Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung

Hassel · 09.01.2015, 12:44

Guten Tag,

habe den Computer von meinem Bruder da stehen, dieser am 05.01.2015 Post von der Telekom erhalten hat.

"Wichtige Sicherheitswarnung zu Ihrem Internetzugang
Abuse ID : XXXXX
Zugangsnummer: XXX

Sehr geehrter Herr XXX

uns liegen Hinweise von Sicherheitsexperten vor, dass mindestens ein Rechner, der über Ihren Internetzugang sich mit dem Internet verbindet, mit einem Virus / Trojaner infiziert ist. ...."

jetzt habe ich seinen Computer bei mir stehen und soll mal danach schauen.
Könnte jetzt sämtliche programme wie Malwarebyte und ähnliches drüber laufen lassen und das Zeugs löschen. Dabei ist mir aber in dem Moment nicht geholfen, weil ich gern die Ursache wissen möchte wie schlimm der PC infiziert ist. In dieser Problematik kann ich nur hier geholfen bekommen, da ich mich dann soweit auch nicht damit auskenne.

Daher bitte ich um Hilfe um meinen PC zu gescheid zu Reinigen und vorallem die Ursache herauszufinden.

Wäre jemand so nett und würde mir helfen ?

Danke im vorraus

Hassel

PS: Da sich der PC nun bei mir befindet, kann es sein wenn ich diesen mit meinem Inet verbinde, dass danach mein System Infiziert ist oder irgendwie Passwörter ausgelesen werden?

cosinus · 09.01.2015, 13:16

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hassel · 09.01.2015, 15:37

Habe vorher extra garnix dran gemacht um die Ursache zu finden.

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by DarkDragons (administrator) on SHOCKDRAGONS on 09-01-2015 15:33:36
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\nethtsrv.exe
() C:\Windows\score.exe
() C:\Windows\SysWOW64\netupdsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Time Lapse Solutions) C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [mbot_de_82] => [X]
HKLM-x32\...\Run: [ConvertAd] => C:\Users\DarkDragons\AppData\Local\ConvertAd\ConvertAd.exe
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Akamai NetSession Interface] => C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GM,&q={searchTerms}
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=55&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D-D4C95A456D19&SSPV=
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GM,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GQ,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GQ,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=58&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D-D4C95A456D19&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_44_ff&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDzz0FtD0ByCtD0CzztBtBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0B0CtA0A0DtAyDtG0A0Bzy0BtGtDtBzyzztG0CtCtA0DtGyD0FzyzytDtA0E0A0FtByEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByEyD0CtA0Azz0DtG0EyBtD0BtGyEtCtDyEtG0B0Bzy0EtGyDyCzy0E0EtAtCzy0FtByEyB2Q&cr=1149733925&ir=
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=58&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D-D4C95A456D19&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GQ,&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF user.js: detected! => C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\DarkDragons\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml
FF HKLM-x32\...\Firefox\Extensions: [{d9a96531-b093-4d07-9e4c-9704a365c441}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\DarkDragons\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [315392 2015-01-01] () [File not signed]
R2 scores; C:\Windows\score.exe [4834816 2014-10-02] () [File not signed]
R2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [335360 2015-01-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-09-29] (NetFilterSDK.com)
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2015-01-01] (nethfdrv)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 wpnfd_1_10_0_2; system32\drivers\wpnfd_1_10_0_2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:33 - 2015-01-09 15:34 - 00014050 _____ () C:\Users\DarkDragons\Desktop\FRST.txt
2015-01-09 15:30 - 2015-01-09 15:33 - 00000000 ____D () C:\FRST
2015-01-09 15:29 - 2015-01-09 15:29 - 02124288 _____ (Farbar) C:\Users\DarkDragons\Desktop\FRST64.exe
2015-01-04 20:29 - 2015-01-04 20:29 - 00000687 _____ () C:\awh2A63.tmp
2015-01-03 14:54 - 2015-01-03 14:54 - 00000687 _____ () C:\awhB136.tmp
2015-01-01 10:39 - 2015-01-01 10:39 - 00335360 _____ () C:\Windows\SysWOW64\netupdsrv.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00325120 _____ () C:\Windows\SysWOW64\hfpapi.dll
2015-01-01 10:39 - 2015-01-01 10:39 - 00315392 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00128000 _____ () C:\Windows\SysWOW64\installd.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2015-01-01 10:39 - 2015-01-01 10:39 - 00046160 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2014-12-24 13:16 - 2014-12-24 13:16 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Alien Isolation.url
2014-12-23 11:18 - 2014-12-23 11:18 - 00000687 _____ () C:\awh81D9.tmp
2014-12-21 20:45 - 2014-12-21 20:45 - 00000687 _____ () C:\awhEC60.tmp
2014-12-19 18:44 - 2014-12-19 18:44 - 00000687 _____ () C:\awh4855.tmp
2014-12-18 20:31 - 2014-12-18 20:32 - 00280752 _____ () C:\Windows\Minidump\121814-25093-01.dmp
2014-12-18 20:31 - 2014-12-18 20:31 - 696154421 _____ () C:\Windows\MEMORY.DMP
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 21:56 - 2014-12-16 21:56 - 00000687 _____ () C:\awhF7AA.tmp
2014-12-16 21:25 - 2014-12-16 21:25 - 00000687 _____ () C:\awh9CB.tmp
2014-12-15 23:06 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 23:06 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 16:33 - 2014-12-14 16:33 - 00000687 _____ () C:\awh966D.tmp
2014-12-12 14:03 - 2014-12-12 14:03 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Sacred 3.url
2014-12-12 08:47 - 2014-12-12 08:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 05:06 - 2014-12-10 05:06 - 00000687 _____ () C:\awhB13.tmp
2014-12-10 00:08 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 00:08 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:32 - 2014-11-14 08:59 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\ZombieInvasion
2015-01-09 15:30 - 2014-05-16 18:15 - 01569010 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 15:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-09 15:23 - 2014-05-16 18:45 - 00000000 ____D () C:\Users\DarkDragons\AppData\Roaming\ClassicShell
2015-01-09 15:23 - 2014-05-16 18:34 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7F5C46-D0D5-44D6-A666-2A83C8BD8ED4}
2015-01-09 15:19 - 2014-11-05 20:45 - 00000394 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-01-05 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-05 16:44 - 2014-10-19 14:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 09:57 - 2014-10-15 11:45 - 00000000 ____D () C:\Program Files\CouponArific
2015-01-05 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 00:19 - 2014-06-07 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 00:19 - 2014-05-16 18:18 - 00000000 ____D () C:\Users\DarkDragons
2015-01-04 20:24 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 20:19 - 2014-05-16 18:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\JDownloader v2.0
2014-12-31 12:14 - 2014-08-30 21:15 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 20:38 - 2014-06-20 16:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-18 18:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 20:53 - 2014-09-02 09:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Akamai
2014-12-17 17:43 - 2014-05-16 18:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357861172-224482980-2813433480-1001
2014-12-16 21:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-16 21:19 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-16 21:19 - 2014-03-18 02:51 - 00108542 _____ () C:\Windows\PFRO.log
2014-12-12 22:11 - 2014-05-18 12:07 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Battle.net
2014-12-12 16:37 - 2014-06-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-12 12:46 - 2014-06-22 14:57 - 00000000 ____D () C:\Users\DarkDragons\Documents\StarCraft II
2014-12-12 10:02 - 2014-05-18 12:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 15:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 00:15 - 2014-05-19 10:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 00:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 00:10 - 2014-05-19 10:14 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 02:51

