Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 01.09.2014, 02:33   #1
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Zitat:
Ich Glaube auf meinem system haben sich rootkits,malewarez ... alle möglichen viren breit gemacht .Ich will zumbeispiel bei Google Chrome browser in google fragen ob es sinnvoll ist dhcp zu deaktiviern ,kaum klick ich auf suchen stürzt der browser ab...
Code:
ATTFilter
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by ---- (administrator) on TERRORCOMPUTER on 01-09-2014 02:47:41
Running from C:\Users\----\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9839810ACC55CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\----\AppData\Roaming\Mozilla\Firefox\Profiles\rhfk705j.default-1409467192460
FF Homepage: https://www.google.de/?gfe_rd=cr&ei=ypEDVMDcFsOF8QevloAw
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\----\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Aurora\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\----\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (YouTube) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google-Suche) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Google Mail) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-08-02] (The OpenVPN Project)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 02:43 - 2014-09-01 02:43 - 00027322 _____ () C:\Users\----\Downloads\FRST.txt
2014-09-01 02:23 - 2014-09-01 02:47 - 00007911 _____ () C:\Users\----\Desktop\FRST.txt
2014-09-01 02:17 - 2014-09-01 02:18 - 00000470 _____ () C:\Users\----\Downloads\defogger_disable.log
2014-09-01 02:17 - 2014-09-01 02:17 - 00000000 _____ () C:\Users\----\defogger_reenable
2014-09-01 02:15 - 2014-09-01 02:16 - 00050477 _____ () C:\Users\----\Downloads\Defogger.exe
2014-08-31 23:59 - 2014-09-01 02:47 - 00000000 ____D () C:\FRST
2014-08-31 23:56 - 2014-08-31 23:56 - 01096704 _____ (Farbar) C:\Users\----\Desktop\FRST.exe
2014-08-31 22:41 - 2014-08-31 22:41 - 00000000 ____D () C:\Users\----\AppData\Roaming\vlc
2014-08-31 12:31 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\----\AppData\Local\VirtualStore
2014-08-31 11:16 - 2014-08-31 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 10:48 - 2014-08-31 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-31 10:40 - 2014-08-31 10:40 - 00001535 _____ () C:\world of viring.txt
2014-08-31 10:26 - 2014-09-01 01:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 10:25 - 2014-08-31 11:15 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-31 10:25 - 2014-08-31 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 10:25 - 2014-08-31 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-31 10:25 - 2014-08-31 10:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-31 10:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 10:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Users\----\AppData\Local\Secunia PSI
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Program Files\Secunia
2014-08-31 09:19 - 2014-08-31 23:18 - 00000000 ____D () C:\Users\----\Desktop\anti V
2014-08-31 09:12 - 2014-08-31 09:12 - 00058016 _____ () C:\Users\----\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:59 - 2014-08-31 08:59 - 00675206 _____ () C:\Windows\PFRO.log
2014-08-31 08:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-31 08:52 - 2014-08-31 08:55 - 00000000 ____D () C:\AdwCleaner
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Roaming\ESET
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Local\ESET
2014-08-31 07:38 - 2014-08-31 13:43 - 00000000 ____D () C:\Program Files\ESET
2014-08-31 07:38 - 2014-08-31 07:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-31 07:38 - 2014-08-31 07:38 - 00000000 ____D () C:\ProgramData\ESET
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Macromedia
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Adobe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Macromedia
2014-08-31 07:21 - 2014-08-31 07:21 - 00000000 ____D () C:\Users\----\AppData\Local\Google
2014-08-31 07:02 - 2014-08-31 07:02 - 00011776 ___SH () C:\Users\----\Downloads\Thumbs.db
2014-08-31 06:35 - 2014-08-31 06:35 - 00000000 ____D () C:\Users\----\AppData\Roaming\TuneUp Software
2014-08-31 05:10 - 2014-08-31 05:10 - 00000000 ____D () C:\Users\----\Desktop\☣☣
2014-08-30 22:32 - 2014-09-01 02:20 - 00000224 _____ () C:\Windows\setupact.log
2014-08-30 22:32 - 2014-08-30 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 22:31 - 2014-08-30 22:32 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 19:06 - 2014-08-30 19:06 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-28 14:11 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:11 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 02:34 - 2014-08-31 23:18 - 00000000 ____D () C:\Users\----\Desktop\☣
2014-08-21 09:36 - 2014-08-21 09:43 - 00000038 _____ () C:\Users\----\Desktop\arbeitsamt kndnr.txt
2014-08-19 09:35 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 09:35 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 09:34 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 09:34 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 09:33 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 09:33 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 09:33 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 09:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 09:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-14 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 01265664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 11018240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 06046720 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 06:15 - 2014-07-29 11:31 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 06:15 - 2014-07-29 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 06:15 - 2014-07-29 11:31 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 06:15 - 2014-07-29 11:30 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 06:15 - 2014-07-29 08:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 06:15 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 06:15 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 06:15 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 06:15 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 06:15 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 06:14 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 06:14 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 06:14 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 06:14 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 06:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 06:14 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 06:14 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 06:14 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 06:14 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 06:14 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2014-08-02 14:48 - 2014-08-02 14:48 - 00038984 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 02:48 - 2014-09-01 02:23 - 00007911 _____ () C:\Users\----\Desktop\FRST.txt
2014-09-01 02:47 - 2014-08-31 23:59 - 00000000 ____D () C:\FRST
2014-09-01 02:43 - 2014-09-01 02:43 - 00027322 _____ () C:\Users\----\Downloads\FRST.txt
2014-09-01 02:27 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 02:27 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 02:20 - 2014-08-30 22:32 - 00000224 _____ () C:\Windows\setupact.log
2014-09-01 02:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 02:19 - 2014-04-11 22:21 - 01474730 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 02:18 - 2014-09-01 02:17 - 00000470 _____ () C:\Users\----\Downloads\defogger_disable.log
2014-09-01 02:17 - 2014-09-01 02:17 - 00000000 _____ () C:\Users\----\defogger_reenable
2014-09-01 02:17 - 2014-04-11 23:19 - 00000000 ____D () C:\Users\----
2014-09-01 02:16 - 2014-09-01 02:15 - 00050477 _____ () C:\Users\----\Downloads\Defogger.exe
2014-09-01 02:03 - 2014-04-17 16:00 - 00001900 _____ () C:\Users\----\Desktop\Aurora.lnk
2014-09-01 01:59 - 2014-04-17 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 01:09 - 2014-08-31 10:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 01:04 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-31 23:56 - 2014-08-31 23:56 - 01096704 _____ (Farbar) C:\Users\----\Desktop\FRST.exe
2014-08-31 23:18 - 2014-08-31 09:19 - 00000000 ____D () C:\Users\----\Desktop\anti V
2014-08-31 23:18 - 2014-08-24 02:34 - 00000000 ____D () C:\Users\----\Desktop\☣
2014-08-31 22:41 - 2014-08-31 22:41 - 00000000 ____D () C:\Users\----\AppData\Roaming\vlc
2014-08-31 13:43 - 2014-08-31 07:38 - 00000000 ____D () C:\Program Files\ESET
2014-08-31 12:31 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\----\AppData\Local\VirtualStore
2014-08-31 11:27 - 2014-08-31 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 11:15 - 2014-08-31 10:25 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-31 10:48 - 2014-08-31 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-31 10:48 - 2014-08-31 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 10:40 - 2014-08-31 10:40 - 00001535 _____ () C:\world of viring.txt
2014-08-31 10:25 - 2014-08-31 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-31 10:25 - 2014-08-31 10:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Users\----\AppData\Local\Secunia PSI
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Program Files\Secunia
2014-08-31 09:12 - 2014-08-31 09:12 - 00058016 _____ () C:\Users\----\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:59 - 2014-08-31 08:59 - 00675206 _____ () C:\Windows\PFRO.log
2014-08-31 08:59 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 08:55 - 2014-08-31 08:52 - 00000000 ____D () C:\AdwCleaner
2014-08-31 08:47 - 2014-04-11 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Roaming\ESET
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Local\ESET
2014-08-31 07:38 - 2014-08-31 07:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-31 07:38 - 2014-08-31 07:38 - 00000000 ____D () C:\ProgramData\ESET
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Macromedia
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Adobe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Macromedia
2014-08-31 07:21 - 2014-08-31 07:21 - 00000000 ____D () C:\Users\----\AppData\Local\Google
2014-08-31 07:02 - 2014-08-31 07:02 - 00011776 ___SH () C:\Users\----\Downloads\Thumbs.db
2014-08-31 06:35 - 2014-08-31 06:35 - 00000000 ____D () C:\Users\----\AppData\Roaming\TuneUp Software
2014-08-31 06:30 - 2014-04-11 23:19 - 00000000 ___RD () C:\Users\----\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-31 06:30 - 2014-04-11 23:19 - 00000000 ___RD () C:\Users\----\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-31 05:10 - 2014-08-31 05:10 - 00000000 ____D () C:\Users\----\Desktop\☣☣
2014-08-31 05:09 - 2014-07-19 21:52 - 00000000 ____D () C:\Users\----\Desktop\bilder
2014-08-31 05:02 - 2014-06-20 11:32 - 00000000 ____D () C:\Users\----\Desktop\mukke rap
2014-08-30 22:32 - 2014-08-30 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 22:32 - 2014-08-30 22:31 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 21:48 - 2009-07-14 04:03 - 31457280 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-08-30 21:48 - 2009-07-14 04:03 - 14942208 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-08-30 21:48 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 31719424 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-08-30 19:06 - 2014-08-30 19:06 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-30 19:06 - 2014-04-12 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-30 19:01 - 2014-04-17 19:16 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-30 19:01 - 2014-04-17 19:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-30 13:00 - 2014-07-16 21:54 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2014-08-30 13:00 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 19:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-08-23 03:46 - 2014-08-28 14:11 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 14:11 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 09:43 - 2014-08-21 09:36 - 00000038 _____ () C:\Users\----\Desktop\arbeitsamt kndnr.txt
2014-08-20 16:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-20 15:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-17 20:42 - 2014-04-15 13:07 - 00000000 ____D () C:\Users\----\Desktop\WOW
2014-08-14 10:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 10:27 - 2014-05-06 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 10:11 - 2014-04-12 02:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:06 - 2014-04-12 02:42 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-07 03:43 - 2014-08-13 06:14 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 06:14 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2014-04-12 04:54 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2014-08-02 14:48 - 2014-08-02 14:48 - 00038984 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-31 19:26

==================== End Of Log ============================
         




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by ---- at 2014-09-01 00:01:10
Running from C:\Users\----\Desktop\downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Aurora 32.0a2 (x86 de) (HKLM\...\Aurora 32.0a2 (x86 de)) (Version: 32.0a2 - Mozilla)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{171F1D47-1647-427D-8980-ADCE7100F9A7}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Feature Update Service (YFD) (HKCU\...\YourFileDownloaderUpdater) (Version: 1.4.0 - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0a2 - Mozilla)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4216661017-2105493501-294966950-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\----\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-4216661017-2105493501-294966950-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\----\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-4216661017-2105493501-294966950-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\----\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-4216661017-2105493501-294966950-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\----\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

==================== Restore Points  =========================

30-08-2014 15:43:36 Uniblue SpeedUpMyPC installation
30-08-2014 17:10:48 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
30-08-2014 18:09:56 Uniblue DriverScanner installation
31-08-2014 05:34:24 avast! antivirus system restore point
31-08-2014 06:48:23 TuneUp Utilities 2014 wird entfernt
31-08-2014 06:50:18 TuneUp Utilities 2014 (de-DE) wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15A72E37-1160-4624-86AC-986ED0C777FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-29 14:07 - 2014-06-29 14:07 - 03873904 _____ () C:\Program Files\Aurora\mozjs.dll
2014-08-30 19:01 - 2014-08-30 19:01 - 17048240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:48:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:48:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 08:48:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (08/31/2014 00:30:46 PM) (Source: Application Popup) (EventID: 877) (User: )
Description: Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.

Error: (08/31/2014 00:30:46 PM) (Source: Application Popup) (EventID: 877) (User: )
Description: Fehler [DATABASE NOT LOADED] beim Verarbeiten der Treiberdatenbank.

Error: (08/31/2014 08:58:55 AM) (Source: Application Popup) (EventID: 877) (User: )
Description: Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.

Error: (08/31/2014 08:58:55 AM) (Source: Application Popup) (EventID: 877) (User: )
Description: Fehler [DATABASE NOT LOADED] beim Verarbeiten der Treiberdatenbank.

Error: (08/31/2014 07:39:51 AM) (Source: Application Popup) (EventID: 877) (User: )
Description: Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.

Error: (08/31/2014 07:39:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/30/2014 10:32:47 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/30/2014 09:48:29 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (08/30/2014 06:58:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NlaSvc erreicht.

Error: (08/30/2014 06:58:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.


