Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   PC bootet in safemode und fährt dann runter (https://www.trojaner-board.de/158391-pc-bootet-safemode-faehrt-dann-runter.html)

dbe1963 07.09.2014 17:08
PC bootet in safemode und fährt dann runter
 
Hallo,

beim Starten kommt die Meldung: "System is booting in safemode - minimal Services"
Dann erscheint kurz der Anmeldeschirm. Dann fährt der Rechner runter. Das wars.
Könnt ihr helfen?
Den FRST Scan habe ich angehängt.

Vielleicht ist dies die Ursachen: Mein Sohn hat im MSCONFIG ausgewählt: "Beim Hochfahren minimale Dienste. Das Ergebnis ist, dass wir ihn jetzt gar nicht mehr starten können (s.o.)

Vielen Dank schon mal für eure Mühen.

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by SYSTEM on MININT-KI8199L on 07-09-2014 18:40:56
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190472 2009-09-17] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [ChicoSys] => C:\Windows\SysWOW64\cc32\webtmr.exe [6484352 2009-07-14] (Salfeld Computer)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-21] (Microsoft Corporation)
HKU\Dirk\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [6864256 2009-07-14] (Salfeld Computer)
HKU\Dirk\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Dirk\...\Policies\system: [DisableLockWorkstation] 0
HKU\Dirk\...\Policies\system: [DisableClock] 0
HKU\Dirk\...\Policies\system: [LogonHoursAction] 2
HKU\Dirk\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dirk\...\Policies\Explorer: [NoControlPanel] 0
HKU\Dirk\...\Policies\Explorer: [NoFind] 0
HKU\Luca\...\Policies\system: [DisableClock] 1
HKU\Luca\...\Policies\system: [DisableLockWorkstation] 0
HKU\Luca\...\Policies\system: [LogonHoursAction] 2
HKU\Luca\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Luca\...\Policies\Explorer: [NoControlPanel] 0
HKU\Luca\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Luca\...\Policies\Explorer: [NoFind] 0
AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4139336 2013-11-21] ()
Startup: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3000299772-3109549842-2761917205-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [191128 2013-11-21] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S2 ksupmgr; C:\Windows\SysWOW64\ksupmgr.exe [765592 2010-08-25] (Salfeld Computer)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848 2014-04-08] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-28] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-10-22] (TuneUp Software)
S2 VOsrv; C:\Users\Dirk\AppData\Roaming\VOPackage\VOsrv.exe [353792 2014-02-25] ()
S4 OtShotUpdateService; C:\Program Files (x86)\OtShot\OtshotUpdateServiceEx.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-01-14] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-26] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-01-14] ()
S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 StarOpen; No ImagePath
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2011-03-31] (C-Media Electronics Inc)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys AE1FCE2CD1E99BEA89183BA8CD320872
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys 53D8D46D51D390ABDB54ECA623165CB7
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 75C51148154E34EB3D7BB84749A758D5
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 7D89B0C443F6068E5B27AA3B972069FF
C:\Windows\System32\DRIVERS\atksgt.sys FC0E8778C000291CAF60EB88C011E931
C:\Windows\System32\DRIVERS\avgntflt.sys 4663C5AD76FE8E19592DE808156FA07D
C:\Windows\System32\DRIVERS\avipbb.sys 8902AEC2382A37E9E99A4E0D52DBD42B
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys DB6AEC32FAF5BD002D9ED6C38692D42B
C:\Windows\System32\Drivers\EtronXHCI.sys 9CC2F24274741E12F9DF92125EA6D6D8
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 4BBB5A55EEB5EC11B20FCBB4CBB49357
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lirsgt.sys 156AB2E56DC3CA0B582E3362E07CDED7
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC
C:\Windows\System32\DRIVERS\nvlddmkm.sys 91695E69E760C4B9C199051C995FAFDE
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys A0D870DCE152EE5B92A41AD927201D19
C:\Windows\System32\drivers\nvvad64v.sys 75034A4D7C02327D150B617571D4196A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 10450F432811D7FDA60A97FCC674D7B2
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdrpm273.sys 99527D49EE0A96FC25537C61B270A372
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\timntr.sys EBBAEA02F0095A798000C7E06B16D41B
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys DCC94C51D27C7EC0DADECA8F64C94FCF
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\drivers\CM10664.sys F9B3054339A71F16430F6585EBC8BE96
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\WmBEnum.sys E7F4937B613B1E4294100C9D4EFC36A9
C:\Windows\System32\drivers\WmFilter.sys 6F6F2B263002B243D3501C7E6C8FC11D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WmVirHid.sys 52B4FCC6AFAEC0FFD80BDA63F9B140CD
C:\Windows\System32\drivers\WmXlCore.sys 395B3E7FBA81BDC4501641B3B2CF2E20
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 18:34 - 2014-09-07 18:40 - 00000000 ____D () C:\FRST
2014-09-07 12:44 - 2014-09-07 12:47 - 00000000 ___HD () C:\System Shared
2014-09-07 12:44 - 2014-09-07 12:44 - 00000000 ___HD () C:\Device
