332980-500 - Administrator - Disabled) [user] (S-1-5-21-1498198781-3518620365-1429332980-1000 - Administrator - Enabled) => C:\Users\[user] Gast (S-1-5-21-1498198781-3518620365-1429332980-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1498198781-3518620365-1429332980-1002 - Limited - Enabled) [user2] (S-1-5-21-1498198781-3518620365-1429332980-1003 - Administrator - Enabled) => C:\Users\[user2] ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) ASUS Xonar D1 Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - ) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden CCGLauncher version 0.0.0.7 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.0.0.7 - Custom Combat Gaming) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - ) Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com) Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.29 - Dropbox, Inc.) Hidden Dxtory version 2.0.130 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.130 - ExKode Co. Ltd.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios) Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.) Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games) Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North) H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hektor (HKLM-x32\...\Steam App 334070) (Version: - Rubycone) Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PingPlotter 4.00.3 (HKLM-x32\...\{170A0B35-1F88-423B-B023-5B3DF90F9A8E}) (Version: 4.0.3.6 - Pingman Tools, LLC) Raptr (HKLM-x32\...\Raptr) (Version: - ) Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games) SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - ) Slender: The Arrival (HKLM-x32\...\Steam App 252330) (Version: - Blue Isle Studios) Spotify (HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Startfenster (HKLM\...\Startfenster) (Version: - Startfenster) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd) The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED) theHunter: Primal (HKLM-x32\...\Steam App 322920) (Version: - Expansive Worlds) This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios) TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software) TwitchAlerts (HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Vegas Pro 12.0 (64-bit) (HKLM\...\{A7C8BBDE-FE98-11E1-87C9-F04DA23A5C58}) (Version: 12.0.367 - Sony) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Wireshark 1.12.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, hxxp://www.wireshark.org) WS Launcher (HKLM-x32\...\{575E5E77-2C8E-405F-AB8E-9A7418B704CF}) (Version: 0.0.0.9 - Launcher) WS Launcher (HKLM-x32\...\{7F654DB0-0749-43AA-8918-FBE2F9BEB891}) (Version: 3.0.2.5 - Launcher) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 23-06-2015 12:34:28 Geplanter Prüfpunkt 26-06-2015 12:56:31 Windows Update 30-06-2015 13:48:41 Windows Update 01-07-2015 03:00:13 Windows Update 07-07-2015 17:59:42 Windows Update 13-07-2015 20:00:01 Windows Update 13-07-2015 20:17:56 Removed Java 8 Update 45 (64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-07-09 18:55 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {22A7DA14-F00D-4DAE-BAB4-8FACD50F83EB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.) Task: {2CEB3F23-FDC0-4FDE-B59A-ABEC3B65C783} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated) Task: {63B57EB4-5813-406B-BABF-B2B9875E1869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated) Task: {7DFA040F-DA19-4011-B539-8E6DA5A34ED8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.) Task: {AF962107-80FD-4BA0-A768-E223B9F87C63} - System32\Tasks\avast! Emergency Update => F:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-22] (Avast Software s.r.o.) Task: {FA65A090-CEB8-461C-9F0F-E3B77C452C2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-18 20:00 - 2015-05-18 20:00 - 00104400 _____ () F:\Program Files\AVAST Software\Avast\log.dll 2015-05-18 20:00 - 2015-05-18 20:00 - 00081728 _____ () F:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-13 19:55 - 2015-07-13 19:55 - 02956288 _____ () F:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll 2014-11-17 16:31 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar D1 Audio\Customapp\VmixP8.dll 2015-03-28 17:11 - 2015-03-28 17:12 - 40540672 _____ () F:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-17 20:25 - 2015-04-16 19:40 - 00776192 _____ () F:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 02:22 - 2015-04-23 04:16 - 04962816 _____ () F:\Program Files (x86)\Steam\v8.dll 2015-01-20 02:22 - 2015-04-23 04:16 - 01556992 _____ () F:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 02:22 - 2015-04-23 04:16 - 01187840 _____ () F:\Program Files (x86)\Steam\icuuc.dll 2014-11-17 20:25 - 2015-06-04 20:56 - 02407104 _____ () F:\Program Files (x86)\Steam\video.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 02396672 _____ () F:\Program Files (x86)\Steam\libavcodec-56.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00442880 _____ () F:\Program Files (x86)\Steam\libavutil-54.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00479744 _____ () F:\Program Files (x86)\Steam\libavformat-56.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00332800 _____ () F:\Program Files (x86)\Steam\libavresample-2.dll 2014-11-17 20:25 - 2014-12-01 23:31 - 00485888 _____ () F:\Program Files (x86)\Steam\libswscale-3.dll 2014-11-17 20:25 - 2015-06-04 20:56 - 00703168 _____ () F:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-11-17 20:25 - 2015-05-11 21:01 - 36302728 _____ () F:\Program Files (x86)\Steam\bin\libcef.dll 2015-05-14 13:51 - 2015-05-11 21:01 - 08958344 _____ () F:\Program Files (x86)\Steam\bin\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1498198781-3518620365-1429332980-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp DNS Servers: 80.69.103.78 - 80.69.102.158 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) ME Service => 2 MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\Services: SDWSCService => 2 MSCONFIG\Services: SEVPNCLIENT => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: UMVPFSrv => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^[user]^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\[user]\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" MSCONFIG\startupreg: LWS => F:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: SDTray => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "F:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\[user]\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{D357D961-E459-420E-AED8-41C43388C48C}C:\users\[user]\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\[user]\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{23A91F7B-E589-465B-AC1B-F4FCF82459F0}C:\users\[user]\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\[user]\appdata\local\akamai\netsession_win.exe FirewallRules: [{1ADF1F9B-3FE8-4177-8077-3214478F6BC4}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E10D5ACD-7340-4A78-A83C-C50BDAB0E271}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{348BD086-6F1B-4DBB-ABF3-2F9EE8BF5B97}] => (Allow) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B2B0B0DD-9299-469F-9D3A-86FE2DD6E0F1}] => (Allow) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6F82AEBB-B957-4DF2-90BA-6DD83C757698}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe FirewallRules: [{81BF78AA-DBB9-4CFA-93A7-A40649AB067E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ.exe FirewallRules: [TCP Query User{797D826B-AB5C-4072-82AC-5143840710F8}C:\users\[user]\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\[user]\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{B1726B87-0795-4893-A88F-9253F7DF4E50}C:\users\[user]\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\[user]\appdata\roaming\spotify\spotify.exe FirewallRules: [{A672B2EB-BD37-48F9-8FC1-FFBB1BF241E7}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{96CC6F77-DBE9-4BBA-BDB5-A0300D98C953}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe FirewallRules: [{E25206BC-3C08-46B2-B348-3F18E1489A2B}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{3C1DE7D8-D01C-413B-ABA3-6650D2C4E5D0}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{418C25A6-AE4B-413F-9FC8-1AD1A9ACD953}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{BC013988-F13B-45F1-A139-C757219FDBF8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{BD9158BE-D6D1-4F08-BAAD-50D7E902945B}] => (Allow) F:\Program Files (x86)\Battlenet\Battle.net\Battle.net.exe FirewallRules: [{33083C9C-167C-43B9-8736-58085AFF860A}] => (Allow) F:\Program Files (x86)\Battlenet\Battle.net\Battle.net.exe FirewallRules: [{9BAE11BE-6BB8-41AC-9DA8-E493EF1EFCC6}] => (Allow) F:\Program Files (x86)\Hearthstone\Hearthstone\Hearthstone.exe FirewallRules: [{3CBC552F-59FD-4B95-A8F4-1F9748598B1B}] => (Allow) F:\Program Files (x86)\Hearthstone\Hearthstone\Hearthstone.exe FirewallRules: [{F1544B66-CCC4-4952-A038-8ACC791BBFBF}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{C3355802-5561-4DDF-A518-9F15DB383673}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{620FE6A2-44BA-4528-9AC1-9FEE52D1FB72}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{874F3A89-1F43-4F4F-8FEB-23223E50A8F1}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{8CE09709-C7D6-409B-90CF-D75816C8D2B7}] => (Block) F:\Program Files\Photoshop\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe FirewallRules: [{8D0C7839-403B-48C7-8931-7823A4D2D7E8}] => (Block) F:\Program Files\Photoshop\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe FirewallRules: [{DF596239-8964-42AF-BDAD-768DA63E7577}] => (Block) F:\Program Files\Photoshop\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe FirewallRules: [TCP Query User{C9617F72-D45C-47EB-A7E9-D12A9A5C2985}F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe FirewallRules: [UDP Query