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-09 15:34:24
Running from C:\Users\DarkDragons\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders Ancient Alien Makeover (HKLM-x32\...\7 Wonders Ancient Alien Makeover) (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version:  - EA Los Angeles)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legends of Aethereus (HKLM-x32\...\Steam App 248410) (Version:  - Three Gates)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version:  - CAPCOM CO., LTD.)
Mahjong Secrets (HKLM-x32\...\Mahjong Secrets_is1) (Version: 1.0 - Playrix Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37803 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Blitz 1.0 (HKLM\...\{F249E83F-ADF4-4159-BAF5-485965489228}) (Version: 1.0 - Headup Games)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.46 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 16:37:03 Windows Update
26-12-2014 10:39:34 Geplanter Prüfpunkt
03-01-2015 12:51:49 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {020A8DF0-4DE0-47DC-A2BF-B780D9316C4A} - System32\Tasks\PennyBee => C:\Users\DARKDR~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1540789C-7B76-4213-8A88-385BBF788821} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {42CBEAA2-06B1-48FD-A28F-892244789220} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {61926872-C938-4599-8D44-3B91DEE5ABA5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {6C830E42-BCBE-4D84-BE4F-68BAF29BC8B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {76C24555-6063-4DCB-9089-A68312B203C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {A5DEC9E8-3CD1-415C-9F5C-8729C271E443} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {BF78EB80-3BD0-4EE1-AFA9-99F6162CCD71} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D898BB2C-28D9-40ED-8140-5B09B7BA67D7} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D9C3798B-841A-4D0D-A15B-97E98E3ECC41} - System32\Tasks\AmiUpdXp => C:\Users\DarkDragons\AppData\Local\1959\Updater.exe [2014-11-05] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\DarkDragons\AppData\Local\1959\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\DARKDR~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-05-22 20:59 - 2014-05-22 20:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00172544 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
2014-09-29 21:13 - 2014-09-29 21:13 - 00110080 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00456192 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll
2015-01-01 10:39 - 2015-01-01 10:39 - 00315392 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2014-09-16 18:01 - 2014-10-02 17:56 - 04834816 _____ () C:\Windows\score.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00335360 _____ () C:\Windows\SysWOW64\netupdsrv.exe
2014-12-12 08:47 - 2014-12-12 08:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\DarkDragons:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Cookies:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "GameforgeLive"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357861172-224482980-2813433480-500 - Administrator - Disabled)
DarkDragons (S-1-5-21-2357861172-224482980-2813433480-1001 - Administrator - Enabled) => C:\Users\DarkDragons
Gast (S-1-5-21-2357861172-224482980-2813433480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2357861172-224482980-2813433480-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 03:34:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:34:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00b74e50
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x3790
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x010e4e50
ID des fehlerhaften Prozesses: 0x3790
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x1224
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x010f4e50
ID des fehlerhaften Prozesses: 0x1224
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00b94e50
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x3350
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x01134e50
ID des fehlerhaften Prozesses: 0x3350
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5


System errors:
=============
Error: (01/05/2015 09:03:15 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/05/2015 09:03:15 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/05/2015 07:52:15 AM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 07:51:45 AM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/04/2015 08:24:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/04/2015 08:24:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎01.‎2015 um 20:08:55 unerwartet heruntergefahren.

Error: (01/04/2015 01:41:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/04/2015 01:41:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/04/2015 01:02:38 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 01:02:05 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/09/2015 03:34:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df16e001d02c19621535aeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowna0e96512-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:34:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500b74e5016e001d02c19621535aeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown9fcb4abf-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df379001d02c19361b8b96C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown7516a3d7-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5010e4e50379001d02c19361b8b96C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown73d126c1-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df122401d02c1933662539C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown724c55ce-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5010f4e50122401d02c1933662539C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown711c0eeb-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df31d001d02c192690e481C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown659ec1e8-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500b94e5031d001d02c192690e481C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown64467fdc-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df335001d02c19240a7e45C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown62e208a2-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a501134e50335001d02c19240a7e45C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown61bfcb85-980c-11e4-8286-1c6f658f0b60


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 22%
Total physical RAM: 8189.55 MB
Available physical RAM: 6322.16 MB
Total Pagefile: 16381.55 MB
Available Pagefile: 14560.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:429.57 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:510.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B788E10F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C1DEE9F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 09.01.2015, 17:16

Da lief auch schon mal illegal ein MS-Office

Bitte ein Log mit MBAR machen:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hassel · 09.01.2015, 17:50

kann ich leider nicht viel zu sagen was da mal alles drauf installiert war, werde es aber weiter geben

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.09.11

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
DarkDragons :: SHOCKDRAGONS [administrator]

09.01.2015 17:33:21
mbar-log-2015-01-09 (17-33-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 337500
Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Detected: 1
C:\Windows\score.exe (Trojan.ZBAgent.NS) -> 1640 -> Delete on reboot. [e37cbc39355460d6f88f9d3f0ef3ed13]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scores (Trojan.ZBAgent.NS) -> Delete on reboot. [e37cbc39355460d6f88f9d3f0ef3ed13]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [1a45dd189aef70c6f550b76ba95acc34]

Files Detected: 3
C:\WINDOWS\SYSTEM32\drivers\nethfdrv.sys (PUP.Optional.NetFilter) -> Delete on reboot. [cca84a9267600396e43c095dfc5572fb]
C:\Windows\score.exe (Trojan.ZBAgent.NS) -> Delete on reboot. [e37cbc39355460d6f88f9d3f0ef3ed13]
C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []

Physical Sectors Detected: 0
(No malicious items detected)

(end)

zweiter scan läuft gerade, irgendwie hab ich die vermutung das der Rechner eine reine Trojaner/Viren schleuder ist... bei windows defender befand sich auch eine Datei in der Quarantäne habe sie gelöscht

Zweiter Scan alles Ok wurde nichts mehr gefunden

cosinus · 09.01.2015, 18:04

Starte den Rechner neu, wiederhole MBAR, um sicherzustellen, dass es die Funde auch dauerhaft entfernt hat

Hassel · 09.01.2015, 18:12

Jawohl mein Meister =)

Rechner Neu gestartet dritte Runde läuft bereits Poste gleich Ergebnis: nichts mehr gefunden

cosinus · 09.01.2015, 18:28

Ok, schauen wir zur Sicherheit nochmal mit TDSSkiller rüber:

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hassel · 09.01.2015, 18:36

Habe 2 logfiles weil das programm einmal abgebrochen hat.

beim zweiten mal ist es durchgelaufen und habe zwei fünde

Code:

ATTFilter

18:30:52.0602 0x0de0  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:30:55.0996 0x0de0  ============================================================
18:30:55.0996 0x0de0  Current date / time: 2015/01/09 18:30:55.0996
18:30:55.0996 0x0de0  SystemInfo:
18:30:55.0996 0x0de0  
18:30:55.0996 0x0de0  OS Version: 6.3.9600 ServicePack: 0.0
18:30:55.0996 0x0de0  Product type: Workstation
18:30:55.0996 0x0de0  ComputerName: SHOCKDRAGONS
18:30:55.0996 0x0de0  UserName: DarkDragons
18:30:55.0996 0x0de0  Windows directory: C:\Windows
18:30:55.0996 0x0de0  System windows directory: C:\Windows
18:30:55.0996 0x0de0  Running under WOW64
18:30:55.0996 0x0de0  Processor architecture: Intel x64
18:30:55.0996 0x0de0  Number of processors: 4
18:30:55.0996 0x0de0  Page size: 0x1000
18:30:55.0996 0x0de0  Boot type: Normal boot
18:30:55.0996 0x0de0  ============================================================
18:30:56.0633 0x0de0  KLMD registered as C:\Windows\system32\drivers\83016084.sys
18:30:57.0128 0x0de0  System UUID: {94BA08A1-C5AD-CD57-2F21-2297898908D5}
18:30:58.0237 0x0de0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:58.0247 0x0de0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:30:58.0249 0x0de0  ============================================================
18:30:58.0249 0x0de0  \Device\Harddisk0\DR0:
18:30:58.0249 0x0de0  MBR partitions:
18:30:58.0249 0x0de0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:30:58.0249 0x0de0  \Device\Harddisk1\DR1:
18:30:58.0249 0x0de0  MBR partitions:
18:30:58.0249 0x0de0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:30:58.0249 0x0de0  ============================================================
18:30:58.0250 0x0de0  C: <-> \Device\Harddisk1\DR1\Partition1
18:30:58.0264 0x0de0  E: <-> \Device\Harddisk0\DR0\Partition1
18:30:58.0264 0x0de0  ============================================================
18:30:58.0264 0x0de0  Initialize success
18:30:58.0264 0x0de0  ============================================================
18:31:57.0444 0x0b9c  ============================================================
18:31:57.0444 0x0b9c  Scan started
18:31:57.0444 0x0b9c  Mode: Manual; TDLFS; 
18:31:57.0444 0x0b9c  ============================================================
18:31:57.0444 0x0b9c  KSN ping started
18:31:59.0908 0x0b9c  KSN ping finished: true
18:32:00.0893 0x0b9c  ================ Scan system memory ========================
18:32:00.0893 0x0b9c  System memory - ok
18:32:00.0894 0x0b9c  ================ Scan services =============================
18:32:01.0002 0x0b9c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
18:32:01.0010 0x0b9c  1394ohci - ok
18:32:01.0030 0x0b9c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
18:32:01.0035 0x0b9c  3ware - ok
18:32:01.0103 0x0b9c  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:32:01.0118 0x0b9c  ACPI - ok
18:32:01.0134 0x0b9c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
18:32:01.0134 0x0b9c  acpiex - ok
18:32:01.0149 0x0b9c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
18:32:01.0149 0x0b9c  acpipagr - ok
18:32:01.0181 0x0b9c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
18:32:01.0181 0x0b9c  AcpiPmi - ok
18:32:01.0196 0x0b9c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
18:32:01.0212 0x0b9c  acpitime - ok
18:32:01.0337 0x0b9c  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:32:01.0353 0x0b9c  AdobeFlashPlayerUpdateSvc - ok
18:32:01.0384 0x0b9c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
18:32:01.0399 0x0b9c  ADP80XX - ok
18:32:01.0431 0x0b9c  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:32:01.0431 0x0b9c  AeLookupSvc - ok
18:32:01.0493 0x0b9c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
18:32:01.0493 0x0b9c  AFD - ok
18:32:01.0524 0x0b9c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:32:01.0524 0x0b9c  agp440 - ok
18:32:01.0524 0x0b9c  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
18:32:01.0540 0x0b9c  ahcache - ok
18:32:01.0556 0x0b9c  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\Windows\System32\alg.exe
18:32:01.0556 0x0b9c  ALG - ok
18:32:01.0587 0x0b9c  [ 91CED777074974890AF6E93839245678, 23FE30391AD4DD184909B6ACB035F92A11EF912A5B5E0E8CF9ED08C8F6B5E489 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:32:01.0603 0x0b9c  AMD External Events Utility - ok
18:32:01.0634 0x0b9c  AMD FUEL Service - ok
18:32:01.0649 0x0b9c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
18:32:01.0649 0x0b9c  AmdK8 - ok
18:32:01.0681 0x0b9c  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
18:32:01.0681 0x0b9c  amdkmafd - ok

Code:

ATTFilter

18:32:11.0868 0x0aac  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:32:13.0618 0x0aac  ============================================================
18:32:13.0618 0x0aac  Current date / time: 2015/01/09 18:32:13.0618
18:32:13.0618 0x0aac  SystemInfo:
18:32:13.0618 0x0aac  
18:32:13.0618 0x0aac  OS Version: 6.3.9600 ServicePack: 0.0
18:32:13.0618 0x0aac  Product type: Workstation
18:32:13.0618 0x0aac  ComputerName: SHOCKDRAGONS
18:32:13.0618 0x0aac  UserName: DarkDragons
18:32:13.0618 0x0aac  Windows directory: C:\Windows
18:32:13.0618 0x0aac  System windows directory: C:\Windows
18:32:13.0618 0x0aac  Running under WOW64
18:32:13.0618 0x0aac  Processor architecture: Intel x64
18:32:13.0618 0x0aac  Number of processors: 4
18:32:13.0618 0x0aac  Page size: 0x1000
18:32:13.0618 0x0aac  Boot type: Normal boot
18:32:13.0618 0x0aac  ============================================================
18:32:13.0759 0x0aac  System UUID: {94BA08A1-C5AD-CD57-2F21-2297898908D5}
18:32:14.0149 0x0aac  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:14.0165 0x0aac  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:32:14.0181 0x0aac  ============================================================
18:32:14.0181 0x0aac  \Device\Harddisk0\DR0:
18:32:14.0181 0x0aac  MBR partitions:
18:32:14.0181 0x0aac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:32:14.0181 0x0aac  \Device\Harddisk1\DR1:
18:32:14.0181 0x0aac  MBR partitions:
18:32:14.0181 0x0aac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:32:14.0181 0x0aac  ============================================================
18:32:14.0196 0x0aac  C: <-> \Device\Harddisk1\DR1\Partition1
18:32:14.0196 0x0aac  E: <-> \Device\Harddisk0\DR0\Partition1
18:32:14.0196 0x0aac  ============================================================
18:32:14.0196 0x0aac  Initialize success
18:32:14.0196 0x0aac  ============================================================
18:32:22.0415 0x0c74  ============================================================
18:32:22.0415 0x0c74  Scan started
18:32:22.0415 0x0c74  Mode: Manual; TDLFS; 
18:32:22.0415 0x0c74  ============================================================
18:32:22.0415 0x0c74  KSN ping started
18:32:24.0853 0x0c74  KSN ping finished: true
18:32:25.0603 0x0c74  ================ Scan system memory ========================
18:32:25.0603 0x0c74  System memory - ok
18:32:25.0603 0x0c74  ================ Scan services =============================
18:32:25.0728 0x0c74  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
18:32:25.0728 0x0c74  1394ohci - ok
18:32:25.0759 0x0c74  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
18:32:25.0759 0x0c74  3ware - ok
18:32:25.0790 0x0c74  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:32:25.0790 0x0c74  ACPI - ok
18:32:25.0821 0x0c74  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
18:32:25.0821 0x0c74  acpiex - ok
18:32:25.0821 0x0c74  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
18:32:25.0821 0x0c74  acpipagr - ok
18:32:25.0837 0x0c74  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
18:32:25.0837 0x0c74  AcpiPmi - ok
18:32:25.0837 0x0c74  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
18:32:25.0837 0x0c74  acpitime - ok
18:32:25.0962 0x0c74  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:32:25.0993 0x0c74  AdobeFlashPlayerUpdateSvc - ok
18:32:26.0040 0x0c74  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
18:32:26.0056 0x0c74  ADP80XX - ok
18:32:26.0087 0x0c74  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:32:26.0087 0x0c74  AeLookupSvc - ok
18:32:26.0134 0x0c74  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
18:32:26.0149 0x0c74  AFD - ok
18:32:26.0165 0x0c74  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:32:26.0165 0x0c74  agp440 - ok
18:32:26.0181 0x0c74  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
18:32:26.0181 0x0c74  ahcache - ok
18:32:26.0196 0x0c74  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\Windows\System32\alg.exe
18:32:26.0196 0x0c74  ALG - ok
18:32:26.0228 0x0c74  [ 91CED777074974890AF6E93839245678, 23FE30391AD4DD184909B6ACB035F92A11EF912A5B5E0E8CF9ED08C8F6B5E489 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:32:26.0228 0x0c74  AMD External Events Utility - ok
18:32:26.0243 0x0c74  AMD FUEL Service - ok
18:32:26.0274 0x0c74  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
18:32:26.0274 0x0c74  AmdK8 - ok
18:32:26.0306 0x0c74  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
18:32:26.0306 0x0c74  amdkmafd - ok
18:32:26.0743 0x0c74  [ 74B39BA3FB6A934FEFEDEC1C89D5AD64, 15D92791FF46203FCED99FB6DB9E86E5AE91B6BC94AF64A35C28ABCCA5C82E8A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:32:26.0993 0x0c74  amdkmdag - ok
18:32:27.0087 0x0c74  [ DA9BFE42D2B4BF410DE9700698E7C150, AB7743D0DBD0A3B2CC016F2C6FE417B9023AB52B0E926E9D09A753F739928C15 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:32:27.0103 0x0c74  amdkmdap - ok
18:32:27.0118 0x0c74  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
18:32:27.0118 0x0c74  AmdPPM - ok
18:32:27.0134 0x0c74  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:32:27.0149 0x0c74  amdsata - ok
18:32:27.0149 0x0c74  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:32:27.0165 0x0c74  amdsbs - ok
18:32:27.0165 0x0c74  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:32:27.0165 0x0c74  amdxata - ok
18:32:27.0181 0x0c74  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:32:27.0196 0x0c74  AODDriver4.2.0 - ok
18:32:27.0196 0x0c74  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:32:27.0196 0x0c74  AODDriver4.3 - ok
18:32:27.0196 0x0c74  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\Windows\system32\drivers\appid.sys
18:32:27.0196 0x0c74  AppID - ok
18:32:27.0228 0x0c74  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:32:27.0228 0x0c74  AppIDSvc - ok
18:32:27.0259 0x0c74  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\Windows\System32\appinfo.dll
18:32:27.0274 0x0c74  Appinfo - ok
18:32:27.0306 0x0c74  [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:32:27.0321 0x0c74  AppMgmt - ok
18:32:27.0337 0x0c74  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
18:32:27.0368 0x0c74  AppReadiness - ok
18:32:27.0399 0x0c74  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
18:32:27.0431 0x0c74  AppXSvc - ok
18:32:27.0446 0x0c74  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:32:27.0446 0x0c74  arcsas - ok
18:32:27.0462 0x0c74  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:27.0462 0x0c74  AsyncMac - ok
18:32:27.0478 0x0c74  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:32:27.0478 0x0c74  atapi - ok
18:32:27.0524 0x0c74  [ 517334A411CD079EE9AEF4C2167875A5, 7C6A450BADCA211D553102ABDC06E1F367FBFC359711AF1DC88027B34502B484 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
18:32:27.0524 0x0c74  AtiHDAudioService - ok
18:32:27.0556 0x0c74  [ 7F70B1044272982AAEA7C16E83424770, A7694D38DF5A0E1040688017DB811EF0788874FE505ADD572DE4D4647073DC12 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:32:27.0556 0x0c74  AudioEndpointBuilder - ok
18:32:27.0587 0x0c74  [ C0484CA5C7F87E38909746B63C7FC868, 65159639E2300AEA886184E9D47D449350DAF69A8AA2F9DBD6BD8A474BA73177 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:32:27.0603 0x0c74  Audiosrv - ok
18:32:27.0634 0x0c74  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:32:27.0634 0x0c74  AxInstSV - ok
18:32:27.0681 0x0c74  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:32:27.0759 0x0c74  b06bdrv - ok
18:32:27.0790 0x0c74  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
18:32:27.0790 0x0c74  BasicDisplay - ok
18:32:27.0790 0x0c74  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
18:32:27.0790 0x0c74  BasicRender - ok
18:32:27.0806 0x0c74  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
18:32:27.0806 0x0c74  bcmfn2 - ok
18:32:27.0837 0x0c74  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:32:27.0853 0x0c74  BDESVC - ok
18:32:27.0884 0x0c74  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
18:32:27.0884 0x0c74  Beep - ok
18:32:27.0962 0x0c74  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\Windows\System32\bfe.dll