Microsoft Office Sessions:
=========================
Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Revert.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:50:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:48:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:48:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 08:48:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2014-04-17 18:36:22.629
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\MicroWorld\eScanBD\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-17 16:34:57.023
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\MicroWorld\eScanBD\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU 585 @ 2.16GHz
Percentage of memory in use: 90%
Total physical RAM: 952.87 MB
Available physical RAM: 88.11 MB
Total Pagefile: 2511.43 MB
Available Pagefile: 1236.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 4FC7FE03)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 01.09.2014, 06:38   #2
schrauber
/// the machine
/// TB-Ausbilder
 

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



hi,

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 01.09.2014, 09:45   #3
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Code:
ATTFilter
10:36:22.0169 0x02ec  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
10:36:39.0988 0x02ec  ============================================================
10:36:39.0989 0x02ec  Current date / time: 2014/09/01 10:36:39.0988
10:36:39.0989 0x02ec  SystemInfo:
10:36:39.0989 0x02ec  
10:36:39.0989 0x02ec  OS Version: 6.1.7601 ServicePack: 1.0
10:36:39.0989 0x02ec  Product type: Workstation
10:36:39.0989 0x02ec  ComputerName: TERRORCOMPUTER
10:36:39.0989 0x02ec  UserName: ----
10:36:39.0989 0x02ec  Windows directory: C:\Windows
10:36:39.0989 0x02ec  System windows directory: C:\Windows
10:36:39.0989 0x02ec  Processor architecture: Intel x86
10:36:39.0990 0x02ec  Number of processors: 1
10:36:39.0990 0x02ec  Page size: 0x1000
10:36:39.0990 0x02ec  Boot type: Normal boot
10:36:39.0990 0x02ec  ============================================================
10:36:43.0157 0x02ec  KLMD registered as C:\Windows\system32\drivers\71489313.sys
10:36:44.0571 0x02ec  System UUID: {58A69457-46F7-C415-62C5-B64AF0970FD7}
10:36:46.0221 0x02ec  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:36:46.0239 0x02ec  ============================================================
10:36:46.0239 0x02ec  \Device\Harddisk0\DR0:
10:36:46.0240 0x02ec  MBR partitions:
10:36:46.0240 0x02ec  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:36:46.0240 0x02ec  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
10:36:46.0240 0x02ec  ============================================================
10:36:46.0283 0x02ec  C: <-> \Device\Harddisk0\DR0\Partition2
10:36:46.0284 0x02ec  ============================================================
10:36:46.0284 0x02ec  Initialize success
10:36:46.0284 0x02ec  ============================================================
10:41:17.0079 0x068c  ============================================================
10:41:17.0079 0x068c  Scan started
10:41:17.0079 0x068c  Mode: Manual; SigCheck; TDLFS; 
10:41:17.0079 0x068c  ============================================================
10:41:17.0079 0x068c  KSN ping started
10:41:24.0171 0x068c  KSN ping finished: true
10:41:24.0849 0x068c  ================ Scan system memory ========================
10:41:24.0849 0x068c  System memory - ok
10:41:24.0852 0x068c  ================ Scan services =============================
10:41:25.0011 0x068c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:41:25.0288 0x068c  1394ohci - ok
10:41:25.0338 0x068c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:41:25.0375 0x068c  ACPI - ok
10:41:25.0421 0x068c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:41:25.0510 0x068c  AcpiPmi - ok
10:41:25.0569 0x068c  [ F4BF3ADDDDC1AD372604F13C2B0C1F65, FA37ED5014336A72F778C485226B61BEFECEB861AB754862738795C167F0BAB7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:41:25.0590 0x068c  AdobeFlashPlayerUpdateSvc - ok
10:41:25.0643 0x068c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:41:25.0701 0x068c  adp94xx - ok
10:41:25.0740 0x068c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:41:25.0776 0x068c  adpahci - ok
10:41:25.0807 0x068c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:41:25.0828 0x068c  adpu320 - ok
10:41:25.0871 0x068c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:41:25.0950 0x068c  AeLookupSvc - ok
10:41:25.0993 0x068c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
10:41:26.0075 0x068c  AFD - ok
10:41:26.0116 0x068c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:41:26.0134 0x068c  agp440 - ok
10:41:26.0165 0x068c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
10:41:26.0237 0x068c  aic78xx - ok
10:41:26.0278 0x068c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
10:41:26.0400 0x068c  ALG - ok
10:41:26.0443 0x068c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:41:26.0464 0x068c  aliide - ok
10:41:26.0486 0x068c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:41:26.0517 0x068c  amdagp - ok
10:41:26.0549 0x068c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:41:26.0574 0x068c  amdide - ok
10:41:26.0603 0x068c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:41:26.0676 0x068c  AmdK8 - ok
10:41:26.0694 0x068c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:41:26.0744 0x068c  AmdPPM - ok
10:41:26.0776 0x068c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:41:26.0802 0x068c  amdsata - ok
10:41:26.0852 0x068c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:41:26.0872 0x068c  amdsbs - ok
10:41:26.0901 0x068c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:41:26.0917 0x068c  amdxata - ok
10:41:26.0944 0x068c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
10:41:27.0073 0x068c  AppID - ok
10:41:27.0107 0x068c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:41:27.0164 0x068c  AppIDSvc - ok
10:41:27.0209 0x068c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
10:41:27.0278 0x068c  Appinfo - ok
10:41:27.0319 0x068c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:41:27.0348 0x068c  arc - ok
10:41:27.0375 0x068c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:41:27.0393 0x068c  arcsas - ok
10:41:27.0472 0x068c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:41:27.0506 0x068c  aspnet_state - ok
10:41:27.0539 0x068c  [ 7309064469C60764538741474F324D7C, 25F6B5E225D6F7B66041C91ECA6FCBE2FE1BCC4B243B82435EED34CE9978245C ] aswTap          C:\Windows\system32\DRIVERS\aswTap.sys
10:41:27.0623 0x068c  aswTap - ok
10:41:27.0656 0x068c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:41:27.0777 0x068c  AsyncMac - ok
10:41:27.0814 0x068c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:41:27.0829 0x068c  atapi - ok
10:41:27.0905 0x068c  [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr            C:\Windows\system32\DRIVERS\athr.sys
10:41:28.0007 0x068c  athr - ok
10:41:28.0058 0x068c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:41:28.0136 0x068c  AudioEndpointBuilder - ok
10:41:28.0179 0x068c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:41:28.0231 0x068c  Audiosrv - ok
10:41:28.0280 0x068c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:41:28.0405 0x068c  AxInstSV - ok
10:41:28.0455 0x068c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
10:41:28.0544 0x068c  b06bdrv - ok
10:41:28.0576 0x068c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:41:28.0609 0x068c  b57nd60x - ok
10:41:28.0645 0x068c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
10:41:28.0714 0x068c  BDESVC - ok
10:41:28.0731 0x068c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:41:28.0792 0x068c  Beep - ok
10:41:28.0850 0x068c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
10:41:28.0944 0x068c  BFE - ok
10:41:29.0021 0x068c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
10:41:29.0117 0x068c  BITS - ok
10:41:29.0146 0x068c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:41:29.0197 0x068c  blbdrive - ok
10:41:29.0240 0x068c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:41:29.0304 0x068c  bowser - ok
10:41:29.0326 0x068c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:41:29.0364 0x068c  BrFiltLo - ok
10:41:29.0408 0x068c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:41:29.0444 0x068c  BrFiltUp - ok
10:41:29.0487 0x068c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
10:41:29.0568 0x068c  Browser - ok
10:41:29.0612 0x068c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:41:29.0680 0x068c  Brserid - ok
10:41:29.0703 0x068c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:41:29.0755 0x068c  BrSerWdm - ok
10:41:29.0767 0x068c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:41:29.0822 0x068c  BrUsbMdm - ok
10:41:29.0833 0x068c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:41:29.0888 0x068c  BrUsbSer - ok
10:41:29.0919 0x068c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:41:29.0940 0x068c  BTHMODEM - ok
10:41:29.0986 0x068c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
10:41:30.0033 0x068c  bthserv - ok
10:41:30.0065 0x068c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:41:30.0157 0x068c  cdfs - ok
10:41:30.0203 0x068c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:41:30.0256 0x068c  cdrom - ok
10:41:30.0306 0x068c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:41:30.0364 0x068c  CertPropSvc - ok
10:41:30.0409 0x068c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:41:30.0431 0x068c  circlass - ok
10:41:30.0481 0x068c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
10:41:30.0522 0x068c  CLFS - ok
10:41:30.0580 0x068c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:41:30.0604 0x068c  clr_optimization_v2.0.50727_32 - ok
10:41:30.0636 0x068c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:41:30.0684 0x068c  clr_optimization_v4.0.30319_32 - ok
10:41:30.0719 0x068c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:41:30.0737 0x068c  CmBatt - ok
10:41:30.0766 0x068c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:41:30.0796 0x068c  cmdide - ok
10:41:30.0853 0x068c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
10:41:30.0972 0x068c  CNG - ok
10:41:30.0996 0x068c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:41:31.0011 0x068c  Compbatt - ok
10:41:31.0041 0x068c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:41:31.0078 0x068c  CompositeBus - ok
10:41:31.0090 0x068c  COMSysApp - ok
10:41:31.0118 0x068c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:41:31.0136 0x068c  crcdisk - ok
10:41:31.0175 0x068c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:41:31.0255 0x068c  CryptSvc - ok
10:41:31.0308 0x068c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:41:31.0373 0x068c  DcomLaunch - ok
10:41:31.0417 0x068c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
10:41:31.0478 0x068c  defragsvc - ok
10:41:31.0515 0x068c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:41:31.0578 0x068c  DfsC - ok
10:41:31.0633 0x068c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:41:31.0677 0x068c  Dhcp - ok
10:41:31.0702 0x068c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
10:41:31.0791 0x068c  discache - ok
10:41:31.0819 0x068c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:41:31.0837 0x068c  Disk - ok
10:41:31.0875 0x068c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:41:31.0938 0x068c  Dnscache - ok
10:41:31.0979 0x068c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:41:32.0037 0x068c  dot3svc - ok
10:41:32.0085 0x068c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
10:41:32.0157 0x068c  DPS - ok
10:41:32.0198 0x068c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:41:32.0250 0x068c  drmkaud - ok
10:41:32.0315 0x068c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:41:32.0356 0x068c  DXGKrnl - ok
10:41:32.0416 0x068c  [ CECB58460674339202F79BA1345D8527, 1032E726D64C3432704FE90A7B63A37E854A83389AD3A997C0916628C452F71F ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
10:41:32.0440 0x068c  eamonm - ok
10:41:32.0478 0x068c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
10:41:32.0529 0x068c  EapHost - ok
10:41:32.0676 0x068c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
10:41:32.0874 0x068c  ebdrv - ok
10:41:32.0932 0x068c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
10:41:32.0991 0x068c  EFS - ok
10:41:33.0044 0x068c  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
10:41:33.0066 0x068c  ehdrv - ok
10:41:33.0194 0x068c  [ F1DB56A7C59278DC68DE7DBFE9F6C73B, B3E07DCF52D227BD4C22EDE5B895BC338A8F1EA4C86C1358EAC065454D80E76C ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
10:41:33.0260 0x068c  ekrn - ok
10:41:33.0318 0x068c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:41:33.0349 0x068c  elxstor - ok
10:41:33.0414 0x068c  [ 4B6B2C930CD076F8BDEE683512EE05E8, 37C1182044047FBB98E208C8CFF36BDB47F1617A57F7F7B2331E0F7BDD0A653D ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
10:41:33.0439 0x068c  epfw - ok
10:41:33.0485 0x068c  [ BDC856F11F2A8F4C9B4A59B29A33569B, ADD91A760F57C73FE6574EABBCB2F3F897A45C8DD0DE26BBFF2CCD5891FDBA6C ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
10:41:33.0500 0x068c  EpfwLWF - ok
10:41:33.0531 0x068c  [ 6EB4485DDAFCA013D35ED4E158ADE05B, FCB62340EF7E4472BDA04C97FB9DD68E79A06606CFB6C1CE93DDFFFDE1E44D06 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
10:41:33.0553 0x068c  epfwwfp - ok
10:41:33.0590 0x068c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:41:33.0622 0x068c  ErrDev - ok
10:41:33.0692 0x068c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
10:41:33.0775 0x068c  EventSystem - ok
10:41:33.0817 0x068c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:41:33.0883 0x068c  exfat - ok
10:41:33.0911 0x068c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:41:33.0971 0x068c  fastfat - ok
10:41:34.0040 0x068c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
10:41:34.0134 0x068c  Fax - ok
10:41:34.0167 0x068c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:41:34.0202 0x068c  fdc - ok
10:41:34.0230 0x068c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
10:41:34.0277 0x068c  fdPHost - ok
10:41:34.0308 0x068c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:41:34.0364 0x068c  FDResPub - ok
10:41:34.0391 0x068c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:41:34.0421 0x068c  FileInfo - ok
10:41:34.0447 0x068c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:41:34.0488 0x068c  Filetrace - ok
10:41:34.0520 0x068c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:41:34.0566 0x068c  flpydisk - ok
10:41:34.0598 0x068c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:41:34.0621 0x068c  FltMgr - ok
10:41:34.0687 0x068c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
10:41:34.0786 0x068c  FontCache - ok
10:41:34.0851 0x068c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:41:34.0924 0x068c  FontCache3.0.0.0 - ok
10:41:34.0960 0x068c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:41:34.0994 0x068c  FsDepends - ok
10:41:35.0031 0x068c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:41:35.0053 0x068c  Fs_Rec - ok
10:41:35.0084 0x068c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:41:35.0116 0x068c  fvevol - ok
10:41:35.0143 0x068c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:41:35.0162 0x068c  gagp30kx - ok
10:41:35.0220 0x068c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:41:35.0299 0x068c  gpsvc - ok
10:41:35.0363 0x068c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:41:35.0383 0x068c  gupdate - ok
10:41:35.0397 0x068c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:41:35.0410 0x068c  gupdatem - ok
10:41:35.0436 0x068c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:41:35.0518 0x068c  hcw85cir - ok
10:41:35.0563 0x068c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:41:35.0614 0x068c  HdAudAddService - ok
10:41:35.0642 0x068c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:41:35.0666 0x068c  HDAudBus - ok
10:41:35.0695 0x068c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:41:35.0725 0x068c  HidBatt - ok
10:41:35.0750 0x068c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:41:35.0802 0x068c  HidBth - ok
10:41:35.0835 0x068c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:41:35.0876 0x068c  HidIr - ok