User{CC366227-F7DC-4D6C-9B0F-E558B29A462A}F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\dayz\dayz_experimental.exe FirewallRules: [TCP Query User{8D721BF2-BEC9-4762-B70A-62276FBDD35D}F:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) F:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [UDP Query User{7289EE43-DD49-48C2-A805-9F91C73EAC30}F:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) F:\program files (x86)\dayzlauncher\dayzlauncher.exe FirewallRules: [{C08FDCF6-A84C-4E3B-8D94-36E09761980B}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe FirewallRules: [{6F7B3176-F503-4D39-8B2F-1A26DFCFB647}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe FirewallRules: [{3141EE2F-BF2F-4BC6-BC2F-B6045216214E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe FirewallRules: [{0A778F50-F146-41AC-86C1-C98F955D6276}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3.exe FirewallRules: [{B4349BDE-E254-42C3-85E2-DA2747A3D065}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{49B11CEF-DFA6-4E82-B422-72E60DEBCE0B}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{858058B3-D6F1-4228-9B81-9378C2375395}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe FirewallRules: [{A35F1B94-5D79-40A3-A97D-B94EE915FFA0}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe FirewallRules: [{6B6CD793-037A-450B-9345-A03743332D3D}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{978CDA68-4E54-43FE-94FA-1EFF3CBAEC56}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{AF0DCCE2-8AA0-4ECC-BF93-AD58013FE49D}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe FirewallRules: [{ACF20418-F17E-468F-BD11-18AD1F84DB60}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe FirewallRules: [{3C2946A1-9262-47C8-B4EB-56058104F868}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{12380E54-B8F0-4F5F-9512-4783C43E573F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{00DF5F87-40DA-4661-8550-A7D87E7F7E40}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{ADDE8ACE-FB89-4491-B572-1B22771F0A4E}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [{89481AAE-65DE-46F9-BADE-F23FEEA548C0}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{A3258D18-052A-4F32-AB2F-9D52D9D5DD7D}] => (Allow) F:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{F2411616-A278-4B16-99D2-CB6C08454FBC}] => (Allow) F:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{32760B3F-524B-4047-AAB8-8C8976C330BC}] => (Allow) F:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{2D9B8368-1B7A-42B7-8927-43E9FC38CEBD}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe FirewallRules: [{5C9A358E-FFAF-4B13-BE59-5C879B81B265}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe FirewallRules: [TCP Query User{2653C44E-7536-43C4-A48C-8FA1CDCF583A}F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [UDP Query User{F1B0D6D2-514F-48E5-835D-7BE6B955822B}F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe FirewallRules: [{4C390EB5-1F5B-4D93-A122-468655376086}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D2E5862C-BADE-4CF7-AB39-5A0ECD1B67AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{989ABF3D-65CE-4C1F-9420-36D4B76D3436}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe FirewallRules: [{2C4015A8-1D18-4526-9FD2-D7E1D459F5ED}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe FirewallRules: [{A3FD2E47-4E36-45F7-AC6B-2F4B2FDCA886}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{6D2B6D23-225F-42CC-9292-31AC4A878460}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{BC234D6B-8B6C-4B14-972E-E528FAD0C0EF}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe FirewallRules: [{9377CE36-6662-4B63-9878-8D89CF91DF5C}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe FirewallRules: [{FAB8A6CD-56B1-44EA-B1C6-F873C1A46E55}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe FirewallRules: [{9D1F9698-2E82-4339-81DF-2C60B31BA822}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe FirewallRules: [TCP Query User{A6F33C2B-B745-4166-8689-0D552D41A300}F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe FirewallRules: [UDP Query User{4F92BE1C-CC34-4B9E-B669-B2FE63D7E9CB}F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\thehunterprimal\game\thehunterprimal.exe FirewallRules: [TCP Query User{836DBD50-60CF-4FDB-94FB-06234000D4A5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{CCBA68E1-5921-4775-A41F-87733329B614}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{6E428937-E46E-4CD5-8D25-753F2631C9CF}F:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) F:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{E8E52207-0157-4F4A-B51D-C358D85B688F}F:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) F:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{F9969388-637E-4F45-8CED-3BAE75F4E5B8}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{0B767D6E-0722-4188-8AE3-34FFEAB796C3}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [TCP Query User{79DD403C-049D-4040-A15F-E6CA22912645}F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{8972BFB4-E4FB-46E1-B20F-50450AC3DD21}F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{9314D975-B6CF-450A-B5C3-5D933307ACC1}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe FirewallRules: [{2D0B065D-A51A-430F-91CF-3FA7C9D846CF}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe FirewallRules: [{340DF4FF-9C15-4F9E-9C0C-228C705900E8}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{92824602-055E-4F47-AAC2-CB28B4B32326}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{71AD1EE7-EFB5-4E38-8FB0-E091344B7C73}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\theHunterPrimal\launcher\launcher.exe FirewallRules: [{D786540A-DE5C-4820-9572-4A290C0722D8}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\theHunterPrimal\launcher\launcher.exe FirewallRules: [{B084FC52-AD9D-4289-9CD0-2C3AAA7D25CB}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{BE6250F5-8AE5-4345-BB5D-13FEEC3CA8D1}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{5AFDACE3-E962-4848-9781-F836896E02A6}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Hektor\HektorWin.exe FirewallRules: [{8CB2FA5D-63A3-47A6-88E8-F6177F0B3A33}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Hektor\HektorWin.exe FirewallRules: [{A2521D70-4D74-4808-A0DC-06BEB3ABE424}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{1732CA4D-06D5-4C73-AD4B-B7356A67E0D4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{510E0B8F-3AE0-4CCD-80BE-1CF0FF244ECB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{9DCDFCFF-C124-40B4-9A4D-9045BE0C3309}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E9A0E264-F875-4F79-85F9-9725A2051C82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{3A9035EA-5265-4755-BCAE-875DE01ADBA3}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe FirewallRules: [{EB3DF9CA-1D25-4A82-ABC6-E3879CF09B18}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2015 12:47:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x170c Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/09/2015 11:48:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x204 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/09/2015 06:18:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x199c Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 07:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1310 Startzeit: 01d0b9a01652977d Endzeit: 19 Anwendungspfad: F:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe Berichts-ID: Error: (07/08/2015 06:46:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x19fc Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 04:10:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 02:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10bc Startzeit: 01d0b9782de094ab Endzeit: 9 Anwendungspfad: UNKNOWN Berichts-ID: 751c8c20-256b-11e5-9aa3-00ac738c1840 Error: (07/08/2015 02:55:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x17e0 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/08/2015 12:55:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hearthstone.exe, Version: 2.7.0.9166, Zeitstempel: 0x55384543 Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.130, Zeitstempel: 0x557e6865 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022a4d ID des fehlerhaften Prozesses: 0x1fb4 Startzeit der fehlerhaften Anwendung: 0xHearthstone.exe0 Pfad der fehlerhaften Anwendung: Hearthstone.exe1 Pfad des fehlerhaften Moduls: Hearthstone.exe2 Berichtskennung: Hearthstone.exe3 Error: (07/02/2015 12:43:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001aa1 ID des fehlerhaften Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 System errors: ============= Error: (07/10/2015 10:48:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.201.1399.0) Error: (07/10/2015 10:44:46 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (07/09/2015 10:28:50 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/30/2015 02:13:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (06/22/2015 09:40:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (06/22/2015 06:00:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F319F1B8-7587-4146-AF9C-0D6D77819BF1} Error: (06/15/2015 08:24:46 PM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden. Error: (06/15/2015 08:24:46 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error: (06/15/2015 08:24:40 PM) (Source: cdrom) (EventID: 15) (User: ) Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit. Error: (06/10/2015 01:26:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 24% Total physical RAM: 16303.1 MB Available physical RAM: 12250.59 MB Total Virtual: 32604.41 MB Available Virtual: 28185.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:18.05 GB) NTFS Drive d: (Aufnahme) (Fixed) (Total:931.51 GB) (Free:483.55 GB) NTFS Drive e: (Videos) (Fixed) (Total:465.76 GB) (Free:86.61 GB) NTFS Drive f: (Spiele & Programme) (Fixed) (Total:585.94 GB) (Free:338.85 GB) NTFS Drive g: (Daten) (Fixed) (Total:247.92 GB) (Free:154.02 GB) NTFS Drive h: (Technicolor CM) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B5736DE) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9D2D32F1) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 57EFD952) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=247.9 GB) - (Type=07 NTFS) ==================== End of log ============================ |