18:32:27.0978 0x0c74  BFE - ok
18:32:28.0024 0x0c74  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
18:32:28.0056 0x0c74  BITS - ok
18:32:28.0071 0x0c74  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:32:28.0071 0x0c74  bowser - ok
18:32:28.0118 0x0c74  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:32:28.0118 0x0c74  BrokerInfrastructure - ok
18:32:28.0149 0x0c74  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\Windows\System32\browser.dll
18:32:28.0149 0x0c74  Browser - ok
18:32:28.0165 0x0c74  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
18:32:28.0165 0x0c74  BthAvrcpTg - ok
18:32:28.0196 0x0c74  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
18:32:28.0212 0x0c74  BthHFEnum - ok
18:32:28.0212 0x0c74  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
18:32:28.0228 0x0c74  bthhfhid - ok
18:32:28.0228 0x0c74  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
18:32:28.0243 0x0c74  BTHMODEM - ok
18:32:28.0259 0x0c74  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\Windows\system32\bthserv.dll
18:32:28.0259 0x0c74  bthserv - ok
18:32:28.0274 0x0c74  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:32:28.0274 0x0c74  cdfs - ok
18:32:28.0290 0x0c74  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
18:32:28.0306 0x0c74  cdrom - ok
18:32:28.0321 0x0c74  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:32:28.0321 0x0c74  CertPropSvc - ok
18:32:28.0337 0x0c74  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
18:32:28.0337 0x0c74  circlass - ok
18:32:28.0368 0x0c74  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
18:32:28.0368 0x0c74  CLFS - ok
18:32:28.0384 0x0c74  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
18:32:28.0384 0x0c74  CmBatt - ok
18:32:28.0493 0x0c74  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:32:28.0509 0x0c74  CNG - ok
18:32:28.0525 0x0c74  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
18:32:28.0525 0x0c74  CompositeBus - ok
18:32:28.0525 0x0c74  COMSysApp - ok
18:32:28.0525 0x0c74  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
18:32:28.0540 0x0c74  condrv - ok
18:32:28.0603 0x0c74  [ F81093504224F0AE8AA86199143963DC, 1A8C9BE977033647A54D8E9CF743612728A98AA7C2C78880544628995554C9FF ] CouponArificService64 C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
18:32:28.0618 0x0c74  CouponArificService64 - ok
18:32:28.0681 0x0c74  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:32:28.0696 0x0c74  CryptSvc - ok
18:32:28.0728 0x0c74  [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC             C:\Windows\system32\drivers\csc.sys
18:32:28.0743 0x0c74  CSC - ok
18:32:28.0774 0x0c74  [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService      C:\Windows\System32\cscsvc.dll
18:32:28.0790 0x0c74  CscService - ok
18:32:28.0821 0x0c74  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
18:32:28.0821 0x0c74  dam - ok
18:32:28.0853 0x0c74  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:32:28.0853 0x0c74  DcomLaunch - ok
18:32:28.0915 0x0c74  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:32:28.0915 0x0c74  defragsvc - ok
18:32:28.0946 0x0c74  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
18:32:28.0962 0x0c74  DeviceAssociationService - ok
18:32:28.0978 0x0c74  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
18:32:28.0978 0x0c74  DeviceInstall - ok
18:32:28.0993 0x0c74  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
18:32:28.0993 0x0c74  Dfsc - ok
18:32:29.0056 0x0c74  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:32:29.0071 0x0c74  Dhcp - ok
18:32:29.0087 0x0c74  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
18:32:29.0087 0x0c74  disk - ok
18:32:29.0103 0x0c74  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
18:32:29.0103 0x0c74  dmvsc - ok
18:32:29.0134 0x0c74  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:32:29.0134 0x0c74  Dnscache - ok
18:32:29.0165 0x0c74  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\Windows\System32\dot3svc.dll
18:32:29.0165 0x0c74  dot3svc - ok
18:32:29.0196 0x0c74  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\Windows\system32\dps.dll
18:32:29.0212 0x0c74  DPS - ok
18:32:29.0228 0x0c74  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:32:29.0228 0x0c74  drmkaud - ok
18:32:29.0259 0x0c74  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
18:32:29.0259 0x0c74  DsmSvc - ok
18:32:29.0353 0x0c74  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:32:29.0399 0x0c74  DXGKrnl - ok
18:32:29.0415 0x0c74  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\Windows\System32\eapsvc.dll
18:32:29.0431 0x0c74  Eaphost - ok
18:32:29.0587 0x0c74  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:32:29.0665 0x0c74  ebdrv - ok
18:32:29.0696 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\Windows\System32\lsass.exe
18:32:29.0696 0x0c74  EFS - ok
18:32:29.0696 0x0c74  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
18:32:29.0696 0x0c74  EhStorClass - ok
18:32:29.0712 0x0c74  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
18:32:29.0728 0x0c74  EhStorTcgDrv - ok
18:32:29.0728 0x0c74  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
18:32:29.0728 0x0c74  ErrDev - ok
18:32:29.0759 0x0c74  esgiguard - ok
18:32:29.0821 0x0c74  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\Windows\system32\es.dll
18:32:29.0853 0x0c74  EventSystem - ok
18:32:29.0868 0x0c74  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:32:29.0868 0x0c74  exfat - ok
18:32:29.0900 0x0c74  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:32:29.0900 0x0c74  fastfat - ok
18:32:29.0946 0x0c74  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\Windows\system32\fxssvc.exe
18:32:29.0962 0x0c74  Fax - ok
18:32:29.0978 0x0c74  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
18:32:29.0978 0x0c74  fdc - ok
18:32:30.0009 0x0c74  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\Windows\system32\fdPHost.dll
18:32:30.0009 0x0c74  fdPHost - ok
18:32:30.0024 0x0c74  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
18:32:30.0024 0x0c74  FDResPub - ok
18:32:30.0040 0x0c74  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\Windows\system32\fhsvc.dll
18:32:30.0040 0x0c74  fhsvc - ok
18:32:30.0056 0x0c74  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:32:30.0056 0x0c74  FileInfo - ok
18:32:30.0071 0x0c74  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:32:30.0071 0x0c74  Filetrace - ok
18:32:30.0087 0x0c74  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
18:32:30.0087 0x0c74  flpydisk - ok
18:32:30.0149 0x0c74  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:32:30.0212 0x0c74  FltMgr - ok
18:32:30.0290 0x0c74  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\Windows\system32\FntCache.dll
18:32:30.0321 0x0c74  FontCache - ok
18:32:30.0415 0x0c74  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:32:30.0415 0x0c74  FontCache3.0.0.0 - ok
18:32:30.0446 0x0c74  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:32:30.0446 0x0c74  FsDepends - ok
18:32:30.0478 0x0c74  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:32:30.0478 0x0c74  Fs_Rec - ok
18:32:30.0509 0x0c74  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:32:30.0524 0x0c74  fvevol - ok
18:32:30.0540 0x0c74  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
18:32:30.0540 0x0c74  FxPPM - ok
18:32:30.0556 0x0c74  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:32:30.0556 0x0c74  gagp30kx - ok
18:32:30.0556 0x0c74  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
18:32:30.0556 0x0c74  gencounter - ok
18:32:30.0603 0x0c74  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
18:32:30.0603 0x0c74  GPIOClx0101 - ok
18:32:30.0728 0x0c74  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:32:30.0759 0x0c74  gpsvc - ok
18:32:30.0790 0x0c74  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:32:30.0790 0x0c74  HdAudAddService - ok
18:32:30.0821 0x0c74  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
18:32:30.0821 0x0c74  HDAudBus - ok
18:32:31.0024 0x0c74  [ 6F4E7A7E962BDFAAD520C7ACA9121DDC, 1F4D1DB98E8F10C5CD7E2878CF253D6BB344C6D59BF35F310874AA6F57770315 ] HfnISlqYdAO     C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe
18:32:31.0056 0x0c74  HfnISlqYdAO - ok
18:32:31.0071 0x0c74  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
18:32:31.0071 0x0c74  HidBatt - ok
18:32:31.0087 0x0c74  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
18:32:31.0087 0x0c74  HidBth - ok
18:32:31.0134 0x0c74  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
18:32:31.0134 0x0c74  hidi2c - ok
18:32:31.0149 0x0c74  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
18:32:31.0165 0x0c74  HidIr - ok
18:32:31.0181 0x0c74  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\Windows\system32\hidserv.dll
18:32:31.0181 0x0c74  hidserv - ok
18:32:31.0196 0x0c74  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
18:32:31.0196 0x0c74  HidUsb - ok
18:32:31.0228 0x0c74  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:32:31.0228 0x0c74  hkmsvc - ok
18:32:31.0259 0x0c74  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:32:31.0274 0x0c74  HomeGroupListener - ok
18:32:31.0306 0x0c74  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:32:31.0321 0x0c74  HomeGroupProvider - ok
18:32:31.0337 0x0c74  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:32:31.0337 0x0c74  HpSAMD - ok
18:32:31.0368 0x0c74  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:32:31.0399 0x0c74  HTTP - ok
18:32:31.0415 0x0c74  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:32:31.0415 0x0c74  hwpolicy - ok
18:32:31.0415 0x0c74  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
18:32:31.0415 0x0c74  hyperkbd - ok
18:32:31.0415 0x0c74  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
18:32:31.0415 0x0c74  HyperVideo - ok
18:32:31.0431 0x0c74  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
18:32:31.0431 0x0c74  i8042prt - ok
18:32:31.0431 0x0c74  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
18:32:31.0431 0x0c74  iaLPSSi_GPIO - ok
18:32:31.0446 0x0c74  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
18:32:31.0462 0x0c74  iaLPSSi_I2C - ok
18:32:31.0493 0x0c74  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
18:32:31.0509 0x0c74  iaStorAV - ok
18:32:31.0525 0x0c74  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:32:31.0540 0x0c74  iaStorV - ok
18:32:31.0540 0x0c74  IEEtwCollectorService - ok
18:32:31.0556 0x0c74  IePluginServices - ok
18:32:31.0618 0x0c74  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:32:31.0649 0x0c74  IKEEXT - ok
18:32:31.0665 0x0c74  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:32:31.0665 0x0c74  intelide - ok
18:32:31.0696 0x0c74  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
18:32:31.0696 0x0c74  intelpep - ok
18:32:31.0712 0x0c74  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
18:32:31.0712 0x0c74  intelppm - ok
18:32:31.0743 0x0c74  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:31.0759 0x0c74  IpFilterDriver - ok
18:32:31.0806 0x0c74  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:32:31.0821 0x0c74  iphlpsvc - ok
18:32:31.0853 0x0c74  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
18:32:31.0868 0x0c74  IPMIDRV - ok
18:32:31.0868 0x0c74  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:32:31.0868 0x0c74  IPNAT - ok
18:32:31.0884 0x0c74  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:32:31.0884 0x0c74  IRENUM - ok
18:32:31.0900 0x0c74  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:32:31.0900 0x0c74  isapnp - ok
18:32:31.0946 0x0c74  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
18:32:31.0978 0x0c74  iScsiPrt - ok
18:32:31.0993 0x0c74  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
18:32:31.0993 0x0c74  kbdclass - ok
18:32:32.0009 0x0c74  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
18:32:32.0009 0x0c74  kbdhid - ok
18:32:32.0024 0x0c74  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\Windows\system32\drivers\kbldfltr.sys
18:32:32.0024 0x0c74  kbldfltr - ok
18:32:32.0040 0x0c74  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
18:32:32.0040 0x0c74  kdnic - ok
18:32:32.0056 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
18:32:32.0056 0x0c74  KeyIso - ok
18:32:32.0056 0x0c74  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:32:32.0071 0x0c74  KSecDD - ok
18:32:32.0118 0x0c74  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:32:32.0134 0x0c74  KSecPkg - ok
18:32:32.0149 0x0c74  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:32:32.0149 0x0c74  ksthunk - ok
18:32:32.0181 0x0c74  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:32:32.0196 0x0c74  KtmRm - ok
18:32:32.0259 0x0c74  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:32:32.0274 0x0c74  LanmanServer - ok
18:32:32.0306 0x0c74  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:32:32.0321 0x0c74  LanmanWorkstation - ok
18:32:32.0399 0x0c74  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
18:32:32.0415 0x0c74  lfsvc - ok
18:32:32.0415 0x0c74  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:32:32.0431 0x0c74  lltdio - ok
18:32:32.0446 0x0c74  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:32:32.0446 0x0c74  lltdsvc - ok
18:32:32.0462 0x0c74  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:32:32.0462 0x0c74  lmhosts - ok
18:32:32.0493 0x0c74  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:32:32.0493 0x0c74  LSI_SAS - ok
18:32:32.0493 0x0c74  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:32:32.0493 0x0c74  LSI_SAS2 - ok
18:32:32.0525 0x0c74  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
18:32:32.0525 0x0c74  LSI_SAS3 - ok
18:32:32.0540 0x0c74  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
18:32:32.0540 0x0c74  LSI_SSS - ok
18:32:32.0587 0x0c74  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\Windows\System32\lsm.dll
18:32:32.0603 0x0c74  LSM - ok
18:32:32.0603 0x0c74  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:32:32.0618 0x0c74  luafv - ok
18:32:32.0618 0x0c74  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
18:32:32.0618 0x0c74  megasas - ok
18:32:32.0649 0x0c74  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
18:32:32.0665 0x0c74  megasr - ok
18:32:32.0665 0x0c74  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\Windows\system32\mmcss.dll
18:32:32.0681 0x0c74  MMCSS - ok
18:32:32.0681 0x0c74  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
18:32:32.0681 0x0c74  Modem - ok
18:32:32.0681 0x0c74  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
18:32:32.0681 0x0c74  monitor - ok
18:32:32.0696 0x0c74  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
18:32:32.0696 0x0c74  mouclass - ok
18:32:32.0696 0x0c74  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
18:32:32.0712 0x0c74  mouhid - ok
18:32:32.0712 0x0c74  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:32:32.0712 0x0c74  mountmgr - ok
18:32:32.0806 0x0c74  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:32:32.0806 0x0c74  MozillaMaintenance - ok
18:32:32.0821 0x0c74  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:32:32.0821 0x0c74  mpsdrv - ok
18:32:32.0868 0x0c74  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:32:32.0884 0x0c74  MpsSvc - ok
18:32:32.0915 0x0c74  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:32:32.0915 0x0c74  MRxDAV - ok
18:32:32.0962 0x0c74  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:32:32.0962 0x0c74  mrxsmb - ok
18:32:32.0978 0x0c74  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:32:32.0993 0x0c74  mrxsmb10 - ok
18:32:33.0025 0x0c74  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:32:33.0040 0x0c74  mrxsmb20 - ok
18:32:33.0040 0x0c74  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
18:32:33.0056 0x0c74  MsBridge - ok
18:32:33.0056 0x0c74  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\Windows\System32\msdtc.exe
18:32:33.0056 0x0c74  MSDTC - ok
18:32:33.0087 0x0c74  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:32:33.0087 0x0c74  Msfs - ok
18:32:33.0087 0x0c74  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
18:32:33.0087 0x0c74  msgpiowin32 - ok
18:32:33.0103 0x0c74  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:32:33.0103 0x0c74  mshidkmdf - ok
18:32:33.0118 0x0c74  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
18:32:33.0118 0x0c74  mshidumdf - ok