10:41:35.0908 0x068c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
10:41:35.0974 0x068c  hidserv - ok
10:41:36.0005 0x068c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:41:36.0046 0x068c  HidUsb - ok
10:41:36.0086 0x068c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:41:36.0139 0x068c  hkmsvc - ok
10:41:36.0183 0x068c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:41:36.0265 0x068c  HomeGroupListener - ok
10:41:36.0318 0x068c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:41:36.0381 0x068c  HomeGroupProvider - ok
10:41:36.0418 0x068c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:41:36.0436 0x068c  HpSAMD - ok
10:41:36.0488 0x068c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:41:36.0551 0x068c  HTTP - ok
10:41:36.0580 0x068c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:41:36.0609 0x068c  hwpolicy - ok
10:41:36.0642 0x068c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:41:36.0680 0x068c  i8042prt - ok
10:41:36.0723 0x068c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:41:36.0750 0x068c  iaStorV - ok
10:41:36.0835 0x068c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:41:36.0888 0x068c  idsvc - ok
10:41:37.0186 0x068c  [ 36CC40B02AE593D6152AC8BD657720AF, 4AE1417A762EA3B00D49B721D5E147FA741D416DC4617BFBB21BD2EF1F81F057 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
10:41:37.0571 0x068c  igfx - ok
10:41:37.0670 0x068c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:41:37.0686 0x068c  iirsp - ok
10:41:37.0739 0x068c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:41:37.0814 0x068c  IKEEXT - ok
10:41:37.0856 0x068c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:41:37.0890 0x068c  intelide - ok
10:41:37.0923 0x068c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:41:37.0960 0x068c  intelppm - ok
10:41:38.0000 0x068c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:41:38.0065 0x068c  IPBusEnum - ok
10:41:38.0095 0x068c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:41:38.0150 0x068c  IpFilterDriver - ok
10:41:38.0201 0x068c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:41:38.0313 0x068c  iphlpsvc - ok
10:41:38.0362 0x068c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:41:38.0405 0x068c  IPMIDRV - ok
10:41:38.0449 0x068c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:41:38.0484 0x068c  IPNAT - ok
10:41:38.0506 0x068c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:41:38.0549 0x068c  IRENUM - ok
10:41:38.0578 0x068c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:41:38.0593 0x068c  isapnp - ok
10:41:38.0633 0x068c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:41:38.0660 0x068c  iScsiPrt - ok
10:41:38.0695 0x068c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:41:38.0724 0x068c  kbdclass - ok
10:41:38.0770 0x068c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:41:38.0810 0x068c  kbdhid - ok
10:41:38.0843 0x068c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
10:41:38.0861 0x068c  KeyIso - ok
10:41:38.0895 0x068c  [ 4476FE98AAF505ACDCD3EE6360AABEC1, 1573C5B9F1B12FEEE6D771AFF8969FB9D06878B1E0BECCD4AF13DA9F194FB256 ] KMWDFILTERx86   C:\Windows\system32\DRIVERS\KMWDFILTER.sys
10:41:38.0921 0x068c  KMWDFILTERx86 - ok
10:41:38.0961 0x068c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:41:39.0002 0x068c  KSecDD - ok
10:41:39.0030 0x068c  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:41:39.0052 0x068c  KSecPkg - ok
10:41:39.0100 0x068c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:41:39.0191 0x068c  KtmRm - ok
10:41:39.0239 0x068c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:41:39.0293 0x068c  LanmanServer - ok
10:41:39.0335 0x068c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:41:39.0390 0x068c  LanmanWorkstation - ok
10:41:39.0443 0x068c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:41:39.0479 0x068c  lltdio - ok
10:41:39.0509 0x068c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:41:39.0589 0x068c  lltdsvc - ok
10:41:39.0620 0x068c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:41:39.0652 0x068c  lmhosts - ok
10:41:39.0679 0x068c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:41:39.0704 0x068c  LSI_FC - ok
10:41:39.0719 0x068c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:41:39.0738 0x068c  LSI_SAS - ok
10:41:39.0764 0x068c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:41:39.0792 0x068c  LSI_SAS2 - ok
10:41:39.0822 0x068c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:41:39.0841 0x068c  LSI_SCSI - ok
10:41:39.0897 0x068c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:41:39.0935 0x068c  luafv - ok
10:41:39.0979 0x068c  [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:41:39.0992 0x068c  MBAMProtector - ok
10:41:40.0113 0x068c  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
10:41:40.0256 0x068c  MBAMScheduler - ok
10:41:40.0323 0x068c  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
10:41:40.0366 0x068c  MBAMService - ok
10:41:40.0431 0x068c  [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:41:40.0458 0x068c  MBAMSwissArmy - ok
10:41:40.0493 0x068c  [ BD27D97297934FD4217A37FD28A7ABC7, 446F3D6D278A4B3B79B331AA325632FD038952E5E910FC927894E9171A623794 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:41:40.0515 0x068c  MBAMWebAccessControl - ok
10:41:40.0554 0x068c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:41:40.0571 0x068c  megasas - ok
10:41:40.0601 0x068c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:41:40.0624 0x068c  MegaSR - ok
10:41:40.0664 0x068c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
10:41:40.0716 0x068c  MMCSS - ok
10:41:40.0746 0x068c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
10:41:40.0799 0x068c  Modem - ok
10:41:40.0831 0x068c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:41:40.0865 0x068c  monitor - ok
10:41:40.0888 0x068c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:41:40.0904 0x068c  mouclass - ok
10:41:40.0945 0x068c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:41:40.0985 0x068c  mouhid - ok
10:41:41.0018 0x068c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:41:41.0051 0x068c  mountmgr - ok
10:41:41.0108 0x068c  [ BB043184864B06FCE2C307E405E8D649, ADA823CB213CCD47C11CD271465397076B36475F6F4667BB5421D3754F7FD382 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:41:41.0127 0x068c  MozillaMaintenance - ok
10:41:41.0164 0x068c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:41:41.0183 0x068c  mpio - ok
10:41:41.0220 0x068c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:41:41.0274 0x068c  mpsdrv - ok
10:41:41.0343 0x068c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:41:41.0420 0x068c  MpsSvc - ok
10:41:41.0466 0x068c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:41:41.0568 0x068c  MRxDAV - ok
10:41:41.0610 0x068c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:41:41.0668 0x068c  mrxsmb - ok
10:41:41.0705 0x068c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:41:41.0743 0x068c  mrxsmb10 - ok
10:41:41.0758 0x068c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:41:41.0792 0x068c  mrxsmb20 - ok
10:41:41.0815 0x068c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:41:41.0846 0x068c  msahci - ok
10:41:41.0878 0x068c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:41:41.0901 0x068c  msdsm - ok
10:41:41.0956 0x068c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
10:41:41.0996 0x068c  MSDTC - ok
10:41:42.0043 0x068c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:41:42.0076 0x068c  Msfs - ok
10:41:42.0101 0x068c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:41:42.0138 0x068c  mshidkmdf - ok
10:41:42.0156 0x068c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:41:42.0179 0x068c  msisadrv - ok
10:41:42.0224 0x068c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:41:42.0297 0x068c  MSiSCSI - ok
10:41:42.0309 0x068c  msiserver - ok
10:41:42.0346 0x068c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:41:42.0379 0x068c  MSKSSRV - ok
10:41:42.0401 0x068c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:41:42.0451 0x068c  MSPCLOCK - ok
10:41:42.0487 0x068c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:41:42.0538 0x068c  MSPQM - ok
10:41:42.0566 0x068c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:41:42.0587 0x068c  MsRPC - ok
10:41:42.0624 0x068c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:41:42.0641 0x068c  mssmbios - ok
10:41:42.0666 0x068c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:41:42.0699 0x068c  MSTEE - ok
10:41:42.0726 0x068c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:41:42.0767 0x068c  MTConfig - ok
10:41:42.0793 0x068c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:41:42.0810 0x068c  Mup - ok
10:41:42.0851 0x068c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
10:41:42.0909 0x068c  napagent - ok
10:41:42.0950 0x068c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:41:43.0053 0x068c  NativeWifiP - ok
10:41:43.0120 0x068c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:41:43.0166 0x068c  NDIS - ok
10:41:43.0197 0x068c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:41:43.0254 0x068c  NdisCap - ok
10:41:43.0276 0x068c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:41:43.0323 0x068c  NdisTapi - ok
10:41:43.0360 0x068c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:41:43.0401 0x068c  Ndisuio - ok
10:41:43.0435 0x068c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:41:43.0503 0x068c  NdisWan - ok
10:41:43.0536 0x068c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:41:43.0585 0x068c  NDProxy - ok
10:41:43.0623 0x068c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:41:43.0666 0x068c  NetBIOS - ok
10:41:43.0704 0x068c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:41:43.0743 0x068c  NetBT - ok
10:41:43.0767 0x068c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
10:41:43.0788 0x068c  Netlogon - ok
10:41:43.0839 0x068c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
10:41:43.0905 0x068c  Netman - ok
10:41:43.0953 0x068c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:41:43.0997 0x068c  NetMsmqActivator - ok
10:41:44.0011 0x068c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:41:44.0043 0x068c  NetPipeActivator - ok
10:41:44.0084 0x068c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
10:41:44.0154 0x068c  netprofm - ok
10:41:44.0170 0x068c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:41:44.0191 0x068c  NetTcpActivator - ok
10:41:44.0205 0x068c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:41:44.0226 0x068c  NetTcpPortSharing - ok
10:41:44.0263 0x068c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:41:44.0292 0x068c  nfrd960 - ok
10:41:44.0339 0x068c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:41:44.0379 0x068c  NlaSvc - ok
10:41:44.0412 0x068c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:41:44.0448 0x068c  Npfs - ok
10:41:44.0478 0x068c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
10:41:44.0528 0x068c  nsi - ok
10:41:44.0569 0x068c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:41:44.0621 0x068c  nsiproxy - ok
10:41:44.0712 0x068c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:41:44.0800 0x068c  Ntfs - ok
10:41:44.0840 0x068c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
10:41:44.0898 0x068c  Null - ok
10:41:44.0935 0x068c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:41:44.0955 0x068c  nvraid - ok
10:41:44.0979 0x068c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:41:45.0009 0x068c  nvstor - ok
10:41:45.0030 0x068c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:41:45.0048 0x068c  nv_agp - ok
10:41:45.0067 0x068c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:41:45.0099 0x068c  ohci1394 - ok
10:41:45.0154 0x068c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:41:45.0248 0x068c  p2pimsvc - ok
10:41:45.0280 0x068c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:41:45.0312 0x068c  p2psvc - ok
10:41:45.0341 0x068c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:41:45.0384 0x068c  Parport - ok
10:41:45.0432 0x068c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:41:45.0457 0x068c  partmgr - ok
10:41:45.0482 0x068c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:41:45.0520 0x068c  Parvdm - ok
10:41:45.0563 0x068c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:41:45.0591 0x068c  PcaSvc - ok
10:41:45.0616 0x068c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
10:41:45.0637 0x068c  pci - ok
10:41:45.0661 0x068c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:41:45.0677 0x068c  pciide - ok
10:41:45.0716 0x068c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:45.0738 0x068c  pcmcia - ok
10:41:45.0753 0x068c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:41:45.0775 0x068c  pcw - ok
10:41:45.0823 0x068c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:41:45.0919 0x068c  PEAUTH - ok
10:41:46.0061 0x068c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
10:41:46.0246 0x068c  pla - ok
10:41:46.0305 0x068c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:41:46.0364 0x068c  PlugPlay - ok
10:41:46.0393 0x068c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:41:46.0430 0x068c  PNRPAutoReg - ok
10:41:46.0464 0x068c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:41:46.0492 0x068c  PNRPsvc - ok
10:41:46.0541 0x068c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:41:46.0602 0x068c  PolicyAgent - ok
10:41:46.0647 0x068c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
10:41:46.0682 0x068c  Power - ok
10:41:46.0745 0x068c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:41:46.0799 0x068c  PptpMiniport - ok
10:41:46.0823 0x068c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:41:46.0900 0x068c  Processor - ok
10:41:46.0942 0x068c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:41:47.0039 0x068c  ProfSvc - ok
10:41:47.0066 0x068c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:41:47.0083 0x068c  ProtectedStorage - ok
10:41:47.0105 0x068c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:41:47.0143 0x068c  Psched - ok
10:41:47.0225 0x068c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:41:47.0295 0x068c  ql2300 - ok
10:41:47.0320 0x068c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:41:47.0339 0x068c  ql40xx - ok
10:41:47.0378 0x068c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
10:41:47.0451 0x068c  QWAVE - ok
10:41:47.0493 0x068c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:41:47.0515 0x068c  QWAVEdrv - ok
10:41:47.0538 0x068c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:41:47.0593 0x068c  RasAcd - ok
10:41:47.0627 0x068c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:47.0708 0x068c  RasAgileVpn - ok
10:41:47.0754 0x068c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
10:41:47.0790 0x068c  RasAuto - ok
10:41:47.0821 0x068c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:47.0855 0x068c  Rasl2tp - ok
10:41:47.0904 0x068c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
10:41:47.0962 0x068c  RasMan - ok
10:41:47.0977 0x068c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:48.0012 0x068c  RasPppoe - ok
10:41:48.0059 0x068c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:41:48.0103 0x068c  RasSstp - ok
10:41:48.0141 0x068c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:41:48.0200 0x068c  rdbss - ok
10:41:48.0232 0x068c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:48.0266 0x068c  rdpbus - ok
10:41:48.0300 0x068c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:48.0364 0x068c  RDPCDD - ok
10:41:48.0410 0x068c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:41:48.0452 0x068c  RDPENCDD - ok
10:41:48.0503 0x068c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:41:48.0551 0x068c  RDPREFMP - ok
10:41:48.0601 0x068c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:41:48.0673 0x068c  RdpVideoMiniport - ok
10:41:48.0712 0x068c  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:41:48.0789 0x068c  RDPWD - ok
10:41:48.0830 0x068c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:41:48.0852 0x068c  rdyboost - ok
10:41:48.0898 0x068c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:41:48.0949 0x068c  RemoteAccess - ok
10:41:48.0986 0x068c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:41:49.0051 0x068c  RemoteRegistry - ok
10:41:49.0095 0x068c  [ B9BB8E2093C1615AD6EA55AD96214354, 57A2EEA52E2A670B712C4446F1A6379D1B79454A09A7B79455CA08894FD4B21F ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