14.07.2015, 10:17 | #5 |
/// the machine /// TB-Ausbilder | Vermutlich Gehackt. Was tun? Anhand der IP bekommt man keinen Wohnort raus. Ausser man ist bei der Polizeit, hat nen Gerichtsbeschluss, und der Anbieter gibt die Daten zu deiner IP raus. Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.07.2015, 20:21 | #6 |
| Vermutlich Gehackt. Was tun?Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.07.14.02 rootkit: v2015.07.10.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17843 Bekay :: [user]-PC [administrator] 14.07.2015 11:50:38 mbar-log-2015-07-14 (11-50-38).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 396081 Time elapsed: 8 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 12:05:44.0468 0x1624 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 12:05:47.0996 0x1624 ============================================================ 12:05:47.0996 0x1624 Current date / time: 2015/07/14 12:05:47.0996 12:05:47.0996 0x1624 SystemInfo: 12:05:47.0996 0x1624 12:05:47.0996 0x1624 OS Version: 6.1.7601 ServicePack: 1.0 12:05:47.0996 0x1624 Product type: Workstation 12:05:47.0996 0x1624 ComputerName: [user]-PC 12:05:47.0996 0x1624 UserName: [user] 12:05:47.0996 0x1624 Windows directory: C:\Windows 12:05:47.0996 0x1624 System windows directory: C:\Windows 12:05:47.0996 0x1624 Running under WOW64 12:05:47.0996 0x1624 Processor architecture: Intel x64 12:05:47.0996 0x1624 Number of processors: 8 12:05:47.0996 0x1624 Page size: 0x1000 12:05:47.0996 0x1624 Boot type: Normal boot 12:05:47.0996 0x1624 ============================================================ 12:05:50.0172 0x1624 KLMD registered as C:\Windows\system32\drivers\93796126.sys 12:05:50.0345 0x1624 System UUID: {BC88A5EF-B8EB-EE3D-14B3-7A578CF6667B} 12:05:50.0583 0x1624 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:05:50.0583 0x1624 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:05:50.0597 0x1624 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:05:50.0601 0x1624 ============================================================ 12:05:50.0601 0x1624 \Device\Harddisk2\DR2: 12:05:50.0601 0x1624 MBR partitions: 12:05:50.0601 0x1624 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:05:50.0601 0x1624 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000 12:05:50.0601 0x1624 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x493E0000 12:05:50.0601 0x1624 \Device\Harddisk2\DR2\Partition4: MBR, Type 0x7, StartLBA 0x55730800, BlocksNum 0x1EFD5800 12:05:50.0601 0x1624 \Device\Harddisk0\DR0: 12:05:50.0601 0x1624 MBR partitions: 12:05:50.0601 0x1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 12:05:50.0601 0x1624 \Device\Harddisk1\DR1: 12:05:50.0601 0x1624 MBR partitions: 12:05:50.0601 0x1624 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800 12:05:50.0601 0x1624 ============================================================ 12:05:50.0622 0x1624 C: <-> \Device\Harddisk2\DR2\Partition2 12:05:50.0653 0x1624 D: <-> \Device\Harddisk0\DR0\Partition1 12:05:50.0678 0x1624 E: <-> \Device\Harddisk1\DR1\Partition1 12:05:50.0738 0x1624 F: <-> \Device\Harddisk2\DR2\Partition3 12:05:50.0783 0x1624 G: <-> \Device\Harddisk2\DR2\Partition4 12:05:50.0783 0x1624 ============================================================ 12:05:50.0783 0x1624 Initialize success 12:05:50.0783 0x1624 ============================================================ 12:06:16.0467 0x17d4 ============================================================ 12:06:16.0467 0x17d4 Scan started 12:06:16.0467 0x17d4 Mode: Manual; SigCheck; TDLFS; 12:06:16.0467 0x17d4 ============================================================ 12:06:16.0467 0x17d4 KSN ping started 12:06:30.0445 0x17d4 KSN ping finished: true 12:06:32.0430 0x17d4 ================ Scan system memory ======================== 12:06:32.0430 0x17d4 System memory - ok 12:06:32.0430 0x17d4 ================ Scan services ============================= 12:06:32.0547 0x17d4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:06:32.0590 0x17d4 1394ohci - ok 12:06:32.0646 0x17d4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:06:32.0656 0x17d4 ACPI - ok 12:06:32.0669 0x17d4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:06:32.0685 0x17d4 AcpiPmi - ok 12:06:32.0768 0x17d4 [ A542C712794FB8FBD27E37271C730F36, 8C327BFAC10C7BBD48277D4FEB862D58CA1F22DC10F0632BB8B18CF54A507216 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:06:32.0774 0x17d4 AdobeARMservice - ok 12:06:32.0825 0x17d4 [ B8F7DF2DD3AA8A5AA865162F011636AD, 733AC203ABEEC3295E2CB5FC623260406EA1CF8A4DD317C637F014C9D6612DEB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:06:32.0833 0x17d4 AdobeFlashPlayerUpdateSvc - ok 12:06:32.0861 0x17d4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 12:06:32.0873 0x17d4 adp94xx - ok 12:06:32.0879 0x17d4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 12:06:32.0889 0x17d4 adpahci - ok 12:06:32.0893 0x17d4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 12:06:32.0900 0x17d4 adpu320 - ok 12:06:32.0912 0x17d4 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:06:32.0930 0x17d4 AeLookupSvc - ok 12:06:32.0954 0x17d4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys 12:06:32.0978 0x17d4 AFD - ok 12:06:32.0988 0x17d4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 12:06:32.0993 0x17d4 agp440 - ok 12:06:33.0014 0x17d4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 12:06:33.0029 0x17d4 ALG - ok 12:06:33.0049 0x17d4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 12:06:33.0054 0x17d4 aliide - ok 12:06:33.0075 0x17d4 [ E8E046DB17671161DE74D1BB4E42D4B5, 49E0989DBA83AD0E6343FF85183C272C3DDDFF46A82D4F03C96E1EF84732020B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 12:06:33.0100 0x17d4 AMD External Events Utility - ok 12:06:33.0118 0x17d4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 12:06:33.0123 0x17d4 amdide - ok 12:06:33.0138 0x17d4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 12:06:33.0149 0x17d4 AmdK8 - ok 12:06:33.0159 0x17d4 amdkmdag - ok 12:06:33.0183 0x17d4 [ D3714915E9DFE9ED65AC8AFA7BC2AC19, 1DCDACE2F6A1237BFA8CEE5ECDE33BD32F8CD94DC8E566174E2A16E092740D37 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 12:06:33.0222 0x17d4 amdkmdap - ok 12:06:33.0224 0x17d4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:06:33.0239 0x17d4 AmdPPM - ok 12:06:33.0260 0x17d4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:06:33.0266 0x17d4 amdsata - ok 12:06:33.0290 0x17d4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 12:06:33.0298 0x17d4 amdsbs - ok 12:06:33.0310 0x17d4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:06:33.0316 0x17d4 amdxata - ok 12:06:33.0338 0x17d4 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 12:06:33.0353 0x17d4 AppID - ok 12:06:33.0376 0x17d4 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:06:33.0384 0x17d4 AppIDSvc - ok 12:06:33.0409 0x17d4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 12:06:33.0424 0x17d4 Appinfo - ok 12:06:33.0465 0x17d4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 12:06:33.0491 0x17d4 AppMgmt - ok 12:06:33.0494 0x17d4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 12:06:33.0500 0x17d4 arc - ok 12:06:33.0502 0x17d4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 12:06:33.0509 0x17d4 arcsas - ok 12:06:33.0578 0x17d4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 12:06:33.0585 0x17d4 aspnet_state - ok 12:06:33.0620 0x17d4 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys 12:06:33.0628 0x17d4 aswHwid - ok 12:06:33.0641 0x17d4 [ 2EF62E6F46345480A2946AA7D7EB28F5, E1952C776CA41A2D9242154BD6613559BFE4D38E47C7C4AE894108B479B2F9D0 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 12:06:33.0646 0x17d4 aswKbd - ok 12:06:33.0657 0x17d4 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 12:06:33.0662 0x17d4 aswMonFlt - ok 12:06:33.0689 0x17d4 [ 81A2A421E6D7B43AA9E87A5FCB5730C3, CF232DBB07FAD95248FED789E67592D73027F145E08BD5269A3773E48693641B ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys 12:06:33.0700 0x17d4 aswNdisFlt - ok 12:06:33.0710 0x17d4 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys 12:06:33.0715 0x17d4 aswRdr - ok 12:06:33.0729 0x17d4 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 12:06:33.0735 0x17d4 aswRvrt - ok 12:06:33.0771 0x17d4 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 12:06:33.0791 0x17d4 aswSnx - ok 12:06:33.0820 0x17d4 [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP C:\Windows\system32\drivers\aswSP.sys 12:06:33.0831 0x17d4 aswSP - ok 12:06:33.0840 0x17d4 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\Windows\system32\drivers\aswStm.sys 12:06:33.0847 0x17d4 aswStm - ok 12:06:33.0863 0x17d4 [ E4ABC023E251D2BB6B98C9FCAF5CF16D, 2A94320A3EF16E641B693BF6EABABB57C891B914B00F73ACD7ADB8CA5089EC40 ] aswTap C:\Windows\system32\DRIVERS\aswTap.sys 12:06:33.0869 0x17d4 aswTap - ok 12:06:33.0875 0x17d4 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 12:06:33.0883 0x17d4 aswVmm - ok 12:06:33.0892 0x17d4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:06:33.0910 0x17d4 AsyncMac - ok 12:06:33.0930 0x17d4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 12:06:33.0936 0x17d4 atapi - ok 12:06:33.0979 0x17d4 [ 4EB5F2611381CB79DDDD627F3F1503CB, 53584998C32B1D2AD6B898CBDBEAC72100B8FAC25B5BCFDA88E0C3588244F335 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 12:06:33.0987 0x17d4 AtiHDAudioService - ok 12:06:34.0026 0x17d4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:06:34.0057 0x17d4 AudioEndpointBuilder - ok 12:06:34.0082 