18:32:33.0118 0x0c74  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:32:33.0118 0x0c74  msisadrv - ok
18:32:33.0149 0x0c74  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:32:33.0149 0x0c74  MSiSCSI - ok
18:32:33.0149 0x0c74  msiserver - ok
18:32:33.0165 0x0c74  [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
18:32:33.0165 0x0c74  MsKeyboardFilter - ok
18:32:33.0196 0x0c74  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:32:33.0196 0x0c74  MSKSSRV - ok
18:32:33.0212 0x0c74  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
18:32:33.0212 0x0c74  MsLldp - ok
18:32:33.0228 0x0c74  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:32:33.0228 0x0c74  MSPCLOCK - ok
18:32:33.0228 0x0c74  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:32:33.0228 0x0c74  MSPQM - ok
18:32:33.0259 0x0c74  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:32:33.0259 0x0c74  MsRPC - ok
18:32:33.0274 0x0c74  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
18:32:33.0274 0x0c74  mssmbios - ok
18:32:33.0290 0x0c74  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:32:33.0290 0x0c74  MSTEE - ok
18:32:33.0337 0x0c74  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
18:32:33.0337 0x0c74  MTConfig - ok
18:32:33.0337 0x0c74  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
18:32:33.0353 0x0c74  Mup - ok
18:32:33.0353 0x0c74  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
18:32:33.0353 0x0c74  mvumis - ok
18:32:33.0384 0x0c74  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
18:32:33.0400 0x0c74  napagent - ok
18:32:33.0493 0x0c74  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:32:33.0509 0x0c74  NativeWifiP - ok
18:32:33.0525 0x0c74  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
18:32:33.0540 0x0c74  NcaSvc - ok
18:32:33.0556 0x0c74  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
18:32:33.0556 0x0c74  NcbService - ok
18:32:33.0587 0x0c74  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
18:32:33.0587 0x0c74  NcdAutoSetup - ok
18:32:33.0634 0x0c74  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:32:33.0649 0x0c74  NDIS - ok
18:32:33.0665 0x0c74  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:32:33.0665 0x0c74  NdisCap - ok
18:32:33.0681 0x0c74  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:32:33.0681 0x0c74  NdisImPlatform - ok
18:32:33.0696 0x0c74  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:32:33.0696 0x0c74  NdisTapi - ok
18:32:33.0712 0x0c74  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:32:33.0712 0x0c74  Ndisuio - ok
18:32:33.0728 0x0c74  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
18:32:33.0728 0x0c74  NdisVirtualBus - ok
18:32:33.0743 0x0c74  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:33.0743 0x0c74  NdisWan - ok
18:32:33.0759 0x0c74  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:33.0759 0x0c74  NdisWanLegacy - ok
18:32:33.0759 0x0c74  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:32:33.0759 0x0c74  NDProxy - ok
18:32:33.0774 0x0c74  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
18:32:33.0774 0x0c74  Ndu - ok
18:32:33.0790 0x0c74  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:32:33.0790 0x0c74  NetBIOS - ok
18:32:33.0790 0x0c74  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:32:33.0806 0x0c74  NetBT - ok
18:32:33.0821 0x0c74  [ 9E34BF0784E087F7366DBD2BDA01C8EB, 299B4D9DFFC409FDC8AB8678190164E286D16A93F8FEBCE1DA649D2F748A0D1D ] netfilter64     C:\Windows\system32\drivers\netfilter64.sys
18:32:33.0821 0x0c74  netfilter64 - ok
18:32:33.0837 0x0c74  nethfdrv - ok
18:32:33.0899 0x0c74  [ 35608D966D4170CB1E7DB6CBCA7F3483, 5366E3874F78B2BCE72061FFDC4DC35D730AE544BA575B0974AB6B22248B15E9 ] NetHttpService  C:\Windows\SysWOW64\nethtsrv.exe
18:32:33.0899 0x0c74  NetHttpService - ok
18:32:33.0915 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
18:32:33.0915 0x0c74  Netlogon - ok
18:32:33.0931 0x0c74  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
18:32:33.0946 0x0c74  Netman - ok
18:32:33.0978 0x0c74  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
18:32:33.0978 0x0c74  netprofm - ok
18:32:34.0056 0x0c74  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:34.0071 0x0c74  NetTcpPortSharing - ok
18:32:34.0103 0x0c74  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
18:32:34.0103 0x0c74  netvsc - ok
18:32:34.0149 0x0c74  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:32:34.0165 0x0c74  NlaSvc - ok
18:32:34.0181 0x0c74  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:32:34.0181 0x0c74  Npfs - ok
18:32:34.0228 0x0c74  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
18:32:34.0228 0x0c74  npsvctrig - ok
18:32:34.0243 0x0c74  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\Windows\system32\nsisvc.dll
18:32:34.0259 0x0c74  nsi - ok
18:32:34.0274 0x0c74  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:32:34.0274 0x0c74  nsiproxy - ok
18:32:34.0368 0x0c74  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:32:34.0399 0x0c74  Ntfs - ok
18:32:34.0415 0x0c74  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
18:32:34.0415 0x0c74  Null - ok
18:32:34.0415 0x0c74  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:32:34.0431 0x0c74  nvraid - ok
18:32:34.0431 0x0c74  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:32:34.0446 0x0c74  nvstor - ok
18:32:34.0446 0x0c74  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:32:34.0446 0x0c74  nv_agp - ok
18:32:34.0478 0x0c74  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:32:34.0493 0x0c74  p2pimsvc - ok
18:32:34.0509 0x0c74  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:32:34.0524 0x0c74  p2psvc - ok
18:32:34.0540 0x0c74  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
18:32:34.0540 0x0c74  Parport - ok
18:32:34.0556 0x0c74  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:32:34.0556 0x0c74  partmgr - ok
18:32:34.0571 0x0c74  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:32:34.0587 0x0c74  PcaSvc - ok
18:32:34.0618 0x0c74  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
18:32:34.0634 0x0c74  pci - ok
18:32:34.0650 0x0c74  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:32:34.0650 0x0c74  pciide - ok
18:32:34.0665 0x0c74  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:32:34.0665 0x0c74  pcmcia - ok
18:32:34.0696 0x0c74  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:32:34.0696 0x0c74  pcw - ok
18:32:34.0743 0x0c74  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
18:32:34.0743 0x0c74  pdc - ok
18:32:34.0774 0x0c74  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:32:34.0790 0x0c74  PEAUTH - ok
18:32:34.0868 0x0c74  [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:32:34.0915 0x0c74  PeerDistSvc - ok
18:32:34.0978 0x0c74  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:32:34.0978 0x0c74  PerfHost - ok
18:32:35.0040 0x0c74  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\Windows\system32\pla.dll
18:32:35.0071 0x0c74  pla - ok
18:32:35.0103 0x0c74  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:32:35.0103 0x0c74  PlugPlay - ok
18:32:35.0134 0x0c74  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:32:35.0134 0x0c74  PNRPAutoReg - ok
18:32:35.0149 0x0c74  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:32:35.0149 0x0c74  PNRPsvc - ok
18:32:35.0181 0x0c74  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:32:35.0196 0x0c74  PolicyAgent - ok
18:32:35.0212 0x0c74  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\Windows\system32\umpo.dll
18:32:35.0212 0x0c74  Power - ok
18:32:35.0228 0x0c74  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:32:35.0228 0x0c74  PptpMiniport - ok
18:32:35.0399 0x0c74  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
18:32:35.0462 0x0c74  PrintNotify - ok
18:32:35.0493 0x0c74  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
18:32:35.0493 0x0c74  Processor - ok
18:32:35.0525 0x0c74  [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:32:35.0540 0x0c74  ProfSvc - ok
18:32:35.0556 0x0c74  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:32:35.0556 0x0c74  Psched - ok
18:32:35.0618 0x0c74  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\Windows\system32\qwave.dll