10:41:49.0131 0x068c  Revoflt - ok
10:41:49.0165 0x068c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:41:49.0231 0x068c  RpcEptMapper - ok
10:41:49.0274 0x068c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
10:41:49.0312 0x068c  RpcLocator - ok
10:41:49.0353 0x068c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
10:41:49.0398 0x068c  RpcSs - ok
10:41:49.0435 0x068c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:41:49.0501 0x068c  rspndr - ok
10:41:49.0532 0x068c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
10:41:49.0550 0x068c  SamSs - ok
10:41:49.0595 0x068c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:41:49.0621 0x068c  sbp2port - ok
10:41:49.0660 0x068c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:41:49.0755 0x068c  SCardSvr - ok
10:41:49.0786 0x068c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:41:49.0836 0x068c  scfilter - ok
10:41:49.0909 0x068c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
10:41:50.0017 0x068c  Schedule - ok
10:41:50.0051 0x068c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:41:50.0083 0x068c  SCPolicySvc - ok
10:41:50.0133 0x068c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:41:50.0231 0x068c  SDRSVC - ok
10:41:50.0263 0x068c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:41:50.0307 0x068c  secdrv - ok
10:41:50.0345 0x068c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
10:41:50.0396 0x068c  seclogon - ok
10:41:50.0429 0x068c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
10:41:50.0477 0x068c  SENS - ok
10:41:50.0522 0x068c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:41:50.0635 0x068c  SensrSvc - ok
10:41:50.0656 0x068c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:41:50.0692 0x068c  Serenum - ok
10:41:50.0734 0x068c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:41:50.0772 0x068c  Serial - ok
10:41:50.0812 0x068c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:41:50.0830 0x068c  sermouse - ok
10:41:50.0896 0x068c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:41:50.0949 0x068c  SessionEnv - ok
10:41:50.0990 0x068c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:41:51.0022 0x068c  sffdisk - ok
10:41:51.0049 0x068c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:41:51.0076 0x068c  sffp_mmc - ok
10:41:51.0100 0x068c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:41:51.0126 0x068c  sffp_sd - ok
10:41:51.0154 0x068c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:41:51.0210 0x068c  sfloppy - ok
10:41:51.0264 0x068c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:41:51.0328 0x068c  SharedAccess - ok
10:41:51.0380 0x068c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:41:51.0444 0x068c  ShellHWDetection - ok
10:41:51.0482 0x068c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:41:51.0498 0x068c  sisagp - ok
10:41:51.0530 0x068c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:41:51.0547 0x068c  SiSRaid2 - ok
10:41:51.0576 0x068c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:41:51.0593 0x068c  SiSRaid4 - ok
10:41:51.0609 0x068c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:41:51.0676 0x068c  Smb - ok
10:41:51.0719 0x068c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:41:51.0759 0x068c  SNMPTRAP - ok
10:41:51.0782 0x068c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:41:51.0814 0x068c  spldr - ok
10:41:51.0853 0x068c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
10:41:51.0917 0x068c  Spooler - ok
10:41:52.0098 0x068c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
10:41:52.0297 0x068c  sppsvc - ok
10:41:52.0425 0x068c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:41:52.0499 0x068c  sppuinotify - ok
10:41:52.0549 0x068c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:41:52.0655 0x068c  srv - ok
10:41:52.0676 0x068c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:41:52.0719 0x068c  srv2 - ok
10:41:52.0735 0x068c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:41:52.0756 0x068c  srvnet - ok
10:41:52.0793 0x068c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:41:52.0848 0x068c  SSDPSRV - ok
10:41:52.0873 0x068c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:41:52.0931 0x068c  SstpSvc - ok
10:41:52.0969 0x068c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:41:52.0990 0x068c  stexstor - ok
10:41:53.0045 0x068c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:41:53.0118 0x068c  StiSvc - ok
10:41:53.0152 0x068c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:41:53.0179 0x068c  swenum - ok
10:41:53.0218 0x068c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
10:41:53.0261 0x068c  swprv - ok
10:41:53.0329 0x068c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
10:41:53.0402 0x068c  SysMain - ok
10:41:53.0437 0x068c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:41:53.0477 0x068c  TabletInputService - ok
10:41:53.0531 0x068c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:41:53.0570 0x068c  TapiSrv - ok
10:41:53.0606 0x068c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
10:41:53.0660 0x068c  TBS - ok
10:41:53.0738 0x068c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:41:53.0814 0x068c  Tcpip - ok
10:41:53.0872 0x068c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:41:53.0926 0x068c  TCPIP6 - ok
10:41:54.0004 0x068c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:41:54.0042 0x068c  tcpipreg - ok
10:41:54.0096 0x068c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:41:54.0174 0x068c  TDPIPE - ok
10:41:54.0194 0x068c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:41:54.0212 0x068c  TDTCP - ok
10:41:54.0246 0x068c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:41:54.0298 0x068c  tdx - ok
10:41:54.0334 0x068c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:41:54.0351 0x068c  TermDD - ok
10:41:54.0412 0x068c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
10:41:54.0488 0x068c  TermService - ok
10:41:54.0538 0x068c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
10:41:54.0578 0x068c  Themes - ok
10:41:54.0608 0x068c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:41:54.0644 0x068c  THREADORDER - ok
10:41:54.0663 0x068c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
10:41:54.0718 0x068c  TrkWks - ok
10:41:54.0791 0x068c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:41:54.0830 0x068c  TrustedInstaller - ok
10:41:54.0867 0x068c  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:54.0925 0x068c  tssecsrv - ok
10:41:54.0959 0x068c  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:41:55.0008 0x068c  TsUsbFlt - ok
10:41:55.0047 0x068c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:41:55.0097 0x068c  tunnel - ok
10:41:55.0134 0x068c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:41:55.0157 0x068c  uagp35 - ok
10:41:55.0188 0x068c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:41:55.0241 0x068c  udfs - ok
10:41:55.0288 0x068c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:41:55.0327 0x068c  UI0Detect - ok
10:41:55.0351 0x068c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:41:55.0370 0x068c  uliagpkx - ok
10:41:55.0413 0x068c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:41:55.0439 0x068c  umbus - ok
10:41:55.0474 0x068c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:41:55.0493 0x068c  UmPass - ok
10:41:55.0529 0x068c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
10:41:55.0589 0x068c  upnphost - ok
10:41:55.0635 0x068c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:55.0705 0x068c  usbccgp - ok
10:41:55.0748 0x068c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:41:55.0799 0x068c  usbcir - ok
10:41:55.0827 0x068c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:41:55.0858 0x068c  usbehci - ok
10:41:55.0899 0x068c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:41:55.0957 0x068c  usbhub - ok
10:41:55.0993 0x068c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:41:56.0012 0x068c  usbohci - ok
10:41:56.0047 0x068c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:41:56.0079 0x068c  usbprint - ok
10:41:56.0109 0x068c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:56.0179 0x068c  USBSTOR - ok
10:41:56.0214 0x068c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:56.0272 0x068c  usbuhci - ok
10:41:56.0321 0x068c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
10:41:56.0384 0x068c  UxSms - ok
10:41:56.0410 0x068c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
10:41:56.0430 0x068c  VaultSvc - ok
10:41:56.0460 0x068c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:41:56.0483 0x068c  vdrvroot - ok
10:41:56.0534 0x068c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
10:41:56.0586 0x068c  vds - ok
10:41:56.0631 0x068c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:56.0665 0x068c  vga - ok
10:41:56.0695 0x068c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:41:56.0735 0x068c  VgaSave - ok
10:41:56.0767 0x068c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:41:56.0794 0x068c  vhdmp - ok
10:41:56.0815 0x068c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:41:56.0833 0x068c  viaagp - ok
10:41:56.0851 0x068c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
10:41:56.0902 0x068c  ViaC7 - ok
10:41:56.0937 0x068c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:41:56.0952 0x068c  viaide - ok
10:41:56.0984 0x068c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:41:57.0002 0x068c  volmgr - ok
10:41:57.0025 0x068c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:41:57.0051 0x068c  volmgrx - ok
10:41:57.0073 0x068c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:41:57.0099 0x068c  volsnap - ok
10:41:57.0118 0x068c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:41:57.0151 0x068c  vsmraid - ok
10:41:57.0231 0x068c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
10:41:57.0324 0x068c  VSS - ok
10:41:57.0351 0x068c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:41:57.0391 0x068c  vwifibus - ok
10:41:57.0433 0x068c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:41:57.0456 0x068c  vwififlt - ok
10:41:57.0504 0x068c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
10:41:57.0575 0x068c  W32Time - ok
10:41:57.0604 0x068c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:41:57.0638 0x068c  WacomPen - ok
10:41:57.0678 0x068c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:41:57.0711 0x068c  WANARP - ok
10:41:57.0727 0x068c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:41:57.0760 0x068c  Wanarpv6 - ok
10:41:57.0828 0x068c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
10:41:57.0935 0x068c  wbengine - ok
10:41:57.0983 0x068c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:41:58.0028 0x068c  WbioSrvc - ok
10:41:58.0084 0x068c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:41:58.0130 0x068c  wcncsvc - ok
10:41:58.0158 0x068c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:41:58.0244 0x068c  WcsPlugInService - ok
10:41:58.0283 0x068c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:41:58.0298 0x068c  Wd - ok
10:41:58.0354 0x068c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:41:58.0393 0x068c  Wdf01000 - ok
10:41:58.0423 0x068c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:41:58.0562 0x068c  WdiServiceHost - ok
10:41:58.0575 0x068c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:41:58.0599 0x068c  WdiSystemHost - ok
10:41:58.0639 0x068c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
10:41:58.0676 0x068c  WebClient - ok
10:41:58.0717 0x068c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:41:58.0762 0x068c  Wecsvc - ok
10:41:58.0783 0x068c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:41:58.0846 0x068c  wercplsupport - ok
10:41:58.0882 0x068c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
10:41:58.0928 0x068c  WerSvc - ok
10:41:58.0969 0x068c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:59.0007 0x068c  WfpLwf - ok
10:41:59.0026 0x068c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:41:59.0042 0x068c  WIMMount - ok
10:41:59.0122 0x068c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:41:59.0241 0x068c  WinDefend - ok
10:41:59.0268 0x068c  WinHttpAutoProxySvc - ok
10:41:59.0339 0x068c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:41:59.0406 0x068c  Winmgmt - ok
10:41:59.0482 0x068c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
10:41:59.0576 0x068c  WinRM - ok
10:41:59.0636 0x068c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:41:59.0670 0x068c  WinUsb - ok
10:41:59.0739 0x068c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:41:59.0809 0x068c  Wlansvc - ok
10:41:59.0864 0x068c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:41:59.0896 0x068c  WmiAcpi - ok
10:41:59.0938 0x068c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:41:59.0983 0x068c  wmiApSrv - ok
10:42:00.0076 0x068c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:42:00.0202 0x068c  WMPNetworkSvc - ok
10:42:00.0248 0x068c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:42:00.0351 0x068c  WPCSvc - ok
10:42:00.0395 0x068c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:42:00.0460 0x068c  WPDBusEnum - ok
10:42:00.0486 0x068c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:42:00.0538 0x068c  ws2ifsl - ok
10:42:00.0573 0x068c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:42:00.0633 0x068c  wscsvc - ok
10:42:00.0646 0x068c  WSearch - ok
10:42:00.0756 0x068c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
10:42:00.0839 0x068c  wuauserv - ok
10:42:00.0885 0x068c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:42:00.0942 0x068c  WudfPf - ok
10:42:00.0967 0x068c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:01.0005 0x068c  WUDFRd - ok
10:42:01.0030 0x068c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:42:01.0080 0x068c  wudfsvc - ok
10:42:01.0122 0x068c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:42:01.0178 0x068c  WwanSvc - ok
10:42:01.0205 0x068c  ================ Scan global ===============================
10:42:01.0277 0x068c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:42:01.0332 0x068c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:01.0362 0x068c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:01.0395 0x068c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:42:01.0434 0x068c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:42:01.0444 0x068c  [ Global ] - ok
10:42:01.0448 0x068c  ================ Scan MBR ==================================
10:42:01.0461 0x068c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:02.0054 0x068c  \Device\Harddisk0\DR0 - ok
10:42:02.0058 0x068c  ================ Scan VBR ==================================
10:42:02.0063 0x068c  [ E14BA6C20651D2B67F4B7C06FC0DE2B3 ] \Device\Harddisk0\DR0\Partition1
10:42:02.0064 0x068c  \Device\Harddisk0\DR0\Partition1 - ok
10:42:02.0073 0x068c  [ BBE3F8235CF164F75216778D7D27A591 ] \Device\Harddisk0\DR0\Partition2
10:42:02.0075 0x068c  \Device\Harddisk0\DR0\Partition2 - ok
10:42:02.0079 0x068c  ================ Scan generic autorun ======================
10:42:02.0487 0x068c  [ 0F01BAC5042F046553D2EC0EE5E52B81, A6C694F037CDFF7FB6A39AB48174B6071CF091A94FB916BB107AE3EC12AD8D35 ] C:\Program Files\ESET\ESET Smart Security\egui.exe
10:42:02.0738 0x068c  egui - ok
10:42:02.0827 0x068c  Sidebar - ok
10:42:02.0858 0x068c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
10:42:02.0917 0x068c  mctadmin - ok
10:42:02.0922 0x068c  Sidebar - ok
10:42:02.0935 0x068c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
10:42:02.0958 0x068c  mctadmin - ok
10:42:02.0963 0x068c  Waiting for KSN requests completion. In queue: 53
10:42:03.0963 0x068c  Waiting for KSN requests completion. In queue: 53
10:42:04.0963 0x068c  Waiting for KSN requests completion. In queue: 53
10:42:06.0709 0x068c  AV detected via SS2: ESET Smart Security 7.0, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 7.0.317.0 ), 0x41000 ( enabled : updated )
10:42:06.0741 0x068c  FW detected via SS2: ESET Personal Firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 7.0.317.0 ), 0x41010 ( enabled )
10:42:09.0205 0x068c  ============================================================
10:42:09.0205 0x068c  Scan finished
10:42:09.0205 0x068c  ============================================================
10:42:09.0241 0x02ec  Detected object count: 0
10:42:09.0241 0x02ec  Actual detected object count: 0
         