0x17d4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 12:06:34.0097 0x17d4 AudioSrv - ok 12:06:34.0151 0x17d4 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus F:\Program Files\AVAST Software\Avast\AvastSvc.exe 12:06:34.0161 0x17d4 avast! Antivirus - ok 12:06:34.0206 0x17d4 [ C569E7F268C43D6C9C4D74EE2F06CCD8, 8E66A2C610E00D0F01CECAC8E32824D3B54E823781E953C8A506BAB4CFDE7F23 ] avast! Firewall F:\Program Files\AVAST Software\Avast\afwServ.exe 12:06:34.0212 0x17d4 avast! Firewall - ok 12:06:34.0322 0x17d4 [ 46C430FE178028F7AD151B62EBA3EEC5, C883B7A974A629549470B28532640C1FD2166CC4F95C69E4C4A1596AF5A5A331 ] AvastVBoxSvc F:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe 12:06:34.0381 0x17d4 AvastVBoxSvc - ok 12:06:34.0431 0x17d4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:06:34.0454 0x17d4 AxInstSV - ok 12:06:34.0471 0x17d4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 12:06:34.0496 0x17d4 b06bdrv - ok 12:06:34.0510 0x17d4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 12:06:34.0538 0x17d4 b57nd60a - ok 12:06:34.0581 0x17d4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 12:06:34.0600 0x17d4 BDESVC - ok 12:06:34.0612 0x17d4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 12:06:34.0646 0x17d4 Beep - ok 12:06:34.0708 0x17d4 [ C4C9CFB7E42CD1CAF172D92D5A3E4AA9, 448205E4E766C3A8E77BD5713C2458BE5507CD680366E2F0507FAE68FAE5CDEF ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 12:06:34.0728 0x17d4 BEService - ok 12:06:34.0787 0x17d4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 12:06:34.0803 0x17d4 BFE - ok 12:06:34.0821 0x17d4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 12:06:34.0851 0x17d4 BITS - ok 12:06:34.0868 0x17d4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:06:34.0874 0x17d4 blbdrive - ok 12:06:34.0894 0x17d4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:06:34.0901 0x17d4 bowser - ok 12:06:34.0903 0x17d4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:06:34.0923 0x17d4 BrFiltLo - ok 12:06:34.0925 0x17d4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:06:34.0941 0x17d4 BrFiltUp - ok 12:06:34.0957 0x17d4 [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll 12:06:34.0977 0x17d4 Browser - ok 12:06:34.0983 0x17d4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:06:35.0006 0x17d4 Brserid - ok 12:06:35.0008 0x17d4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:06:35.0030 0x17d4 BrSerWdm - ok 12:06:35.0032 0x17d4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:06:35.0047 0x17d4 BrUsbMdm - ok 12:06:35.0048 0x17d4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:06:35.0055 0x17d4 BrUsbSer - ok 12:06:35.0073 0x17d4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:06:35.0082 0x17d4 BTHMODEM - ok 12:06:35.0094 0x17d4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 12:06:35.0124 0x17d4 bthserv - ok 12:06:35.0136 0x17d4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:06:35.0155 0x17d4 cdfs - ok 12:06:35.0173 0x17d4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys 12:06:35.0181 0x17d4 cdrom - ok 12:06:35.0196 0x17d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 12:06:35.0215 0x17d4 CertPropSvc - ok 12:06:35.0217 0x17d4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:06:35.0225 0x17d4 circlass - ok 12:06:35.0239 0x17d4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 12:06:35.0250 0x17d4 CLFS - ok 12:06:35.0310 0x17d4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:06:35.0316 0x17d4 clr_optimization_v2.0.50727_32 - ok 12:06:35.0335 0x17d4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:06:35.0342 0x17d4 clr_optimization_v2.0.50727_64 - ok 12:06:35.0398 0x17d4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:06:35.0406 0x17d4 clr_optimization_v4.0.30319_32 - ok 12:06:35.0416 0x17d4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:06:35.0424 0x17d4 clr_optimization_v4.0.30319_64 - ok 12:06:35.0426 0x17d4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:06:35.0432 0x17d4 CmBatt - ok 12:06:35.0454 0x17d4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:06:35.0459 0x17d4 cmdide - ok 12:06:35.0527 0x17d4 [ A22223EBADA0DA435D82FF97067E9CC5, 2974145532F7ABAA66E897289379B676FBB19757B84CFE2D4967CEB9961B1157 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys 12:06:35.0570 0x17d4 cmudaxp - ok 12:06:35.0608 0x17d4 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 12:06:35.0621 0x17d4 CNG - ok 12:06:35.0636 0x17d4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:06:35.0641 0x17d4 Compbatt - ok 12:06:35.0655 0x17d4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 12:06:35.0663 0x17d4 CompositeBus - ok 12:06:35.0665 0x17d4 COMSysApp - ok 12:06:35.0667 0x17d4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 12:06:35.0673 0x17d4 crcdisk - ok 12:06:35.0691 0x17d4 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:06:35.0709 0x17d4 CryptSvc - ok 12:06:35.0735 0x17d4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 12:06:35.0759 0x17d4 CSC - ok 12:06:35.0796 0x17d4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 12:06:35.0819 0x17d4 CscService - ok 12:06:35.0845 0x17d4 dbupdate - ok 12:06:35.0846 0x17d4 dbupdatem - ok 12:06:35.0872 0x17d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:06:35.0898 0x17d4 DcomLaunch - ok 12:06:35.0917 0x17d4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 12:06:35.0939 0x17d4 defragsvc - ok 12:06:35.0959 0x17d4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:06:35.0981 0x17d4 DfsC - ok 12:06:36.0003 0x17d4 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 12:06:36.0010 0x17d4 dg_ssudbus - ok 12:06:36.0022 0x17d4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 12:06:36.0033 0x17d4 Dhcp - ok 12:06:36.0115 0x17d4 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll 12:06:36.0138 0x17d4 DiagTrack - ok 12:06:36.0152 0x17d4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 12:06:36.0185 0x17d4 discache - ok 12:06:36.0221 0x17d4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:06:36.0227 0x17d4 Disk - ok 12:06:36.0246 0x17d4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:06:36.0255 0x17d4 Dnscache - ok 12:06:36.0282 0x17d4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 12:06:36.0313 0x17d4 dot3svc - ok 12:06:36.0331 0x17d4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 12:06:36.0362 0x17d4 DPS - ok 12:06:36.0388 0x17d4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:06:36.0412 0x17d4 drmkaud - ok 12:06:36.0455 0x17d4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:06:36.0474 0x17d4 DXGKrnl - ok 12:06:36.0515 0x17d4 [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys 12:06:36.0525 0x17d4 e1dexpress - ok 12:06:36.0547 0x17d4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 12:06:36.0575 0x17d4 EapHost - ok 12:06:36.0668 0x17d4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 12:06:36.0717 0x17d4 ebdrv - ok 12:06:36.0741 0x17d4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\Windows\System32\lsass.exe 12:06:36.0757 0x17d4 EFS - ok 12:06:36.0794 0x17d4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:06:36.0810 0x17d4 ehRecvr - ok 12:06:36.0831 0x17d4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 12:06:36.0839 0x17d4 ehSched - ok 12:06:36.0856 0x17d4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 12:06:36.0868 0x17d4 elxstor - ok 12:06:36.0886 0x17d4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:06:36.0893 0x17d4 ErrDev - ok 12:06:36.0917 0x17d4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 12:06:36.0942 0x17d4 EventSystem - ok 12:06:36.0955 0x17d4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 12:06:36.0975 0x17d4 exfat - ok 12:06:36.0986 0x17d4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:06:37.0007 0x17d4 fastfat - ok 12:06:37.0044 0x17d4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 12:06:37.0061 0x17d4 Fax - ok 12:06:37.0064 0x17d4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:06:37.0078 0x17d4 fdc - ok 12:06:37.0096 0x17d4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 12:06:37.0116 0x17d4 fdPHost - ok 12:06:37.0124 0x17d4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 12:06:37.0158 0x17d4 FDResPub - ok 12:06:37.0176 0x17d4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:06:37.0182 0x17d4 FileInfo - ok 12:06:37.0188 0x17d4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:06:37.0206 0x17d4 Filetrace - ok 12:06:37.0208 0x17d4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:06:37.0214 0x17d4 flpydisk - ok 12:06:37.0223 0x17d4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:06:37.0232 0x17d4 FltMgr - ok 12:06:37.0269 0x17d4 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 12:06:37.0292 0x17d4 FontCache - ok 12:06:37.0314 0x17d4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:06:37.0319 0x17d4 FontCache3.0.0.0 - ok 12:06:37.0333 0x17d4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:06:37.0339 0x17d4 FsDepends - ok 12:06:37.0360 0x17d4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:06:37.0366 0x17d4 Fs_Rec - ok 12:06:37.0399 0x17d4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:06:37.0409 0x17d4 fvevol - ok 12:06:37.0430 0x17d4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:06:37.0436 0x17d4 gagp30kx - ok 12:06:37.0466 0x17d4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 12:06:37.0514 0x17d4 gpsvc - ok 12:06:37.0517 0x17d4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:06:37.0531 0x17d4 hcw85cir - ok 12:06:37.0586 0x17d4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:06:37.0599 0x17d4 HdAudAddService - ok 12:06:37.0612 0x17d4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:06:37.0622 0x17d4 HDAudBus - ok 12:06:37.0624 0x17d4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:06:37.0638 0x17d4 HidBatt - ok 12:06:37.0641 0x17d4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:06:37.0650 0x17d4 HidBth - ok 