2014-08-30 09:35 - 2014-08-30 09:37 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Luca\Downloads\OriginThinSetup.exe
2014-08-29 18:24 - 2014-08-29 18:24 - 01101648 _____ () C:\Users\Luca\Downloads\LogMeIn Hamachi - CHIP-Installer.exe
2014-08-29 17:27 - 2013-03-04 05:34 - 01808510 _____ () C:\Users\Luca\Downloads\TekkitLite.jar
2014-08-29 17:27 - 2013-03-04 05:33 - 02061638 _____ () C:\Users\Luca\Downloads\minecraft_server.jar
2014-08-29 17:27 - 2013-01-12 04:40 - 00000000 ____D () C:\Users\Luca\Downloads\mods
2014-08-29 17:27 - 2013-01-12 04:39 - 00000000 ____D () C:\Users\Luca\Downloads\coremods
2014-08-29 17:27 - 2013-01-04 08:42 - 00000555 _____ () C:\Users\Luca\Downloads\server.properties
2014-08-29 17:27 - 2013-01-04 08:20 - 00000054 _____ () C:\Users\Luca\Downloads\launch.sh
2014-08-29 17:27 - 2013-01-04 08:20 - 00000051 _____ () C:\Users\Luca\Downloads\launch.bat
2014-08-29 17:17 - 2014-08-29 17:22 - 00001376 _____ () C:\Users\Luca\Desktop\TechnicLauncher - Verknüpfung.lnk
2014-08-29 17:17 - 2014-08-29 17:19 - 00000000 ____D () C:\Users\Luca\Documents\Tekkit
2014-08-29 17:14 - 2014-08-29 17:16 - 20827501 _____ () C:\Users\Luca\Downloads\Tekkit_Lite_Server_0.6.5.zip
2014-08-28 16:44 - 2014-08-28 16:44 - 01397992 _____ () C:\Users\Luca\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-28 14:01 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-28 14:01 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 14:01 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-27 16:27 - 2014-08-27 16:27 - 02249144 _____ () C:\Users\Luca\Downloads\battlelog-web-plugins_2.4.0_147.exe
2014-08-21 11:20 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-21 11:20 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-21 11:20 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 11:20 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-21 11:20 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-21 11:20 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-21 11:20 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 11:20 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-21 11:20 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-21 11:20 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 11:19 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-21 11:19 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 11:19 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-21 11:19 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-18 13:08 - 2014-08-18 13:09 - 02836320 _____ (FlyVPN) C:\Users\Luca\Downloads\FlyClientInstaller_3.0.1.8(1).exe
2014-08-18 13:01 - 2014-08-18 13:09 - 00001033 _____ () C:\Users\Dirk\Desktop\FlyVPN.lnk
2014-08-18 13:01 - 2014-08-18 13:09 - 00000000 ____D () C:\Program Files (x86)\FlyVPN
2014-08-18 13:01 - 2014-08-18 13:01 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-08-18 13:00 - 2014-08-18 13:00 - 02836320 _____ (FlyVPN) C:\Users\Luca\Downloads\FlyClientInstaller_3.0.1.8.exe
2014-08-18 12:56 - 2014-08-22 17:09 - 00001149 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 21:37 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-17 21:37 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 21:37 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 21:37 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-17 21:37 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-17 21:37 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-17 21:37 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 21:37 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 18:24 - 2014-08-17 19:36 - 620143037 _____ () C:\Users\Luca\Downloads\mb_warband_setup_1160.exe
2014-08-17 17:20 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-17 17:20 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 17:20 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-17 17:20 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-17 17:20 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-17 17:20 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 17:20 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-17 17:20 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-17 17:20 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-17 17:20 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-17 17:20 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-17 17:20 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-17 17:20 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-17 17:20 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 17:20 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-17 17:20 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-17 17:20 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-17 17:20 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-17 17:20 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-17 17:20 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-17 17:20 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 17:20 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 17:20 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 17:20 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 17:20 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-17 17:20 