__________________

Alt 01.09.2014, 21:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



hi,


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2014, 00:14   #5
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Code:
ATTFilter
ComboFix 14-08-31.01 - ---- 02.09.2014   0:52.1.1 - x86
  6.1.7601.1.1252.49.1031.18.953.520 [GMT 2:00]
ausgeführt von:: c:\users\----\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1409608566.bdinstall.bin
c:\programdata\1409609377.bdinstall.bin
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\N0RDx.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\Fr7.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\FF_aZ7tD.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\N0RDx.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\Fr7.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\FF_aZ7tD.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\N0RDx.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\Fr7.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\FF_aZ7tD.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika\2.1\N0RDx.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\Fr7.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\FF_aZ7tD.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal\5.14\lsdb.js
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-01 bis 2014-09-01  ))))))))))))))))))))))))))))))
.
.
2014-09-01 22:34 . 2014-09-01 22:34	--------	d-----w-	c:\users\----\AppData\Roaming\AVAST Software
2014-09-01 17:02 . 2014-09-01 22:10	--------	d-----w-	c:\programdata\Bitdefender
2014-09-01 11:12 . 2014-09-01 11:25	--------	d-----w-	c:\programdata\BDLogging
2014-09-01 11:12 . 2007-04-11 09:11	511328	----a-w-	c:\windows\capicom.dll
2014-09-01 11:05 . 2014-09-01 22:11	--------	d-----w-	c:\program files\Bitdefender
2014-09-01 11:03 . 2014-09-01 11:03	--------	d-----w-	c:\users\----\AppData\Roaming\QuickScan
2014-09-01 11:03 . 2014-09-01 22:09	--------	d-----w-	c:\program files\Common Files\Bitdefender
2014-09-01 07:18 . 2014-09-01 07:18	--------	d-----w-	c:\users\----\AppData\Local\VS Revo Group
2014-09-01 07:15 . 2014-09-01 07:18	--------	d-----w-	c:\program files\VS Revo Group
2014-08-31 21:59 . 2014-09-01 01:10	--------	d-----w-	C:\FRST
2014-08-31 20:41 . 2014-09-01 22:31	--------	d-----w-	c:\users\----\AppData\Roaming\vlc
2014-08-31 10:31 . 2014-08-31 10:31	--------	d-----w-	c:\users\----\AppData\Local\VirtualStore
2014-08-31 09:16 . 2014-08-31 09:27	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-31 08:48 . 2014-08-31 08:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2014-08-31 08:25 . 2014-09-01 22:32	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-08-31 08:25 . 2014-08-31 08:48	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-31 08:25 . 2014-08-31 08:25	--------	d-----w-	c:\users\----\AppData\Local\Programs
2014-08-31 08:15 . 2014-08-31 08:15	--------	d-----w-	c:\users\----\AppData\Local\Secunia PSI
2014-08-31 08:15 . 2014-08-31 08:15	--------	d-----w-	c:\program files\Secunia
2014-08-31 06:52 . 2014-09-01 22:31	--------	d-----w-	C:\AdwCleaner
2014-08-31 05:42 . 2014-08-31 05:42	--------	d-----w-	c:\users\----\AppData\Local\ESET
2014-08-31 05:38 . 2014-09-01 09:53	--------	d-----w-	c:\program files\ESET
2014-08-31 05:23 . 2014-08-31 05:23	--------	d-----w-	c:\users\----\AppData\Local\Macromedia
2014-08-31 05:23 . 2014-08-31 05:23	--------	d-----w-	c:\users\----\AppData\Local\Mozilla
2014-08-31 05:21 . 2014-08-31 05:21	--------	d-----w-	c:\users\----\AppData\Local\Google
2014-08-31 04:35 . 2014-08-31 04:35	--------	d-----w-	c:\users\----\AppData\Roaming\TuneUp Software
2014-08-30 18:20 . 2014-08-21 09:24	8581864	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF0E0656-ACB9-4B67-96C0-9971C8D0445D}\mpengine.dll
2014-08-30 15:45 . 2014-09-01 22:35	--------	d-----w-	c:\program files\globalUpdate
2014-08-28 12:11 . 2014-08-23 00:42	2352640	----a-w-	c:\windows\system32\win32k.sys
2014-08-28 12:11 . 2014-08-23 01:46	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-19 07:35 . 2014-05-14 16:23	45536	----a-w-	c:\windows\system32\wups2.dll
2014-08-19 07:35 . 2014-05-14 16:23	54240	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-19 07:34 . 2014-05-14 16:17	2425856	----a-w-	c:\windows\system32\wucltux.dll
2014-08-19 07:34 . 2014-05-14 16:23	1973728	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-19 07:33 . 2014-05-14 16:23	36320	----a-w-	c:\windows\system32\wups.dll
2014-08-19 07:33 . 2014-05-14 16:23	581600	----a-w-	c:\windows\system32\wuapi.dll
2014-08-19 07:33 . 2014-05-14 16:17	92672	----a-w-	c:\windows\system32\wudriver.dll
2014-08-19 07:32 . 2014-05-14 07:23	179656	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-19 07:32 . 2014-05-14 07:17	33792	----a-w-	c:\windows\system32\wuapp.exe
2014-08-14 08:01 . 2014-03-09 21:47	99480	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-14 08:01 . 2014-06-30 22:14	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-14 08:01 . 2014-03-09 21:47	619672	----a-w-	c:\windows\system32\icardagt.exe
2014-08-14 08:01 . 2014-06-06 06:16	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-13 04:14 . 2014-06-03 09:29	2363392	----a-w-	c:\windows\system32\msi.dll
2014-08-13 04:14 . 2014-06-03 09:30	101824	----a-w-	c:\windows\system32\consent.exe
2014-08-13 04:14 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\system32\authui.dll
2014-08-13 04:14 . 2014-06-03 09:29	337408	----a-w-	c:\windows\system32\msihnd.dll
2014-08-13 04:14 . 2014-08-07 01:43	412160	----a-w-	c:\windows\system32\aepdu.dll
2014-08-13 04:14 . 2014-08-07 01:39	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-08-13 04:13 . 2014-07-09 01:29	6144	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-08-13 04:13 . 2014-07-09 01:29	6144	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-08-03 20:54 . 2014-08-03 20:54	--------	d-----w-	c:\users\Default\AppData\Roaming\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 22:35 . 2014-04-13 11:42	414392	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-08-30 17:01 . 2014-04-17 17:16	699568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-08-30 17:01 . 2014-04-17 17:16	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-05 07:20 . 2014-04-12 02:54	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-08-02 12:48 . 2014-04-13 11:42	71944	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-08-02 12:48 . 2014-04-13 11:42	192352	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-08-02 12:48 . 2014-08-02 12:48	43152	----a-w-	c:\windows\avastSS.scr
2014-08-02 12:48 . 2014-05-25 08:44	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-08-02 12:48 . 2014-04-13 11:42	779536	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-08-02 12:48 . 2014-04-13 11:42	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-08-02 12:48 . 2014-04-13 11:42	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-08-02 12:48 . 2014-04-13 11:42	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-08-02 12:48 . 2014-04-13 11:42	276432	----a-w-	c:\windows\system32\aswBoot.exe
2014-08-02 12:48 . 2014-08-02 12:48	38984	----a-w-	c:\windows\system32\drivers\aswTap.sys
2014-07-16 08:24 . 2014-04-11 22:00	36664	----a-w-	c:\windows\system32\TURegOpt.exe
2014-07-16 08:24 . 2014-08-02 13:10	25400	----a-w-	c:\windows\system32\authuitu.dll
2014-07-16 08:24 . 2014-05-03 20:35	36152	----a-w-	c:\windows\system32\uxtuneup.dll
2014-06-18 01:51 . 2014-07-09 13:02	646144	----a-w-	c:\windows\system32\osk.exe
2014-06-07 19:32 . 2014-06-07 19:32	54085656	----a-w-	c:\program files\StarCraft-II-Setup-deDE.exe
2014-06-06 09:44 . 2014-07-09 13:02	509440	----a-w-	c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 13:02	1059840	----a-w-	c:\windows\system32\lsasrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-02 12:48	578240	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-02 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facebook Update"="c:\users\----\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
.
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys [2014-08-02 38984]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-08-30 68608]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-02 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-09-01 414392]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-02 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-02 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-02 71944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2014-07-16 1781048]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2014-02-10 12320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-15 20:31	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-17 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYz0R2lkoUjpKbWdzOg2ZKHKQLMON6lq_L3rYZ0DIU_TiwIJmHtzu_fTOq_lZYV2JvgL_H07fyjzGOWmGmOy9vFfaRkiryw5DCHU22oDC8O_a1hoK6VrstUcLkSVg6I53I,&q={searchTerms}
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\----\AppData\Roaming\Mozilla\Firefox\Profiles\prgkridc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-60a131bb-65e2-40d9-ac04-51b3c5e15108 - c:\progra~2\INSTAL~1\{1012E~1\Setup.exe
AddRemove-YourFileDownloaderUpdater - c:\program files\YourFileDownloader Updater\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-02  01:08:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-01 23:08
.
Vor Suchlauf: 8 Verzeichnis(se), 85.381.849.088 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 84.784.058.368 Bytes frei
.
- - End Of File - - 08D851852338F94194DFBA75867BAD29
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 02.09.2014, 19:24   #6
schrauber
/// the machine
/// TB-Ausbilder
 