12:06:37.0652 0x17d4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:06:37.0660 0x17d4 HidIr - ok 12:06:37.0663 0x17d4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 12:06:37.0682 0x17d4 hidserv - ok 12:06:37.0711 0x17d4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:06:37.0718 0x17d4 HidUsb - ok 12:06:37.0734 0x17d4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:06:37.0766 0x17d4 hkmsvc - ok 12:06:37.0807 0x17d4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:06:37.0818 0x17d4 HomeGroupListener - ok 12:06:37.0828 0x17d4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:06:37.0839 0x17d4 HomeGroupProvider - ok 12:06:37.0851 0x17d4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:06:37.0857 0x17d4 HpSAMD - ok 12:06:37.0881 0x17d4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:06:37.0898 0x17d4 HTTP - ok 12:06:37.0914 0x17d4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:06:37.0920 0x17d4 hwpolicy - ok 12:06:37.0934 0x17d4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:06:37.0942 0x17d4 i8042prt - ok 12:06:37.0973 0x17d4 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys 12:06:37.0987 0x17d4 iaStorA - ok 12:06:37.0995 0x17d4 [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys 12:06:38.0000 0x17d4 iaStorF - ok 12:06:38.0013 0x17d4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:06:38.0024 0x17d4 iaStorV - ok 12:06:38.0068 0x17d4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:06:38.0085 0x17d4 idsvc - ok 12:06:38.0100 0x17d4 IEEtwCollectorService - ok 12:06:38.0116 0x17d4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:06:38.0122 0x17d4 iirsp - ok 12:06:38.0153 0x17d4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 12:06:38.0171 0x17d4 IKEEXT - ok 12:06:38.0199 0x17d4 [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe 12:06:38.0207 0x17d4 Intel(R) PROSet Monitoring Service - ok 12:06:38.0214 0x17d4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 12:06:38.0219 0x17d4 intelide - ok 12:06:38.0227 0x17d4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:06:38.0234 0x17d4 intelppm - ok 12:06:38.0245 0x17d4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:06:38.0265 0x17d4 IPBusEnum - ok 12:06:38.0284 0x17d4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:06:38.0303 0x17d4 IpFilterDriver - ok 12:06:38.0330 0x17d4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:06:38.0359 0x17d4 iphlpsvc - ok 12:06:38.0370 0x17d4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:06:38.0389 0x17d4 IPMIDRV - ok 12:06:38.0392 0x17d4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:06:38.0422 0x17d4 IPNAT - ok 12:06:38.0430 0x17d4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:06:38.0454 0x17d4 IRENUM - ok 12:06:38.0468 0x17d4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:06:38.0473 0x17d4 isapnp - ok 12:06:38.0496 0x17d4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:06:38.0504 0x17d4 iScsiPrt - ok 12:06:38.0538 0x17d4 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 12:06:38.0543 0x17d4 iusb3hcs - ok 12:06:38.0564 0x17d4 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 12:06:38.0574 0x17d4 iusb3hub - ok 12:06:38.0596 0x17d4 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 12:06:38.0611 0x17d4 iusb3xhc - ok 12:06:38.0639 0x17d4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:06:38.0646 0x17d4 kbdclass - ok 12:06:38.0648 0x17d4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 12:06:38.0661 0x17d4 kbdhid - ok 12:06:38.0686 0x17d4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\Windows\system32\lsass.exe 12:06:38.0693 0x17d4 KeyIso - ok 12:06:38.0706 0x17d4 [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:06:38.0712 0x17d4 KSecDD - ok 12:06:38.0725 0x17d4 [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:06:38.0733 0x17d4 KSecPkg - ok 12:06:38.0737 0x17d4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:06:38.0765 0x17d4 ksthunk - ok 12:06:38.0779 0x17d4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 12:06:38.0803 0x17d4 KtmRm - ok 12:06:38.0831 0x17d4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:06:38.0853 0x17d4 LanmanServer - ok 12:06:38.0878 0x17d4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:06:38.0905 0x17d4 LanmanWorkstation - ok 12:06:38.0931 0x17d4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:06:38.0950 0x17d4 lltdio - ok 12:06:38.0965 0x17d4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:06:38.0988 0x17d4 lltdsvc - ok 12:06:38.0997 0x17d4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:06:39.0033 0x17d4 lmhosts - ok 12:06:39.0064 0x17d4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:06:39.0071 0x17d4 LSI_FC - ok 12:06:39.0074 0x17d4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:06:39.0081 0x17d4 LSI_SAS - ok 12:06:39.0083 0x17d4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:06:39.0089 0x17d4 LSI_SAS2 - ok 12:06:39.0092 0x17d4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:06:39.0099 0x17d4 LSI_SCSI - ok 12:06:39.0111 0x17d4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 12:06:39.0131 0x17d4 luafv - ok 12:06:39.0169 0x17d4 [ A832517901EEF41C206D70FCEC89B275, 33D42BFDD88F4BD8B1639CC5105E814FF7167750566F5057555FFED6D5DD7754 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 12:06:39.0178 0x17d4 LVRS64 - ok 12:06:39.0295 0x17d4 [ 644E919936A8017B5F205E7FE7EDD19F, AE0BE09DF7192B2E8504DA8D65928C59C62635E0C8D08C6A4EB2A15D512E3E52 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 12:06:39.0364 0x17d4 LVUVC64 - ok 12:06:39.0393 0x17d4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:06:39.0402 0x17d4 Mcx2Svc - ok 12:06:39.0404 0x17d4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:06:39.0409 0x17d4 megasas - ok 12:06:39.0414 0x17d4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:06:39.0423 0x17d4 MegaSR - ok 12:06:39.0453 0x17d4 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 12:06:39.0459 0x17d4 MEIx64 - ok 12:06:39.0536 0x17d4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service F:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 12:06:39.0542 0x17d4 Microsoft Office Groove Audit Service - ok 12:06:39.0565 0x17d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 12:06:39.0601 0x17d4 MMCSS - ok 12:06:39.0627 0x17d4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 12:06:39.0645 0x17d4 Modem - ok 12:06:39.0654 0x17d4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:06:39.0662 0x17d4 monitor - ok 12:06:39.0679 0x17d4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:06:39.0684 0x17d4 mouclass - ok 12:06:39.0690 0x17d4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:06:39.0696 0x17d4 mouhid - ok 12:06:39.0731 0x17d4 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:06:39.0737 0x17d4 mountmgr - ok 12:06:39.0771 0x17d4 [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:06:39.0779 0x17d4 MozillaMaintenance - ok 12:06:39.0792 0x17d4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 12:06:39.0799 0x17d4 mpio - ok 12:06:39.0813 0x17d4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:06:39.0831 0x17d4 mpsdrv - ok 12:06:39.0871 0x17d4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:06:39.0901 0x17d4 MpsSvc - ok 12:06:39.0927 0x17d4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:06:39.0935 0x17d4 MRxDAV - ok 12:06:39.0956 0x17d4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:06:39.0964 0x17d4 mrxsmb - ok 12:06:39.0983 0x17d4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:06:40.0007 0x17d4 mrxsmb10 - ok 12:06:40.0038 0x17d4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:06:40.0046 0x17d4 mrxsmb20 - ok 12:06:40.0068 0x17d4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 12:06:40.0073 0x17d4 msahci - ok 12:06:40.0098 0x17d4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:06:40.0105 0x17d4 msdsm - ok 12:06:40.0115 0x17d4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 12:06:40.0136 0x17d4 MSDTC - ok 12:06:40.0149 0x17d4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:06:40.0167 0x17d4 Msfs - ok 12:06:40.0179 0x17d4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:06:40.0212 0x17d4 mshidkmdf - ok 12:06:40.0227 0x17d4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:06:40.0232 0x17d4 msisadrv - ok 12:06:40.0251 0x17d4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:06:40.0281 0x17d4 MSiSCSI - ok 12:06:40.0283 0x17d4 msiserver - ok 12:06:40.0301 0x17d4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:06:40.0319 0x17d4 MSKSSRV - ok 12:06:40.0328 0x17d4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:06:40.0346 0x17d4 MSPCLOCK - ok 12:06:40.0359 0x17d4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:06:40.0391 0x17d4 MSPQM - ok 12:06:40.0420 0x17d4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:06:40.0431 0x17d4 MsRPC - ok 12:06:40.0439 0x17d4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:06:40.0444 0x17d4 mssmbios - ok 12:06:40.0446 0x17d4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:06:40.0464 0x17d4 MSTEE - ok 12:06:40.0466 0x17d4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:06:40.0473 0x17d4 MTConfig - ok 12:06:40.0486 0x17d4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 12:06:40.0492 0x17d4 Mup - ok 12:06:40.0509 0x17d4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 12:06:40.0547 0x17d4 napagent - ok 12:06:40.0596 0x17d4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:06:40.0609 0x17d4 NativeWifiP - ok 12:06:40.0676 0x17d4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 12:06:40.0693 0x17d4 NDIS - ok 12:06:40.0720 0x17d4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:06:40.0756 0x17d4 NdisCap - ok 12:06:40.0770 0x17d4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:06:40.0805 0x17d4 NdisTapi - ok 12:06:40.0835 0x17d4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:06:40.0854 0x17d4 Ndisuio - ok 12:06:40.0878 