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-17 17:20 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 17:20 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-17 17:20 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 17:20 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-17 17:20 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 17:20 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 17:20 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-17 17:20 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 17:20 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 17:20 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 17:20 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 17:20 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-17 17:20 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 17:20 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-17 17:20 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-17 17:20 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-17 17:20 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 17:20 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 17:20 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 17:20 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-17 17:20 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 17:20 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 17:20 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 17:20 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 17:20 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-17 17:20 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-17 17:20 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-17 17:20 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 17:20 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 17:20 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 17:16 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-17 17:16 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 17:16 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-17 17:16 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 17:16 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-17 17:16 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-17 17:16 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-17 17:16 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-17 17:16 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-17 17:16 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 17:16 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 17:16 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 17:11 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-17 17:11 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 18:40 - 2014-09-07 18:34 - 00000000 ____D () C:\FRST
2014-09-07 15:30 - 2012-01-22 17:47 - 00000016 _____ () C:\Windows\SysWOW64\excltmp~.dat
2014-09-07 15:30 - 2012-01-22 17:46 - 00000415 _____ () C:\NET.INI
2014-09-07 14:01 - 2012-01-13 23:02 - 00000000 ____D () C:\users\Luca
2014-09-07 14:01 - 2012-01-12 13:26 - 00000000 ____D () C:\users\Dirk
2014-09-07 14:00 - 2014-07-22 11:15 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-07 14:00 - 2013-11-07 20:53 - 00000000 ____D () C:\Windows\pss
2014-09-07 14:00 - 2013-10-01 13:10 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-07 14:00 - 2013-03-24 10:42 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Skype
2014-09-07 14:00 - 2012-07-11 18:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-07 14:00 - 2012-02-19 11:48 - 00000000 ____D () C:\Users\Luca\AppData\Local\LogMeIn Hamachi
2014-09-07 14:00 - 2012-01-14 00:35 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-07 14:00 - 2012-01-12 13:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 14:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-09-07 14:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-09-07 14:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-07 13:11 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-07 12:47 - 2014-09-07 12:44 - 00000000 ___HD () C:\System Shared
2014-09-07 12:44 - 2014-09-07 12:44 - 00000000 ___HD () C:\Device
2014-09-02 16:09 - 2012-01-12 13:25 - 02009606 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 16:05 - 2012-11-02 18:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 16:03 - 2013-09-30 15:07 - 00000000 ____D () C:\ProgramData\Origin
2014-09-02 16:02 - 2013-09-30 15:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-02 16:01 - 2009-07-14 05:51 - 00211254 _____ () C:\Windows\setupact.log
2014-09-02 16:00 - 2012-01-13 23:52 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 16:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 16:39 - 2013-08-22 17:35 - 00000282 _____ () C:\Windows\Tasks\DSite.job
2014-09-01 16:35 - 2013-08-22 17:35 - 00000288 _____ () C:\Windows\Tasks\MetaCrawler.job
2014-09-01 15:55 - 2012-01-13 23:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 15:35 - 2013-08-22 18:35 - 00000204 _____ () C:\Users\Luca\AppData\Roaming\WB.CFG
2014-09-01 15:10 - 2013-09-30 15:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-01 15:03 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 15:03 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 16:58 - 2013-09-30 15:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-31 08:41 - 2014-04-25 09:24 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Systweak