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand

Alt 02.09.2014, 22:20   #7
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



so jetzt hab ich alles gemacht

Alt 03.09.2014, 14:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.09.2014, 19:02   #9
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Hier der mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 02.09.2014 22:06:54, SYSTEM, -----, Protection, Malware Protection, Starting, 
Protection, 02.09.2014 22:06:55, SYSTEM, -----, Protection, Malware Protection, Started, 
Protection, 02.09.2014 22:06:55, SYSTEM, -----, Protection, Malicious Website Protection, Starting, 
Update, 02.09.2014 22:07:51, SYSTEM, -----, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, 
Update, 02.09.2014 22:08:27, SYSTEM, -----, Manual, Malware Database, 2014.3.4.9, 2014.9.2.10, 
Protection, 02.09.2014 22:08:50, SYSTEM, -----, Protection, Malicious Website Protection, Started, 
Protection, 02.09.2014 22:09:13, SYSTEM, -----, Protection, Refresh, Starting, 
Protection, 02.09.2014 22:09:13, SYSTEM, -----, Protection, Malicious Website Protection, Stopping, 
Protection, 02.09.2014 22:09:14, SYSTEM, -----, Protection, Malicious Website Protection, Stopped, 
Protection, 02.09.2014 22:10:18, SYSTEM, -----, Protection, Refresh, Success, 
Protection, 02.09.2014 22:10:20, SYSTEM, -----, Protection, Malicious Website Protection, Starting, 
Protection, 02.09.2014 22:10:26, SYSTEM, -----, Protection, Malicious Website Protection, Started, 
Protection, 02.09.2014 22:49:21, SYSTEM, -----, Protection, Malware Protection, Starting, 
Protection, 02.09.2014 22:49:22, SYSTEM, -----, Protection, Malware Protection, Started, 
Protection, 02.09.2014 22:49:23, SYSTEM, -----, Protection, Malicious Website Protection, Starting, 

(end)
         
Hier der AdwCleaner[S0].txt log
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 31/08/2014 um 08:55:46
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ---- - -----
# Gestartet von : C:\Users\----\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[!] Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Program Files\sw-booster
Ordner Gelöscht : C:\Program Files\YourFileDownloader Updater
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpkglciilefjddfdakpffdbhonbbmika
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaanhojhihjibkdhiacdfbocgdgnejok
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\leehfmaobpofmopkcgnalggledlhhmal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0061787.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.18534

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ Datei : C:\Users\----\AppData\Roaming\Mozilla\Firefox\Profiles\rhfk705j.default-1409467192460\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12850 octets] - [31/08/2014 08:53:11]
AdwCleaner[S0].txt - [11581 octets] - [31/08/2014 08:55:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11642 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 02/09/2014 um 22:58:07
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ---- - -----
# Gestartet von : C:\Users\----\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\YourFileDownloader Updater
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.18534


-\\ Mozilla Firefox v

[ Datei : C:\Users\----\AppData\Roaming\Mozilla\Firefox\Profiles\prgkridc.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20925 octets] - [31/08/2014 08:53:11]
AdwCleaner[S0].txt - [19571 octets] - [31/08/2014 08:55:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19632 octets] ##########
         
--- --- ---

dan der jrt.txt
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by ---- on 02.09.2014 at 23:07:45,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.09.2014 at 23:11:11,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

und der FRST.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by ---- (administrator) on ----- on 02-09-2014 23:12:29
Running from C:\Users\----\Desktop\anti V
Platform: Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9839810ACC55CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\----\AppData\Roaming\Mozilla\Firefox\Profiles\prgkridc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\----\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-13]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Aurora\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\----\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (YouTube) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google-Suche) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Google Mail) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-02] (AVAST Software)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-02] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-08-02] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-02] ()
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\----\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:11 - 2014-09-02 23:11 - 00000624 _____ () C:\Users\----\Desktop\JRT.txt
2014-09-02 23:07 - 2014-09-02 23:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 23:02 - 2014-09-02 23:03 - 01016261 _____ (Thisisu) C:\Users\----\Desktop\JRT.exe
2014-09-02 23:01 - 2014-09-02 23:01 - 00019713 _____ () C:\Users\----\Desktop\AdwCleaner[S0].txt
2014-09-02 22:52 - 2014-09-02 22:53 - 01364531 _____ () C:\Users\----\Desktop\adwcleaner_3.308.exe
2014-09-02 22:52 - 2014-09-02 22:52 - 00001493 _____ () C:\Users\----\Desktop\mbam.txt
2014-09-02 22:06 - 2014-09-02 23:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 22:06 - 2014-09-02 22:06 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-02 22:06 - 2014-09-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 22:06 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-02 22:03 - 2014-09-02 22:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\----\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-02 19:27 - 2014-09-02 22:59 - 00005826 _____ () C:\Windows\PFRO.log
2014-09-02 01:08 - 2014-09-02 01:08 - 00020745 _____ () C:\ComboFix.txt
2014-09-02 00:49 - 2014-09-02 01:08 - 00000000 ____D () C:\Qoobox
2014-09-02 00:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 00:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 00:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 00:48 - 2014-09-02 01:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 00:41 - 2014-09-02 00:42 - 05576326 ____R (Swearware) C:\Users\----\Desktop\ComboFix.exe
2014-09-02 00:34 - 2014-09-02 00:34 - 00000000 ____D () C:\Users\----\AppData\Roaming\AVAST Software
2014-09-01 19:02 - 2014-09-02 00:10 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-09-01 16:14 - 2014-09-01 16:14 - 00000000 ____D () C:\Users\----\AppData\Temp
2014-09-01 13:12 - 2014-09-01 13:25 - 00000000 ____D () C:\ProgramData\BDLogging
2014-09-01 13:12 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-09-01 13:05 - 2014-09-02 00:11 - 00000000 ____D () C:\Program Files\Bitdefender
2014-09-01 13:03 - 2014-09-02 00:09 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\Users\----\AppData\Roaming\QuickScan
2014-09-01 11:53 - 2014-09-01 11:53 - 00000000 ____D () C:\ProgramData\ESET
2014-09-01 09:18 - 2014-09-02 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-01 09:18 - 2014-09-01 09:18 - 00000000 ____D () C:\Users\----\AppData\Local\VS Revo Group
2014-09-01 09:15 - 2014-09-01 09:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-01 02:17 - 2014-09-01 02:17 - 00000000 _____ () C:\Users\----\defogger_reenable
2014-08-31 23:59 - 2014-09-02 23:12 - 00000000 ____D () C:\FRST
2014-08-31 22:41 - 2014-09-02 00:31 - 00000000 ____D () C:\Users\----\AppData\Roaming\vlc
2014-08-31 12:31 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\----\AppData\Local\VirtualStore
2014-08-31 11:16 - 2014-08-31 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 10:48 - 2014-08-31 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-31 10:40 - 2014-08-31 10:40 - 00001535 _____ () C:\world of viring.txt
2014-08-31 10:25 - 2014-09-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-31 10:25 - 2014-08-31 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Users\----\AppData\Local\Secunia PSI
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Program Files\Secunia
2014-08-31 09:19 - 2014-09-02 23:12 - 00000000 ____D () C:\Users\----\Desktop\anti V
2014-08-31 09:12 - 2014-08-31 09:12 - 00058016 _____ () C:\Users\----\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:52 - 2014-09-02 22:58 - 00000000 ____D () C:\AdwCleaner
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Roaming\ESET
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Local\ESET
2014-08-31 07:38 - 2014-09-01 11:53 - 00000000 ____D () C:\Program Files\ESET
2014-08-31 07:30 - 2014-08-31 07:30 - 01595776 _____ (ESET) C:\Users\----\Downloads\eset_smart_security_live_installer_.exe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Macromedia
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Adobe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Macromedia
2014-08-31 07:21 - 2014-08-31 07:21 - 00000000 ____D () C:\Users\----\AppData\Local\Google
2014-08-31 07:02 - 2014-08-31 07:02 - 00011776 ___SH () C:\Users\----\Downloads\Thumbs.db
2014-08-31 06:35 - 2014-08-31 06:35 - 00000000 ____D () C:\Users\----\AppData\Roaming\TuneUp Software
2014-08-31 05:10 - 2014-08-31 05:10 - 00000000 ____D () C:\Users\----\Desktop\☣☣
2014-08-30 22:32 - 2014-09-02 23:00 - 00000336 _____ () C:\Windows\setupact.log
2014-08-30 22:32 - 2014-08-30 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 22:31 - 2014-08-30 22:32 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 19:06 - 2014-08-30 19:06 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-28 14:11 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:11 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 17:17 - 2014-08-26 17:17 - 00001990 _____ () C:\Users\----\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-08-24 02:34 - 2014-08-31 23:18 - 00000000 ____D () C:\Users\----\Desktop\☣
2014-08-21 09:36 - 2014-08-21 09:43 - 00000038 _____ () C:\Users\----\Desktop\arbeitsamt kndnr.txt
2014-08-19 09:35 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 09:35 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 09:34 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 09:34 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 09:33 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 09:33 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 09:33 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 09:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 09:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-14 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 01265664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 11018240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 06046720 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 06:15 - 2014-07-29 11:31 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 06:15 - 2014-07-29 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 06:15 - 2014-07-29 11:31 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 06:15 - 2014-07-29 11:30 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 06:15 - 2014-07-29 08:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 06:15 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 06:15 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 06:15 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 06:15 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 06:15 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 06:14 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 06:14 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 06:14 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 06:14 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 06:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 06:14 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 06:14 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 06:14 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 06:14 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 06:14 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:12 - 2014-08-31 23:59 - 00000000 ____D () C:\FRST
2014-09-02 23:12 - 2014-08-31 09:19 - 00000000 ____D () C:\Users\----\Desktop\anti V
2014-09-02 23:11 - 2014-09-02 23:11 - 00000624 _____ () C:\Users\----\Desktop\JRT.txt
2014-09-02 23:07 - 2014-09-02 23:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 23:07 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:07 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 23:05 - 2014-09-02 22:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 23:03 - 2014-09-02 23:02 - 01016261 _____ (Thisisu) C:\Users\----\Desktop\JRT.exe
2014-09-02 23:01 - 2014-09-02 23:01 - 00019713 _____ () C:\Users\----\Desktop\AdwCleaner[S0].txt
2014-09-02 23:00 - 2014-08-30 22:32 - 00000336 _____ () C:\Windows\setupact.log
2014-09-02 23:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 22:59 - 2014-09-02 19:27 - 00005826 _____ () C:\Windows\PFRO.log
2014-09-02 22:59 - 2014-04-17 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 22:58 - 2014-08-31 08:52 - 00000000 ____D () C:\AdwCleaner
2014-09-02 22:58 - 2014-04-11 22:21 - 01479820 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 22:53 - 2014-09-02 22:52 - 01364531 _____ () C:\Users\----\Desktop\adwcleaner_3.308.exe
2014-09-02 22:52 - 2014-09-02 22:52 - 00001493 _____ () C:\Users\----\Desktop\mbam.txt
2014-09-02 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-02 22:06 - 2014-09-02 22:06 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-02 22:06 - 2014-09-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-02 22:06 - 2014-08-31 10:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-02 22:04 - 2014-09-02 22:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\----\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-02 01:08 - 2014-09-02 01:08 - 00020745 _____ () C:\ComboFix.txt
2014-09-02 01:08 - 2014-09-02 00:49 - 00000000 ____D () C:\Qoobox
2014-09-02 01:08 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-02 01:06 - 2014-09-02 00:48 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 01:03 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 01:02 - 2009-07-14 04:03 - 31195136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 14417920 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 00:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default
2014-09-02 00:42 - 2014-09-02 00:41 - 05576326 ____R (Swearware) C:\Users\----\Desktop\ComboFix.exe
2014-09-02 00:35 - 2014-06-14 22:27 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 00:35 - 2014-04-13 13:42 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 00:34 - 2014-09-02 00:34 - 00000000 ____D () C:\Users\----\AppData\Roaming\AVAST Software
2014-09-02 00:33 - 2014-04-11 23:19 - 00000000 ____D () C:\Users\----
2014-09-02 00:32 - 2014-04-11 23:53 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-09-02 00:32 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-02 00:31 - 2014-09-01 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-02 00:31 - 2014-08-31 22:41 - 00000000 ____D () C:\Users\----\AppData\Roaming\vlc
2014-09-02 00:31 - 2014-05-08 22:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-02 00:31 - 2014-05-08 22:09 - 00000000 ____D () C:\Users\Administrator
2014-09-02 00:31 - 2014-04-13 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 00:31 - 2014-04-13 13:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 00:31 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 00:31 - 2014-04-12 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-09-02 00:31 - 2014-04-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 00:31 - 2014-04-11 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 00:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-09-02 00:30 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-09-02 00:30 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-02 00:11 - 2014-09-01 13:05 - 00000000 ____D () C:\Program Files\Bitdefender
2014-09-02 00:10 - 2014-09-01 19:02 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-09-02 00:09 - 2014-09-01 13:03 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-09-01 21:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-01 16:14 - 2014-09-01 16:14 - 00000000 ____D () C:\Users\----\AppData\Temp
2014-09-01 13:25 - 2014-09-01 13:12 - 00000000 ____D () C:\ProgramData\BDLogging
2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\Users\----\AppData\Roaming\QuickScan
2014-09-01 11:53 - 2014-09-01 11:53 - 00000000 ____D () C:\ProgramData\ESET
2014-09-01 11:53 - 2014-08-31 07:38 - 00000000 ____D () C:\Program Files\ESET
2014-09-01 09:18 - 2014-09-01 09:18 - 00000000 ____D () C:\Users\----\AppData\Local\VS Revo Group
2014-09-01 09:18 - 2014-09-01 09:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-01 02:17 - 2014-09-01 02:17 - 00000000 _____ () C:\Users\----\defogger_reenable
2014-08-31 23:18 - 2014-08-24 02:34 - 00000000 ____D () C:\Users\----\Desktop\☣
2014-08-31 12:31 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\----\AppData\Local\VirtualStore
2014-08-31 11:27 - 2014-08-31 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 10:48 - 2014-08-31 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-31 10:48 - 2014-08-31 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 10:40 - 2014-08-31 10:40 - 00001535 _____ () C:\world of viring.txt
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Users\----\AppData\Local\Secunia PSI
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Program Files\Secunia
2014-08-31 09:12 - 2014-08-31 09:12 - 00058016 _____ () C:\Users\----\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Roaming\ESET
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Local\ESET
2014-08-31 07:30 - 2014-08-31 07:30 - 01595776 _____ (ESET) C:\Users\----\Downloads\eset_smart_security_live_installer_.exe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Macromedia
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Adobe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Macromedia
2014-08-31 07:21 - 2014-08-31 07:21 - 00000000 ____D () C:\Users\----\AppData\Local\Google
2014-08-31 07:02 - 2014-08-31 07:02 - 00011776 ___SH () C:\Users\----\Downloads\Thumbs.db
2014-08-31 06:35 - 2014-08-31 06:35 - 00000000 ____D () C:\Users\----\AppData\Roaming\TuneUp Software
2014-08-31 06:30 - 2014-04-11 23:19 - 00000000 ___RD () C:\Users\----\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-31 06:30 - 2014-04-11 23:19 - 00000000 ___RD () C:\Users\----\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-31 05:10 - 2014-08-31 05:10 - 00000000 ____D () C:\Users\----\Desktop\☣☣
2014-08-31 05:09 - 2014-07-19 21:52 - 00000000 ____D () C:\Users\----\Desktop\bilder
2014-08-31 05:02 - 2014-06-20 11:32 - 00000000 ____D () C:\Users\----\Desktop\mukke rap
2014-08-30 22:32 - 2014-08-30 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 22:32 - 2014-08-30 22:31 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 21:48 - 2009-07-14 04:03 - 31457280 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-08-30 21:48 - 2009-07-14 04:03 - 14942208 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-08-30 21:48 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 31719424 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-08-30 19:06 - 2014-08-30 19:06 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-30 19:06 - 2014-04-12 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-30 19:01 - 2014-04-17 19:16 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-30 19:01 - 2014-04-17 19:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-30 17:54 - 2014-07-04 11:53 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-30 13:00 - 2014-07-16 21:54 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2014-08-30 13:00 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 17:17 - 2014-08-26 17:17 - 00001990 _____ () C:\Users\----\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-08-23 03:46 - 2014-08-28 14:11 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 14:11 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 09:43 - 2014-08-21 09:36 - 00000038 _____ () C:\Users\----\Desktop\arbeitsamt kndnr.txt
2014-08-20 16:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-20 15:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-17 20:42 - 2014-04-15 13:07 - 00000000 ____D () C:\Users\----\Desktop\WOW
2014-08-14 10:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 10:27 - 2014-05-06 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 10:11 - 2014-04-12 02:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:06 - 2014-04-12 02:42 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-07 03:43 - 2014-08-13 06:14 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 06:14 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2014-04-12 04:54 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2014-08-03 22:54 - 2014-08-03 22:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software