0x17d4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:06:40.0905 0x17d4 NdisWan - ok 12:06:40.0938 0x17d4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:06:40.0956 0x17d4 NDProxy - ok 12:06:40.0992 0x17d4 [ DAED75AD4EE2BDD36457A90049DBFAF8, CF5310061B7C43507E5986C35A4404C6CDDF371AE695E95741C5391E6789B021 ] Neo_VPN C:\Windows\system32\DRIVERS\Neo_0004.sys 12:06:40.0998 0x17d4 Neo_VPN - ok 12:06:41.0010 0x17d4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:06:41.0030 0x17d4 NetBIOS - ok 12:06:41.0037 0x17d4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:06:41.0071 0x17d4 NetBT - ok 12:06:41.0086 0x17d4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\Windows\system32\lsass.exe 12:06:41.0093 0x17d4 Netlogon - ok 12:06:41.0104 0x17d4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 12:06:41.0140 0x17d4 Netman - ok 12:06:41.0163 0x17d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:06:41.0171 0x17d4 NetMsmqActivator - ok 12:06:41.0174 0x17d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:06:41.0182 0x17d4 NetPipeActivator - ok 12:06:41.0201 0x17d4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 12:06:41.0227 0x17d4 netprofm - ok 12:06:41.0240 0x17d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:06:41.0249 0x17d4 NetTcpActivator - ok 12:06:41.0252 0x17d4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 12:06:41.0260 0x17d4 NetTcpPortSharing - ok 12:06:41.0288 0x17d4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 12:06:41.0295 0x17d4 nfrd960 - ok 12:06:41.0315 0x17d4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 12:06:41.0327 0x17d4 NlaSvc - ok 12:06:41.0337 0x17d4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:06:41.0355 0x17d4 Npfs - ok 12:06:41.0389 0x17d4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 12:06:41.0409 0x17d4 nsi - ok 12:06:41.0417 0x17d4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:06:41.0443 0x17d4 nsiproxy - ok 12:06:41.0499 0x17d4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:06:41.0526 0x17d4 Ntfs - ok 12:06:41.0531 0x17d4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 12:06:41.0548 0x17d4 Null - ok 12:06:41.0590 0x17d4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:06:41.0597 0x17d4 nvraid - ok 12:06:41.0613 0x17d4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:06:41.0620 0x17d4 nvstor - ok 12:06:41.0664 0x17d4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:06:41.0670 0x17d4 nv_agp - ok 12:06:41.0732 0x17d4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:06:41.0742 0x17d4 odserv - ok 12:06:41.0764 0x17d4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:06:41.0772 0x17d4 ohci1394 - ok 12:06:41.0793 0x17d4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:06:41.0800 0x17d4 ose - ok 12:06:41.0826 0x17d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:06:41.0852 0x17d4 p2pimsvc - ok 12:06:41.0878 0x17d4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 12:06:41.0908 0x17d4 p2psvc - ok 12:06:41.0921 0x17d4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:06:41.0929 0x17d4 Parport - ok 12:06:41.0949 0x17d4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:06:41.0955 0x17d4 partmgr - ok 12:06:41.0976 0x17d4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:06:41.0998 0x17d4 PcaSvc - ok 12:06:42.0015 0x17d4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 12:06:42.0023 0x17d4 pci - ok 12:06:42.0042 0x17d4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 12:06:42.0047 0x17d4 pciide - ok 12:06:42.0051 0x17d4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 12:06:42.0059 0x17d4 pcmcia - ok 12:06:42.0084 0x17d4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 12:06:42.0090 0x17d4 pcw - ok 12:06:42.0110 0x17d4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:06:42.0126 0x17d4 PEAUTH - ok 12:06:42.0174 0x17d4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 12:06:42.0198 0x17d4 PeerDistSvc - ok 12:06:42.0258 0x17d4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 12:06:42.0277 0x17d4 PerfHost - ok 12:06:42.0330 0x17d4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 12:06:42.0366 0x17d4 pla - ok 12:06:42.0402 0x17d4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:06:42.0415 0x17d4 PlugPlay - ok 12:06:42.0429 0x17d4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:06:42.0436 0x17d4 PNRPAutoReg - ok 12:06:42.0442 0x17d4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:06:42.0452 0x17d4 PNRPsvc - ok 12:06:42.0474 0x17d4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:06:42.0509 0x17d4 PolicyAgent - ok 12:06:42.0535 0x17d4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 12:06:42.0557 0x17d4 Power - ok 12:06:42.0600 0x17d4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:06:42.0632 0x17d4 PptpMiniport - ok 12:06:42.0644 0x17d4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 12:06:42.0665 0x17d4 Processor - ok 12:06:42.0686 0x17d4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 12:06:42.0697 0x17d4 ProfSvc - ok 12:06:42.0708 0x17d4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe 12:06:42.0716 0x17d4 ProtectedStorage - ok 12:06:42.0736 0x17d4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:06:42.0755 0x17d4 Psched - ok 12:06:42.0790 0x17d4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 12:06:42.0814 0x17d4 ql2300 - ok 12:06:42.0819 0x17d4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 12:06:42.0825 0x17d4 ql40xx - ok 12:06:42.0841 0x17d4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 12:06:42.0855 0x17d4 QWAVE - ok 12:06:42.0867 0x17d4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:06:42.0876 0x17d4 QWAVEdrv - ok 12:06:42.0878 0x17d4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:06:42.0909 0x17d4 RasAcd - ok 12:06:42.0935 0x17d4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:06:42.0953 0x17d4 RasAgileVpn - ok 12:06:42.0962 0x17d4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 12:06:42.0983 0x17d4 RasAuto - ok 12:06:42.0989 0x17d4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:06:43.0008 0x17d4 Rasl2tp - ok 12:06:43.0024 0x17d4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 12:06:43.0048 0x17d4 RasMan - ok 12:06:43.0056 0x17d4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:06:43.0085 0x17d4 RasPppoe - ok 12:06:43.0116 0x17d4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:06:43.0151 0x17d4 RasSstp - ok 12:06:43.0171 0x17d4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:06:43.0193 0x17d4 rdbss - ok 12:06:43.0205 0x17d4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:06:43.0213 0x17d4 rdpbus - ok 12:06:43.0233 0x17d4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:06:43.0260 0x17d4 RDPCDD - ok 12:06:43.0275 0x17d4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 12:06:43.0298 0x17d4 RDPDR - ok 12:06:43.0309 0x17d4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:06:43.0328 0x17d4 RDPENCDD - ok 12:06:43.0330 0x17d4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:06:43.0349 0x17d4 RDPREFMP - ok 12:06:43.0427 0x17d4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 12:06:43.0441 0x17d4 RdpVideoMiniport - ok 12:06:43.0467 0x17d4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:06:43.0477 0x17d4 RDPWD - ok 12:06:43.0495 0x17d4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:06:43.0503 0x17d4 rdyboost - ok 12:06:43.0527 0x17d4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:06:43.0562 0x17d4 RemoteAccess - ok 12:06:43.0609 0x17d4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:06:43.0631 0x17d4 RemoteRegistry - ok 12:06:43.0639 0x17d4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:06:43.0670 0x17d4 RpcEptMapper - ok 12:06:43.0691 0x17d4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 12:06:43.0706 0x17d4 RpcLocator - ok 12:06:43.0739 0x17d4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 12:06:43.0765 0x17d4 RpcSs - ok 12:06:43.0772 0x17d4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:06:43.0791 0x17d4 rspndr - ok 12:06:43.0811 0x17d4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 12:06:43.0818 0x17d4 s3cap - ok 12:06:43.0830 0x17d4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\Windows\system32\lsass.exe 12:06:43.0838 0x17d4 SamSs - ok 12:06:43.0852 0x17d4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:06:43.0858 0x17d4 sbp2port - ok 12:06:43.0875 0x17d4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:06:43.0898 0x17d4 SCardSvr - ok 12:06:43.0917 0x17d4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:06:43.0936 0x17d4 scfilter - ok 12:06:43.0957 0x17d4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 12:06:44.0006 0x17d4 Schedule - ok 12:06:44.0029 0x17d4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 12:06:44.0048 0x17d4 SCPolicySvc - ok 12:06:44.0060 0x17d4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:06:44.0071 0x17d4 SDRSVC - ok 12:06:44.0142 0x17d4 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 12:06:44.0169 0x17d4 SDScannerService - ok 12:06:44.0255 0x17d4 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 12:06:44.0286 0x17d4 SDUpdateService - ok 12:06:44.0301 0x17d4 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 12:06:44.0308 0x17d4 SDWSCService - ok 12:06:44.0335 0x17d4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:06:44.0370 0x17d4 secdrv - ok 12:06:44.0393 0x17d4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 12:06:44.0427 0x17d4 seclogon - ok 12:06:44.0445 0x17d4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 12:06:44.0481 0x17d4 SENS - ok 12:06:44.0498 0x17d4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:06:44.0507 0x17d4 SensrSvc - ok 12:06:44.0530 0x17d4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:06:44.0541 0x17d4 Serenum - ok 12:06:44.0550 0x17d4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:06:44.0565 0x17d4 Serial - ok 12:06:44.0575 