2014-08-30 09:37 - 2014-08-30 09:35 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Luca\Downloads\OriginThinSetup.exe
2014-08-29 20:00 - 2013-03-10 09:53 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\.minecraft
2014-08-29 18:35 - 2012-02-19 19:28 - 00000000 ____D () C:\Users\Dirk\AppData\Local\LogMeIn Hamachi
2014-08-29 18:24 - 2014-08-29 18:24 - 01101648 _____ () C:\Users\Luca\Downloads\LogMeIn Hamachi - CHIP-Installer.exe
2014-08-29 17:29 - 2012-07-08 10:02 - 00003072 ___SH () C:\Users\Luca\Thumbs.db
2014-08-29 17:22 - 2014-08-29 17:17 - 00001376 _____ () C:\Users\Luca\Desktop\TechnicLauncher - Verknüpfung.lnk
2014-08-29 17:19 - 2014-08-29 17:17 - 00000000 ____D () C:\Users\Luca\Documents\Tekkit
2014-08-29 17:16 - 2014-08-29 17:14 - 20827501 _____ () C:\Users\Luca\Downloads\Tekkit_Lite_Server_0.6.5.zip
2014-08-29 13:20 - 2013-04-19 16:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\.technic
2014-08-29 13:03 - 2010-11-21 04:47 - 00685762 _____ () C:\Windows\PFRO.log
2014-08-28 16:44 - 2014-08-28 16:44 - 01397992 _____ () C:\Users\Luca\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-28 16:34 - 2009-07-14 05:45 - 00414096 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-27 16:27 - 2014-08-27 16:27 - 02249144 _____ () C:\Users\Luca\Downloads\battlelog-web-plugins_2.4.0_147.exe
2014-08-23 03:07 - 2014-08-28 14:01 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-23 02:45 - 2014-08-28 14:01 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 01:59 - 2014-08-28 14:01 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-22 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 17:09 - 2014-08-18 12:56 - 00001149 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 17:09 - 2013-12-26 03:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 17:09 - 2013-05-24 09:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-19 06:45 - 2012-01-12 14:18 - 00309819 _____ () C:\Windows\DirectX.log
2014-08-18 13:09 - 2014-08-18 13:08 - 02836320 _____ (FlyVPN) C:\Users\Luca\Downloads\FlyClientInstaller_3.0.1.8(1).exe
2014-08-18 13:09 - 2014-08-18 13:01 - 00001033 _____ () C:\Users\Dirk\Desktop\FlyVPN.lnk
2014-08-18 13:09 - 2014-08-18 13:01 - 00000000 ____D () C:\Program Files (x86)\FlyVPN
2014-08-18 13:01 - 2014-08-18 13:01 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-08-18 13:00 - 2014-08-18 13:00 - 02836320 _____ (FlyVPN) C:\Users\Luca\Downloads\FlyClientInstaller_3.0.1.8.exe
2014-08-18 12:59 - 2012-11-02 18:25 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 12:59 - 2012-11-02 18:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-18 12:59 - 2012-01-12 13:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-18 12:56 - 2013-05-24 09:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-18 12:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 21:51 - 2012-01-15 17:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 21:44 - 2013-08-18 11:38 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-17 21:42 - 2012-01-12 15:21 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-17 20:16 - 2012-05-28 20:44 - 00001156 _____ () C:\Users\Dirk\Desktop\Mount&Blade Warband.lnk
2014-08-17 20:16 - 2012-01-21 15:58 - 00001156 _____ () C:\Users\Luca\Desktop\Mount&Blade Warband.lnk
2014-08-17 20:15 - 2012-01-21 15:58 - 00000000 ____D () C:\Program Files (x86)\Mount&Blade Warband
2014-08-17 19:36 - 2014-08-17 18:24 - 620143037 _____ () C:\Users\Luca\Downloads\mb_warband_setup_1160.exe
2014-08-17 18:00 - 2013-10-01 18:39 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-17 17:47 - 2013-03-15 18:32 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Dirk\AppData\Local\Temp\avgnt.exe
C:\Users\Dirk\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dirk\AppData\Local\Temp\comver.dll
C:\Users\Dirk\AppData\Local\Temp\instract.exe
C:\Users\Dirk\AppData\Local\Temp\nsbA7C9.exe
C:\Users\Dirk\AppData\Local\Temp\nsgFC04.exe
C:\Users\Dirk\AppData\Local\Temp\nsl9DF7.exe
C:\Users\Dirk\AppData\Local\Temp\nslA2D8.exe
C:\Users\Dirk\AppData\Local\Temp\nsmDF4A.exe
C:\Users\Dirk\AppData\Local\Temp\nsr124.exe
C:\Users\Dirk\AppData\Local\Temp\nsw5D6.exe
C:\Users\Dirk\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Dirk\AppData\Local\Temp\sonarinst.exe
C:\Users\Luca\AppData\Local\Temp\avgnt.exe
C:\Users\Luca\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-27 13:55:12
Restore point made on: 2014-07-01 14:35:34
Restore point made on: 2014-07-04 20:45:44
Restore point made on: 2014-07-08 08:27:53
Restore point made on: 2014-07-10 11:57:48
Restore point made on: 2014-07-20 17:31:45
Restore point made on: 2014-07-25 08:19:21
Restore point made on: 2014-07-29 08:41:36
Restore point made on: 2014-07-30 08:05:49
Restore point made on: 2014-08-01 10:40:52
Restore point made on: 2014-08-17 17:02:50
Restore point made on: 2014-08-17 20:15:44
Restore point made on: 2014-08-17 21:36:33
Restore point made on: 2014-08-19 06:43:02
Restore point made on: 2014-08-21 11:19:46
Restore point made on: 2014-08-22 13:18:16
Restore point made on: 2014-08-26 14:12:48
Restore point made on: 2014-08-28 14:21:46
Restore point made on: 2014-09-02 16:10:37