Some content of TEMP:
====================
C:\Users\----\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-31 19:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 03.09.2014, 19:22   #10
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



so hab jetzt code und .rar dateien hoffe das es jetzt alles richtig gepostet ist

Alt 04.09.2014, 13:38   #11
schrauber
/// the machine
/// TB-Ausbilder
 

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.09.2014, 18:24   #12
Coregestört
 
bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e9ebf502dce50c478a0b2b7dd1c19307
# engine=19924
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-31 12:04:40
# local_time=2014-08-31 02:04:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 59765 161117871 0 0
# compatibility_mode_1='ESET Smart Security 7.0'
# compatibility_mode=8221 16777213 100 97 23059 30066422 0 0
# scanned=55554
# found=0
# cleaned=0
# scan_time=1131
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ff1f8db45c556646b9e90e08ed54e999
# engine=20001
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-04 05:09:58
# local_time=2014-09-04 07:09:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 239692 12461250 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2997 161481789 0 0
# scanned=89185
# found=1
# cleaned=0
# scan_time=1722
sh=754B9D148ADD1AF641E9ABDF28390813E63097E2 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\1060c0f.msi"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 CCleaner     
 Adobe Flash Player 	14.0.0.179  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by ---- (administrator) on ----- on 04-09-2014 19:20:30
Running from C:\Users\----\Desktop\anti V
Platform: Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9839810ACC55CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\----\AppData\Roaming\Mozilla\Firefox\Profiles\prgkridc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\----\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-13]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Aurora\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\----\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (YouTube) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google-Suche) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Google Mail) - C:\Users\----\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-02] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-02] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-08-02] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-02] ()
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\----\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 19:15 - 2014-09-04 19:15 - 00854417 _____ () C:\Users\----\Downloads\SecurityCheck.exe
2014-09-03 20:19 - 2014-09-03 20:19 - 00006493 _____ () C:\Users\----\Downloads\FRST.rar
2014-09-03 20:19 - 2014-09-03 20:19 - 00006493 _____ () C:\Users\----\Downloads\FRST (1).rar
2014-09-03 20:17 - 2014-09-03 20:17 - 00000000 ____D () C:\Users\----\AppData\Roaming\WinRAR
2014-09-03 20:11 - 2014-09-03 20:11 - 00019713 _____ () C:\Users\----\Downloads\AdwCleaner[S0].txt
2014-09-03 20:10 - 2014-09-03 20:10 - 00000624 _____ () C:\Users\----\Downloads\JRT.txt
2014-09-03 19:56 - 2014-09-03 19:56 - 00001493 _____ () C:\Users\----\Downloads\mbam.txt
2014-09-02 23:33 - 2014-09-02 23:37 - 00000000 ____D () C:\Users\----\Documents\StarCraft II
2014-09-02 23:27 - 2014-09-02 23:53 - 00000000 ____D () C:\Users\----\AppData\Local\Battle.net
2014-09-02 23:27 - 2014-09-02 23:33 - 00000000 ____D () C:\Users\----\AppData\Roaming\Battle.net
2014-09-02 23:27 - 2014-09-02 23:27 - 00001036 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-02 23:27 - 2014-09-02 23:27 - 00000000 ____D () C:\Users\----\AppData\Local\Blizzard Entertainment
2014-09-02 23:27 - 2014-09-02 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-02 23:27 - 2014-09-02 23:27 - 00000000 ____D () C:\Program Files\Battle.net
2014-09-02 23:21 - 2014-09-02 23:21 - 00034568 _____ () C:\Users\----\Downloads\FRST.txt
2014-09-02 23:07 - 2014-09-02 23:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 22:06 - 2014-09-04 18:47 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 22:06 - 2014-09-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-02 22:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-02 22:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 22:06 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-02 19:27 - 2014-09-02 22:59 - 00005826 _____ () C:\Windows\PFRO.log
2014-09-02 01:08 - 2014-09-02 01:08 - 00020745 _____ () C:\ComboFix.txt
2014-09-02 00:49 - 2014-09-02 01:08 - 00000000 ____D () C:\Qoobox
2014-09-02 00:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 00:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 00:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 00:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 00:48 - 2014-09-02 01:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 00:34 - 2014-09-02 00:34 - 00000000 ____D () C:\Users\----\AppData\Roaming\AVAST Software
2014-09-01 19:02 - 2014-09-02 00:10 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-09-01 16:14 - 2014-09-01 16:14 - 00000000 ____D () C:\Users\----\AppData\Temp
2014-09-01 13:12 - 2014-09-01 13:25 - 00000000 ____D () C:\ProgramData\BDLogging
2014-09-01 13:12 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-09-01 13:05 - 2014-09-02 00:11 - 00000000 ____D () C:\Program Files\Bitdefender
2014-09-01 13:03 - 2014-09-02 00:09 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\Users\----\AppData\Roaming\QuickScan
2014-09-01 11:53 - 2014-09-01 11:53 - 00000000 ____D () C:\ProgramData\ESET
2014-09-01 09:18 - 2014-09-02 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-01 09:18 - 2014-09-01 09:18 - 00000000 ____D () C:\Users\----\AppData\Local\VS Revo Group
2014-09-01 09:15 - 2014-09-01 09:18 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-01 02:17 - 2014-09-01 02:17 - 00000000 _____ () C:\Users\----\defogger_reenable
2014-08-31 23:59 - 2014-09-04 19:20 - 00000000 ____D () C:\FRST
2014-08-31 22:41 - 2014-09-02 00:31 - 00000000 ____D () C:\Users\----\AppData\Roaming\vlc
2014-08-31 12:31 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\----\AppData\Local\VirtualStore
2014-08-31 11:16 - 2014-08-31 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 10:48 - 2014-08-31 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-31 10:40 - 2014-08-31 10:40 - 00001535 _____ () C:\world of viring.txt
2014-08-31 10:25 - 2014-09-02 22:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-31 10:25 - 2014-08-31 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Users\----\AppData\Local\Secunia PSI
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Program Files\Secunia
2014-08-31 09:19 - 2014-09-04 19:20 - 00000000 ____D () C:\Users\----\Desktop\anti V
2014-08-31 09:12 - 2014-08-31 09:12 - 00058016 _____ () C:\Users\----\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 08:52 - 2014-09-02 22:58 - 00000000 ____D () C:\AdwCleaner
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Roaming\ESET
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Local\ESET
2014-08-31 07:38 - 2014-09-04 19:13 - 00000000 ____D () C:\Program Files\ESET
2014-08-31 07:30 - 2014-08-31 07:30 - 01595776 _____ (ESET) C:\Users\----\Downloads\eset_smart_security_live_installer_.exe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Macromedia
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Adobe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Macromedia
2014-08-31 07:21 - 2014-08-31 07:21 - 00000000 ____D () C:\Users\----\AppData\Local\Google
2014-08-31 07:02 - 2014-08-31 07:02 - 00011776 ___SH () C:\Users\----\Downloads\Thumbs.db
2014-08-31 06:35 - 2014-08-31 06:35 - 00000000 ____D () C:\Users\----\AppData\Roaming\TuneUp Software
2014-08-31 05:10 - 2014-08-31 05:10 - 00000000 ____D () C:\Users\----\Desktop\☣☣
2014-08-30 22:32 - 2014-09-04 18:19 - 00000482 _____ () C:\Windows\setupact.log
2014-08-30 22:32 - 2014-08-30 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 22:31 - 2014-08-30 22:32 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 19:06 - 2014-08-30 19:06 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-28 14:11 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:11 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 02:34 - 2014-08-31 23:18 - 00000000 ____D () C:\Users\----\Desktop\☣
2014-08-21 09:36 - 2014-08-21 09:43 - 00000038 _____ () C:\Users\----\Desktop\arbeitsamt kndnr.txt
2014-08-19 09:35 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 09:35 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 09:34 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 09:34 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 09:33 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 09:33 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 09:33 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 09:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 09:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-14 10:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 10:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 10:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 01265664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 06:15 - 2014-07-29 11:33 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 11018240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 06046720 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 06:15 - 2014-07-29 11:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 06:15 - 2014-07-29 11:31 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 06:15 - 2014-07-29 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 06:15 - 2014-07-29 11:31 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 06:15 - 2014-07-29 11:30 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 06:15 - 2014-07-29 08:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 06:15 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 06:15 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 06:15 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 06:15 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 06:15 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 06:14 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 06:14 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 06:14 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 06:14 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 06:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 06:14 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 06:14 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 06:14 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 06:14 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 06:14 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 06:13 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 19:20 - 2014-08-31 23:59 - 00000000 ____D () C:\FRST
2014-09-04 19:20 - 2014-08-31 09:19 - 00000000 ____D () C:\Users\----\Desktop\anti V
2014-09-04 19:15 - 2014-09-04 19:15 - 00854417 _____ () C:\Users\----\Downloads\SecurityCheck.exe
2014-09-04 19:13 - 2014-08-31 07:38 - 00000000 ____D () C:\Program Files\ESET
2014-09-04 18:59 - 2014-04-17 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 18:47 - 2014-09-02 22:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 18:37 - 2014-04-11 23:26 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 18:19 - 2014-08-30 22:32 - 00000482 _____ () C:\Windows\setupact.log
2014-09-04 18:19 - 2014-04-11 22:21 - 01545471 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 18:12 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 18:12 - 2009-07-14 06:34 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 18:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 20:19 - 2014-09-03 20:19 - 00006493 _____ () C:\Users\----\Downloads\FRST.rar