0x17d4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 12:06:44.0597 0x17d4 sermouse - ok 12:06:44.0629 0x17d4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 12:06:44.0650 0x17d4 SessionEnv - ok 12:06:44.0692 0x17d4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:06:44.0699 0x17d4 sffdisk - ok 12:06:44.0707 0x17d4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:06:44.0727 0x17d4 sffp_mmc - ok 12:06:44.0738 0x17d4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:06:44.0746 0x17d4 sffp_sd - ok 12:06:44.0754 0x17d4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 12:06:44.0760 0x17d4 sfloppy - ok 12:06:44.0783 0x17d4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:06:44.0807 0x17d4 SharedAccess - ok 12:06:44.0828 0x17d4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:06:44.0862 0x17d4 ShellHWDetection - ok 12:06:44.0864 0x17d4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:06:44.0870 0x17d4 SiSRaid2 - ok 12:06:44.0872 0x17d4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 12:06:44.0879 0x17d4 SiSRaid4 - ok 12:06:44.0897 0x17d4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:06:44.0932 0x17d4 Smb - ok 12:06:44.0947 0x17d4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:06:44.0956 0x17d4 SNMPTRAP - ok 12:06:44.0965 0x17d4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 12:06:44.0971 0x17d4 spldr - ok 12:06:44.0991 0x17d4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 12:06:45.0005 0x17d4 Spooler - ok 12:06:45.0092 0x17d4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 12:06:45.0156 0x17d4 sppsvc - ok 12:06:45.0171 0x17d4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:06:45.0191 0x17d4 sppuinotify - ok 12:06:45.0217 0x17d4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 12:06:45.0229 0x17d4 srv - ok 12:06:45.0245 0x17d4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:06:45.0273 0x17d4 srv2 - ok 12:06:45.0291 0x17d4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:06:45.0310 0x17d4 srvnet - ok 12:06:45.0324 0x17d4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:06:45.0362 0x17d4 SSDPSRV - ok 12:06:45.0376 0x17d4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:06:45.0397 0x17d4 SstpSvc - ok 12:06:45.0431 0x17d4 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 12:06:45.0439 0x17d4 ssudmdm - ok 12:06:45.0490 0x17d4 [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 12:06:45.0505 0x17d4 Steam Client Service - ok 12:06:45.0513 0x17d4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 12:06:45.0519 0x17d4 stexstor - ok 12:06:45.0541 0x17d4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 12:06:45.0573 0x17d4 stisvc - ok 12:06:45.0601 0x17d4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 12:06:45.0607 0x17d4 storflt - ok 12:06:45.0621 0x17d4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll 12:06:45.0640 0x17d4 StorSvc - ok 12:06:45.0653 0x17d4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 12:06:45.0659 0x17d4 storvsc - ok 12:06:45.0669 0x17d4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 12:06:45.0675 0x17d4 swenum - ok 12:06:45.0784 0x17d4 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 12:06:45.0795 0x17d4 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 ) 12:06:48.0767 0x17d4 Detect skipped due to KSN trusted 12:06:48.0767 0x17d4 SwitchBoard - ok 12:06:48.0784 0x17d4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 12:06:48.0817 0x17d4 swprv - ok 12:06:48.0867 0x17d4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 12:06:48.0900 0x17d4 SysMain - ok 12:06:48.0924 0x17d4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:06:48.0945 0x17d4 TabletInputService - ok 12:06:48.0961 0x17d4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 12:06:48.0984 0x17d4 TapiSrv - ok 12:06:48.0996 0x17d4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 12:06:49.0016 0x17d4 TBS - ok 12:06:49.0063 0x17d4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:06:49.0093 0x17d4 Tcpip - ok 12:06:49.0130 0x17d4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:06:49.0159 0x17d4 TCPIP6 - ok 12:06:49.0176 0x17d4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:06:49.0182 0x17d4 tcpipreg - ok 12:06:49.0188 0x17d4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:06:49.0211 0x17d4 TDPIPE - ok 12:06:49.0228 0x17d4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:06:49.0241 0x17d4 TDTCP - ok 12:06:49.0259 0x17d4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:06:49.0266 0x17d4 tdx - ok 12:06:49.0278 0x17d4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 12:06:49.0285 0x17d4 TermDD - ok 12:06:49.0320 0x17d4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 12:06:49.0336 0x17d4 TermService - ok 12:06:49.0342 0x17d4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 12:06:49.0364 0x17d4 Themes - ok 12:06:49.0380 0x17d4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 12:06:49.0399 0x17d4 THREADORDER - ok 12:06:49.0416 0x17d4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 12:06:49.0444 0x17d4 TrkWks - ok 12:06:49.0486 0x17d4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:06:49.0516 0x17d4 TrustedInstaller - ok 12:06:49.0545 0x17d4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:06:49.0551 0x17d4 tssecsrv - ok 12:06:49.0581 0x17d4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:06:49.0587 0x17d4 TsUsbFlt - ok 12:06:49.0620 0x17d4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:06:49.0648 0x17d4 tunnel - ok 12:06:49.0657 0x17d4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 12:06:49.0663 0x17d4 uagp35 - ok 12:06:49.0683 0x17d4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:06:49.0716 0x17d4 udfs - ok 12:06:49.0734 0x17d4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:06:49.0743 0x17d4 UI0Detect - ok 12:06:49.0766 0x17d4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:06:49.0772 0x17d4 uliagpkx - ok 12:06:49.0788 0x17d4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 12:06:49.0807 0x17d4 umbus - ok 12:06:49.0824 0x17d4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 12:06:49.0839 0x17d4 UmPass - ok 12:06:49.0862 0x17d4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 12:06:49.0886 0x17d4 UmRdpService - ok 12:06:49.0953 0x17d4 [ AEBE8F338432F9DE5AE0CAE4D4BAED76, A11DE1BAEF6E0D30B8801C0AEC589F0DA6FEC5E010BD6A18584D96E0AF9243B8 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 12:06:49.0964 0x17d4 UMVPFSrv - ok 12:06:49.0978 0x17d4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 12:06:50.0002 0x17d4 upnphost - ok 12:06:50.0033 0x17d4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 12:06:50.0040 0x17d4 usbaudio - ok 12:06:50.0067 0x17d4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:06:50.0074 0x17d4 usbccgp - ok 12:06:50.0087 0x17d4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:06:50.0094 0x17d4 usbcir - ok 12:06:50.0104 0x17d4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 12:06:50.0124 0x17d4 usbehci - ok 12:06:50.0145 0x17d4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:06:50.0163 0x17d4 usbhub - ok 12:06:50.0181 0x17d4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:06:50.0197 0x17d4 usbohci - ok 12:06:50.0227 0x17d4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:06:50.0235 0x17d4 usbprint - ok 12:06:50.0242 0x17d4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:06:50.0249 0x17d4 USBSTOR - ok 12:06:50.0260 0x17d4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 12:06:50.0267 0x17d4 usbuhci - ok 12:06:50.0281 0x17d4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 12:06:50.0301 0x17d4 UxSms - ok 12:06:50.0319 0x17d4 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\Windows\system32\lsass.exe 12:06:50.0327 0x17d4 VaultSvc - ok 12:06:50.0348 0x17d4 [ EB2461E88E1E9F2243FAA3F167BFB94E, 1A7E51BC964CC42A2839FE6DB20A7E2E695E827B62851B0B25CCDB091A144D24 ] VBoxAswDrv F:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 12:06:50.0357 0x17d4 VBoxAswDrv - ok 12:06:50.0372 0x17d4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:06:50.0378 0x17d4 vdrvroot - ok 12:06:50.0392 0x17d4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 12:06:50.0418 0x17d4 vds - ok 12:06:50.0420 0x17d4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:06:50.0428 0x17d4 vga - ok 12:06:50.0434 0x17d4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 12:06:50.0451 0x17d4 VgaSave - ok 12:06:50.0472 0x17d4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:06:50.0480 0x17d4 vhdmp - ok 12:06:50.0494 0x17d4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 12:06:50.0500 0x17d4 viaide - ok 12:06:50.0511 0x17d4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 12:06:50.0518 0x17d4 vmbus - ok 12:06:50.0535 0x17d4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 12:06:50.0541 0x17d4 VMBusHID - ok 12:06:50.0552 0x17d4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:06:50.0559 0x17d4 volmgr - ok 12:06:50.0577 0x17d4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:06:50.0587 0x17d4 volmgrx - ok 12:06:50.0600 0x17d4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:06:50.0610 0x17d4 volsnap - ok 12:06:50.0618 0x17d4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 12:06:50.0625 0x17d4 vsmraid - ok 12:06:50.0661 0x17d4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 12:06:50.0701 0x17d4 VSS - ok 12:06:50.0709 0x17d4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:06:50.0724 0x17d4 vwifibus - ok 12:06:50.0760 0x17d4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 12:06:50.0802 0x17d4 W32Time - ok 12:06:50.0805 0x17d4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 12:06:50.0818 0x17d4 WacomPen - ok 12:06:50.0836 0x17d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:06:50.0856 0x17d4 WANARP - ok 12:06:50.0859 0x17d4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:06:50.0876 0x17d4 Wanarpv6 - ok 12:06:50.0940 