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {default}
resumeobject            {4ce375f1-3d17-11e1-bc5e-86918ed0c13b}
displayorder            {default}
toolsdisplayorder      {memdiag}
timeout                0

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {current}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4ce375f1-3d17-11e1-bc5e-86918ed0c13b}
nx                      OptIn
safeboot                Minimal

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\4ce375f3-3d17-11e1-bc5e-86918ed0c13b\Winre.wim,{4ce375f4-3d17-11e1-bc5e-86918ed0c13b}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\4ce375f3-3d17-11e1-bc5e-86918ed0c13b\Winre.wim,{4ce375f4-3d17-11e1-bc5e-86918ed0c13b}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {4ce375f1-3d17-11e1-bc5e-86918ed0c13b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description            Windows-Speicherdiagnose
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {4ce375f4-3d17-11e1-bc5e-86918ed0c13b}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\4ce375f3-3d17-11e1-bc5e-86918ed0c13b\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8173.22 MB
Available physical RAM: 7290.12 MB
Total Pagefile: 8171.42 MB
Available Pagefile: 7280.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (SYSTEM_500GB) (Fixed) (Total:465.66 GB) (Free:79.58 GB) NTFS
Drive f: () (Removable) (Total:0.46 GB) (Free:0.46 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6D6CA26F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 471 MB) (Disk ID: 73696420)
No partition Table on disk 1.


LastRegBack: 2014-08-29 18:18

==================== End Of Log ============================

burningice 07.09.2014 17:21
:hallo:

Um eine mögliche Infektion auszuschließen bzw. zu beheben, tue bitte folgendes:

Erstelle deinen Beitrag genau so wieder, nur hier: Log-Analyse und Auswertung - Trojaner-Board

Dort wird dir weitergeholfen :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55