2014-09-03 20:19 - 2014-09-03 20:19 - 00006493 _____ () C:\Users\----\Downloads\FRST (1).rar
2014-09-03 20:17 - 2014-09-03 20:17 - 00000000 ____D () C:\Users\----\AppData\Roaming\WinRAR
2014-09-03 20:11 - 2014-09-03 20:11 - 00019713 _____ () C:\Users\----\Downloads\AdwCleaner[S0].txt
2014-09-03 20:10 - 2014-09-03 20:10 - 00000624 _____ () C:\Users\----\Downloads\JRT.txt
2014-09-03 19:56 - 2014-09-03 19:56 - 00001493 _____ () C:\Users\----\Downloads\mbam.txt
2014-09-02 23:53 - 2014-09-02 23:27 - 00000000 ____D () C:\Users\----\AppData\Local\Battle.net
2014-09-02 23:37 - 2014-09-02 23:33 - 00000000 ____D () C:\Users\----\Documents\StarCraft II
2014-09-02 23:33 - 2014-09-02 23:27 - 00000000 ____D () C:\Users\----\AppData\Roaming\Battle.net
2014-09-02 23:27 - 2014-09-02 23:27 - 00001036 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-02 23:27 - 2014-09-02 23:27 - 00000000 ____D () C:\Users\----\AppData\Local\Blizzard Entertainment
2014-09-02 23:27 - 2014-09-02 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-02 23:27 - 2014-09-02 23:27 - 00000000 ____D () C:\Program Files\Battle.net
2014-09-02 23:27 - 2014-06-07 21:38 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-09-02 23:21 - 2014-09-02 23:21 - 00034568 _____ () C:\Users\----\Downloads\FRST.txt
2014-09-02 23:07 - 2014-09-02 23:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 22:59 - 2014-09-02 19:27 - 00005826 _____ () C:\Windows\PFRO.log
2014-09-02 22:58 - 2014-08-31 08:52 - 00000000 ____D () C:\AdwCleaner
2014-09-02 22:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-02 22:06 - 2014-09-02 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-02 22:06 - 2014-08-31 10:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-02 01:08 - 2014-09-02 01:08 - 00020745 _____ () C:\ComboFix.txt
2014-09-02 01:08 - 2014-09-02 00:49 - 00000000 ____D () C:\Qoobox
2014-09-02 01:08 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-02 01:06 - 2014-09-02 00:48 - 00000000 ____D () C:\Windows\erdnt
2014-09-02 01:03 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 01:02 - 2009-07-14 04:03 - 31195136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 14417920 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 01:02 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 00:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default
2014-09-02 00:35 - 2014-04-13 13:42 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 00:34 - 2014-09-02 00:34 - 00000000 ____D () C:\Users\----\AppData\Roaming\AVAST Software
2014-09-02 00:33 - 2014-04-11 23:19 - 00000000 ____D () C:\Users\----
2014-09-02 00:32 - 2014-04-11 23:53 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-09-02 00:32 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-02 00:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-02 00:31 - 2014-09-01 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-02 00:31 - 2014-08-31 22:41 - 00000000 ____D () C:\Users\----\AppData\Roaming\vlc
2014-09-02 00:31 - 2014-05-08 22:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-02 00:31 - 2014-05-08 22:09 - 00000000 ____D () C:\Users\Administrator
2014-09-02 00:31 - 2014-04-13 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 00:31 - 2014-04-13 13:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 00:31 - 2014-04-13 13:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 00:31 - 2014-04-12 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-09-02 00:31 - 2014-04-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 00:31 - 2014-04-11 23:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 00:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-09-02 00:30 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-09-02 00:30 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-02 00:11 - 2014-09-01 13:05 - 00000000 ____D () C:\Program Files\Bitdefender
2014-09-02 00:10 - 2014-09-01 19:02 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-09-02 00:09 - 2014-09-01 13:03 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-09-01 21:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-01 16:14 - 2014-09-01 16:14 - 00000000 ____D () C:\Users\----\AppData\Temp
2014-09-01 13:25 - 2014-09-01 13:12 - 00000000 ____D () C:\ProgramData\BDLogging
2014-09-01 13:03 - 2014-09-01 13:03 - 00000000 ____D () C:\Users\----\AppData\Roaming\QuickScan
2014-09-01 11:53 - 2014-09-01 11:53 - 00000000 ____D () C:\ProgramData\ESET
2014-09-01 09:18 - 2014-09-01 09:18 - 00000000 ____D () C:\Users\----\AppData\Local\VS Revo Group
2014-09-01 09:18 - 2014-09-01 09:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-01 02:17 - 2014-09-01 02:17 - 00000000 _____ () C:\Users\----\defogger_reenable
2014-08-31 23:18 - 2014-08-24 02:34 - 00000000 ____D () C:\Users\----\Desktop\☣
2014-08-31 12:31 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\----\AppData\Local\VirtualStore
2014-08-31 11:27 - 2014-08-31 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-31 10:48 - 2014-08-31 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-31 10:48 - 2014-08-31 10:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 10:40 - 2014-08-31 10:40 - 00001535 _____ () C:\world of viring.txt
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Users\----\AppData\Local\Secunia PSI
2014-08-31 10:15 - 2014-08-31 10:15 - 00000000 ____D () C:\Program Files\Secunia
2014-08-31 09:12 - 2014-08-31 09:12 - 00058016 _____ () C:\Users\----\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Roaming\ESET
2014-08-31 07:42 - 2014-08-31 07:42 - 00000000 ____D () C:\Users\----\AppData\Local\ESET
2014-08-31 07:30 - 2014-08-31 07:30 - 01595776 _____ (ESET) C:\Users\----\Downloads\eset_smart_security_live_installer_.exe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Macromedia
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Roaming\Adobe
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Mozilla
2014-08-31 07:23 - 2014-08-31 07:23 - 00000000 ____D () C:\Users\----\AppData\Local\Macromedia
2014-08-31 07:21 - 2014-08-31 07:21 - 00000000 ____D () C:\Users\----\AppData\Local\Google
2014-08-31 07:02 - 2014-08-31 07:02 - 00011776 ___SH () C:\Users\----\Downloads\Thumbs.db
2014-08-31 06:35 - 2014-08-31 06:35 - 00000000 ____D () C:\Users\----\AppData\Roaming\TuneUp Software
2014-08-31 06:30 - 2014-04-11 23:19 - 00000000 ___RD () C:\Users\----\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-31 06:30 - 2014-04-11 23:19 - 00000000 ___RD () C:\Users\----\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-31 05:10 - 2014-08-31 05:10 - 00000000 ____D () C:\Users\----\Desktop\☣☣
2014-08-31 05:09 - 2014-07-19 21:52 - 00000000 ____D () C:\Users\----\Desktop\bilder
2014-08-31 05:02 - 2014-06-20 11:32 - 00000000 ____D () C:\Users\----\Desktop\mukke rap
2014-08-30 22:32 - 2014-08-30 22:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 22:32 - 2014-08-30 22:31 - 00267160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 21:48 - 2009-07-14 04:03 - 31457280 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-08-30 21:48 - 2009-07-14 04:03 - 14942208 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-08-30 21:48 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 31719424 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-08-30 21:46 - 2009-07-14 04:03 - 00024576 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-08-30 19:06 - 2014-08-30 19:06 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-30 19:06 - 2014-04-12 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-30 19:01 - 2014-04-17 19:16 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-30 19:01 - 2014-04-17 19:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-30 17:54 - 2014-07-04 11:53 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-30 13:00 - 2014-07-16 21:54 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2014-08-30 13:00 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 03:46 - 2014-08-28 14:11 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 14:11 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 09:43 - 2014-08-21 09:36 - 00000038 _____ () C:\Users\----\Desktop\arbeitsamt kndnr.txt
2014-08-20 16:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-20 15:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-17 20:42 - 2014-04-15 13:07 - 00000000 ____D () C:\Users\----\Desktop\WOW
2014-08-14 10:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 10:27 - 2014-05-06 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 10:11 - 2014-04-12 02:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:06 - 2014-04-12 02:42 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-07 03:43 - 2014-08-13 06:14 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 06:14 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2014-04-12 04:54 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\----\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-31 19:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 05.09.2014, 12:37   #13
schrauber
/// the machine
/// TB-Ausbilder
 

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Standard

bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand
adware, antivirus, aswmonflt., aswrdr., avast, browser, cpu, defender, failed, fehler, flash player, flashplayercplapp.cpl, frage, gdipfontcachev1.dat, google, helper, home, homepage, inetcpl.cpl, mozilla, popup, registry, scan, security, services.exe, software, svchost.exe, system, tv wizard, viren, windows



Ähnliche Themen: bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand


  1. Windows XP mit Adware befallen, eventuell auch mit Virus
    Plagegeister aller Art und deren Bekämpfung - 25.05.2015 (15)
  2. HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA - Dieser key kann auch adw cleaner nicht entfernen
    Log-Analyse und Auswertung - 02.03.2015 (1)
  3. AVG findet 32 Rootkits,kann sie aber nicht eliminieren ,Malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (5)
  4. kann mir jemand einen tip geben,was ich eventuell noch versuchen kann.
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (3)
  5. Homepage befallen? Kann doch nicht...
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (53)
  6. AVG findet Rootkits in C:\Windows\System32\drivers und kann sie nicht entfernen
    Log-Analyse und Auswertung - 24.06.2012 (8)
  7. trojaner gefunden und eventuell nicht richtig beseitigt... vielleicht kann jemand es überprüfen ?
    Log-Analyse und Auswertung - 10.02.2012 (9)
  8. Eventuell mit HTML/Infected.WebPage.Gen2 befallen?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (3)
  9. WINNT.exe befallen mit einem Trojaner was kann oder muss ich tun
    Mülltonne - 28.07.2011 (3)
  10. Kann man Trojaner und Rootkits erst nach Wochen entdecken
    Alles rund um Windows - 05.07.2011 (4)
  11. Kann ein Grafiktablett von einem virus befallen werden?
    Diskussionsforum - 04.06.2011 (2)
  12. TR/Dldr.Bagle.aag - Wie kann ich feststellen, ob ext Festplatte auch befallen ist?
    Mülltonne - 04.09.2008 (0)
  13. Kann sich jemand das bitte jemand ansehn?
    Log-Analyse und Auswertung - 19.06.2007 (1)
  14. Kann mir jemand helfen??
    Log-Analyse und Auswertung - 18.04.2007 (4)
  15. Kann mir jemand sagen was das ist?
    Plagegeister aller Art und deren Bekämpfung - 11.03.2006 (11)
  16. Kann mir jemand weiterhelfen?
    Log-Analyse und Auswertung - 16.11.2005 (2)

Zum Thema bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand - Zitat: Ich Glaube auf meinem system haben sich rootkits,malewarez ... alle möglichen viren breit gemacht .Ich will zumbeispiel bei Google Chrome browser in google fragen ob es sinnvoll ist dhcp - bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand...
Archiv
Du betrachtest: bin befallen von rootkits/HKLM/ npGoogleUpdate3.detc./npvlc.dll Kann da eventuell mal jemand auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.