0x17d4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 12:06:50.0962 0x17d4 WatAdminSvc - ok 12:06:51.0002 0x17d4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 12:06:51.0030 0x17d4 wbengine - ok 12:06:51.0048 0x17d4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:06:51.0073 0x17d4 WbioSrvc - ok 12:06:51.0096 0x17d4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:06:51.0111 0x17d4 wcncsvc - ok 12:06:51.0117 0x17d4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:06:51.0137 0x17d4 WcsPlugInService - ok 12:06:51.0140 0x17d4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 12:06:51.0145 0x17d4 Wd - ok 12:06:51.0183 0x17d4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:06:51.0200 0x17d4 Wdf01000 - ok 12:06:51.0236 0x17d4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:06:51.0245 0x17d4 WdiServiceHost - ok 12:06:51.0248 0x17d4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:06:51.0256 0x17d4 WdiSystemHost - ok 12:06:51.0276 0x17d4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 12:06:51.0289 0x17d4 WebClient - ok 12:06:51.0302 0x17d4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:06:51.0330 0x17d4 Wecsvc - ok 12:06:51.0341 0x17d4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:06:51.0362 0x17d4 wercplsupport - ok 12:06:51.0372 0x17d4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 12:06:51.0404 0x17d4 WerSvc - ok 12:06:51.0415 0x17d4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:06:51.0432 0x17d4 WfpLwf - ok 12:06:51.0434 0x17d4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:06:51.0440 0x17d4 WIMMount - ok 12:06:51.0450 0x17d4 WinDefend - ok 12:06:51.0453 0x17d4 WinHttpAutoProxySvc - ok 12:06:51.0487 0x17d4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:06:51.0525 0x17d4 Winmgmt - ok 12:06:51.0588 0x17d4 WinRing0_1_2_0 - ok 12:06:51.0660 0x17d4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 12:06:51.0694 0x17d4 WinRM - ok 12:06:51.0727 0x17d4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys 12:06:51.0735 0x17d4 WinUsb - ok 12:06:51.0755 0x17d4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:06:51.0786 0x17d4 Wlansvc - ok 12:06:51.0818 0x17d4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:06:51.0832 0x17d4 WmiAcpi - ok 12:06:51.0851 0x17d4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:06:51.0876 0x17d4 wmiApSrv - ok 12:06:51.0892 0x17d4 WMPNetworkSvc - ok 12:06:51.0902 0x17d4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:06:51.0918 0x17d4 WPCSvc - ok 12:06:51.0933 0x17d4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:06:51.0943 0x17d4 WPDBusEnum - ok 12:06:51.0951 0x17d4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:06:51.0970 0x17d4 ws2ifsl - ok 12:06:51.0980 0x17d4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 12:06:51.0992 0x17d4 wscsvc - ok 12:06:51.0993 0x17d4 WSearch - ok 12:06:52.0062 0x17d4 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 12:06:52.0103 0x17d4 wuauserv - ok 12:06:52.0134 0x17d4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:06:52.0152 0x17d4 WudfPf - ok 12:06:52.0174 0x17d4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys 12:06:52.0183 0x17d4 WUDFRd - ok 12:06:52.0209 0x17d4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:06:52.0217 0x17d4 wudfsvc - ok 12:06:52.0237 0x17d4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 12:06:52.0248 0x17d4 WwanSvc - ok 12:06:52.0268 0x17d4 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 12:06:52.0275 0x17d4 xusb21 - ok 12:06:52.0284 0x17d4 ================ Scan global =============================== 12:06:52.0302 0x17d4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 12:06:52.0323 0x17d4 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 12:06:52.0331 0x17d4 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 12:06:52.0343 0x17d4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 12:06:52.0372 0x17d4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 12:06:52.0377 0x17d4 [ Global ] - ok 12:06:52.0377 0x17d4 ================ Scan MBR ================================== 12:06:52.0383 0x17d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2 12:06:52.0645 0x17d4 \Device\Harddisk2\DR2 - ok 12:06:52.0646 0x17d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 12:06:52.0709 0x17d4 \Device\Harddisk0\DR0 - ok 12:06:52.0711 0x17d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 12:06:52.0757 0x17d4 \Device\Harddisk1\DR1 - ok 12:06:52.0757 0x17d4 ================ Scan VBR ================================== 12:06:52.0758 0x17d4 [ B17CE3A585549A025394D8F978E1327A ] \Device\Harddisk2\DR2\Partition1 12:06:52.0793 0x17d4 \Device\Harddisk2\DR2\Partition1 - ok 12:06:52.0794 0x17d4 [ C6763D736E00D3CFFB8A1BF1560D5138 ] \Device\Harddisk2\DR2\Partition2 12:06:52.0840 0x17d4 \Device\Harddisk2\DR2\Partition2 - ok 12:06:52.0841 0x17d4 [ 1024FCDCBA47AEEA03FBB015F1AE863E ] \Device\Harddisk2\DR2\Partition3 12:06:52.0885 0x17d4 \Device\Harddisk2\DR2\Partition3 - ok 12:06:52.0885 0x17d4 [ 858BC5B924D5D09C1540B5EC8AE17C04 ] \Device\Harddisk2\DR2\Partition4 12:06:52.0886 0x17d4 \Device\Harddisk2\DR2\Partition4 - ok 12:06:52.0887 0x17d4 [ CC0759E551D05A4A71E3D4198143E0E9 ] \Device\Harddisk0\DR0\Partition1 12:06:52.0926 0x17d4 \Device\Harddisk0\DR0\Partition1 - ok 12:06:52.0927 0x17d4 [ FC24DCC54343EB673F9AB0AB3B18684D ] \Device\Harddisk1\DR1\Partition1 12:06:52.0928 0x17d4 \Device\Harddisk1\DR1\Partition1 - ok 12:06:52.0928 0x17d4 ================ Scan generic autorun ====================== 12:06:53.0000 0x17d4 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\syswow64\RunDll32.exe 12:06:53.0008 0x17d4 Cmaudio8788 - ok 12:06:53.0042 0x17d4 [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe 12:06:53.0050 0x17d4 USB3MON - ok 12:06:53.0164 0x17d4 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] F:\Program Files\AVAST Software\Avast\AvastUI.exe 12:06:53.0241 0x17d4 AvastUI.exe - ok 12:06:53.0261 0x17d4 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe 12:06:53.0266 0x17d4 GrooveMonitor - ok 12:06:53.0422 0x17d4 [ D9F25B1C673DEEF18A45AD2080DC9A5E, 76C4E520099F0CF3556158B6C154B68E4F954D4CA6A1851FB08979207F482200 ] F:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe 12:06:53.0436 0x17d4 StartCCC - ok 12:06:53.0469 0x17d4 Dropbox - ok 12:06:53.0513 0x17d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 12:06:53.0535 0x17d4 Sidebar - ok 12:06:53.0551 0x17d4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 12:06:53.0561 0x17d4 mctadmin - ok 12:06:53.0591 0x17d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 12:06:53.0613 0x17d4 Sidebar - ok 12:06:53.0616 0x17d4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 12:06:53.0627 0x17d4 mctadmin - ok 12:06:53.0658 0x17d4 [ 406E7DF08CE79BE3016CC6D15E2ED956, 9DA8D10AE642B9411A3EB253F97918A6F470F1772F0057964267497CE0BDA53A ] F:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe 12:06:53.0666 0x17d4 Dxtory Update Checker 2.0 - detected UnsignedFile.Multi.Generic ( 1 ) 12:06:56.0625 0x17d4 Detect skipped due to KSN trusted 12:06:56.0625 0x17d4 Dxtory Update Checker 2.0 - ok 12:06:56.0625 0x17d4 Waiting for KSN requests completion. In queue: 97 12:06:57.0625 0x17d4 Waiting for KSN requests completion. In queue: 97 12:06:58.0625 0x17d4 Waiting for KSN requests completion. In queue: 97 12:06:59.0668 0x17d4 AV detected via SS2: avast! Antivirus, F:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated ) 12:06:59.0669 0x17d4 FW detected via SS2: avast! Antivirus, F:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41010 ( enabled ) 12:07:02.0045 0x17d4 ============================================================ 12:07:02.0045 0x17d4 Scan finished 12:07:02.0045 0x17d4 ============================================================ 12:07:02.0049 0x15a0 Detected object count: 0 12:07:02.0049 0x15a0 Actual detected object count: 0 |
15.07.2015, 12:27 | #7 |
/// the machine /// TB-Ausbilder | Vermutlich Gehackt. Was tun? er braucht physischen Zugrif zum PC. oder direkten Zugrif mit Teamviewer, Steam, whatever. In der Theorie kann ein Profi das aber so machen, das nix gefunden wird.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.07.2015, 16:01 | #8 |
| Vermutlich Gehackt. Was tun? Gibt es weitere Tools oder Möglichkeiten das zu testen? So wie es bisher scheint würde ich ja vermuten, dass jemand aus dem privaten Umfeld sich einen Scherz erlaubt hat. Nur das später auch eine mir relativ unbekannte Person "angegeriffen" wurde macht mich total stutzig. |
16.07.2015, 07:42 | #9 |
/// the machine /// TB-Ausbilder | Vermutlich Gehackt. Was tun? Du kannst mit der Rescue CD mit Linux booten und das System von aussen scannen. Du kannst nen Offline MBR Dump ziehen und den scannen lassen, oder im Hexeditor von Hand prüfen. Aber ich sag Dir schon jetzt: Da wird nix bei rum kommen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.07.2015, 23:04 | #10 |
| Vermutlich Gehackt. Was tun? Also einfach damit leben? |
17.07.2015, 10:57 | #11 |
/// the machine /// TB-Ausbilder | Vermutlich Gehackt. Was tun? Naja, as said, rein theoretisch: Ein Pro, mit Zugang zum Rechner, kann da was einbauen was kein Mensch findet, auch kein Scanner. Aber dazu müsstest Du schon immens intressant sein damit sich einer die Mühe macht. Wenn Du Angst hast, und auf Nummer sicher gehen willst, musst du alles formatieren und neuaufsetzen, und alle Passwörter ändern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.07.2015, 17:20 | #12 |
| Vermutlich Gehackt. Was tun? Okay, dann vielen Dank für die Hilfe! |
18.07.2015, 09:31 | #13 |
/// the machine /// TB-Ausbilder | Vermutlich Gehackt. Was tun? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Vermutlich Gehackt. Was tun? |
adobe, antivirus, avast, bho, browser, email, explorer, firefox, firewall, flash player, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, mozilla, security, senden, software, system, trojaner, usb, viren, windows, wlan |