18:32:35.0634 0x0c74  QWAVE - ok
18:32:35.0650 0x0c74  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:32:35.0650 0x0c74  QWAVEdrv - ok
18:32:35.0665 0x0c74  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:32:35.0665 0x0c74  RasAcd - ok
18:32:35.0712 0x0c74  [ 674A4702E4E144E8710ED1A2EC6DD049, 613A921101A6815C9185D5EF3E251A592604E56FADE945BB7E256885CAD473BC ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:32:35.0728 0x0c74  RasAgileVpn - ok
18:32:35.0743 0x0c74  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\Windows\System32\rasauto.dll
18:32:35.0759 0x0c74  RasAuto - ok
18:32:35.0775 0x0c74  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:32:35.0775 0x0c74  Rasl2tp - ok
18:32:35.0806 0x0c74  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
18:32:35.0821 0x0c74  RasMan - ok
18:32:35.0837 0x0c74  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:35.0837 0x0c74  RasPppoe - ok
18:32:35.0853 0x0c74  [ 2B0F1677CDD08967005F34488559BC6F, FFF168EBD171C0B85A448AD1A04F66534E889AE1DC128F68EA3F35D5996C8D39 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:32:35.0853 0x0c74  RasSstp - ok
18:32:35.0884 0x0c74  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:32:35.0884 0x0c74  rdbss - ok
18:32:35.0899 0x0c74  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
18:32:35.0899 0x0c74  rdpbus - ok
18:32:35.0946 0x0c74  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:32:35.0946 0x0c74  RDPDR - ok
18:32:35.0993 0x0c74  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:32:35.0993 0x0c74  RdpVideoMiniport - ok
18:32:36.0009 0x0c74  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:32:36.0024 0x0c74  rdyboost - ok
18:32:36.0071 0x0c74  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
18:32:36.0087 0x0c74  ReFS - ok
18:32:36.0118 0x0c74  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:32:36.0181 0x0c74  RemoteAccess - ok
18:32:36.0212 0x0c74  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:32:36.0212 0x0c74  RemoteRegistry - ok
18:32:36.0243 0x0c74  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:32:36.0243 0x0c74  RpcEptMapper - ok
18:32:36.0274 0x0c74  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
18:32:36.0274 0x0c74  RpcLocator - ok
18:32:36.0321 0x0c74  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\Windows\system32\rpcss.dll
18:32:36.0337 0x0c74  RpcSs - ok
18:32:36.0368 0x0c74  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:32:36.0368 0x0c74  rspndr - ok
18:32:36.0399 0x0c74  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
18:32:36.0415 0x0c74  RTL8168 - ok
18:32:36.0478 0x0c74  [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
18:32:36.0524 0x0c74  RtlWlanu - ok
18:32:36.0540 0x0c74  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
18:32:36.0540 0x0c74  s3cap - ok
18:32:36.0556 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\Windows\system32\lsass.exe
18:32:36.0556 0x0c74  SamSs - ok
18:32:36.0603 0x0c74  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:32:36.0618 0x0c74  sbp2port - ok
18:32:36.0649 0x0c74  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:32:36.0649 0x0c74  SCardSvr - ok
18:32:36.0665 0x0c74  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
18:32:36.0665 0x0c74  ScDeviceEnum - ok
18:32:36.0696 0x0c74  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:32:36.0696 0x0c74  scfilter - ok
18:32:36.0743 0x0c74  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
18:32:36.0774 0x0c74  Schedule - ok
18:32:36.0806 0x0c74  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:32:36.0806 0x0c74  SCPolicySvc - ok
18:32:36.0837 0x0c74  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
18:32:36.0853 0x0c74  sdbus - ok
18:32:36.0884 0x0c74  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
18:32:36.0884 0x0c74  sdstor - ok
18:32:36.0884 0x0c74  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:32:36.0884 0x0c74  secdrv - ok
18:32:36.0915 0x0c74  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
18:32:36.0915 0x0c74  seclogon - ok
18:32:36.0915 0x0c74  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
18:32:36.0931 0x0c74  SENS - ok
18:32:36.0946 0x0c74  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:32:36.0946 0x0c74  SensrSvc - ok
18:32:36.0962 0x0c74  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
18:32:36.0962 0x0c74  SerCx - ok
18:32:36.0962 0x0c74  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
18:32:36.0978 0x0c74  SerCx2 - ok
18:32:36.0978 0x0c74  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
18:32:36.0978 0x0c74  Serenum - ok
18:32:36.0993 0x0c74  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
18:32:36.0993 0x0c74  Serial - ok
18:32:37.0009 0x0c74  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
18:32:37.0009 0x0c74  sermouse - ok
18:32:37.0134 0x0c74  [ B66E1D9E07691C2DBF771224EE6C23BE, 1BC60E0AE7A9BD0DB2152B73A412BBB455BECAB3D2486740800BFD0943059EBD ] ServiceUpdater  C:\Windows\SysWOW64\netupdsrv.exe
18:32:37.0134 0x0c74  ServiceUpdater - ok
18:32:37.0165 0x0c74  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:32:37.0181 0x0c74  SessionEnv - ok
18:32:37.0196 0x0c74  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
18:32:37.0196 0x0c74  sfloppy - ok
18:32:37.0274 0x0c74  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:32:37.0290 0x0c74  SharedAccess - ok
18:32:37.0337 0x0c74  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:32:37.0353 0x0c74  ShellHWDetection - ok
18:32:37.0368 0x0c74  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:32:37.0368 0x0c74  SiSRaid2 - ok
18:32:37.0384 0x0c74  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:32:37.0384 0x0c74  SiSRaid4 - ok
18:32:37.0400 0x0c74  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\Windows\System32\smphost.dll
18:32:37.0400 0x0c74  smphost - ok
18:32:37.0415 0x0c74  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:32:37.0415 0x0c74  SNMPTRAP - ok
18:32:37.0478 0x0c74  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\Windows\system32\drivers\spaceport.sys
18:32:37.0493 0x0c74  spaceport - ok
18:32:37.0493 0x0c74  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
18:32:37.0493 0x0c74  SpbCx - ok
18:32:37.0556 0x0c74  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\Windows\System32\spoolsv.exe
18:32:37.0571 0x0c74  Spooler - ok
18:32:37.0774 0x0c74  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
18:32:37.0868 0x0c74  sppsvc - ok
18:32:37.0900 0x0c74  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:32:37.0915 0x0c74  srv - ok
18:32:37.0931 0x0c74  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:32:37.0946 0x0c74  srv2 - ok
18:32:37.0962 0x0c74  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:32:37.0978 0x0c74  srvnet - ok
18:32:37.0993 0x0c74  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:32:37.0993 0x0c74  SSDPSRV - ok
18:32:38.0009 0x0c74  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:32:38.0009 0x0c74  SstpSvc - ok
18:32:38.0103 0x0c74  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:32:38.0134 0x0c74  Steam Client Service - ok
18:32:38.0134 0x0c74  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:32:38.0134 0x0c74  stexstor - ok
18:32:38.0165 0x0c74  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
18:32:38.0181 0x0c74  stisvc - ok
18:32:38.0196 0x0c74  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
18:32:38.0212 0x0c74  storahci - ok
18:32:38.0228 0x0c74  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
18:32:38.0228 0x0c74  storflt - ok
18:32:38.0243 0x0c74  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
18:32:38.0243 0x0c74  stornvme - ok
18:32:38.0259 0x0c74  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\Windows\system32\storsvc.dll
18:32:38.0259 0x0c74  StorSvc - ok
18:32:38.0274 0x0c74  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:32:38.0274 0x0c74  storvsc - ok
18:32:38.0274 0x0c74  [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp         C:\Windows\System32\drivers\storvsp.sys
18:32:38.0274 0x0c74  storvsp - ok
18:32:38.0290 0x0c74  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\Windows\system32\svsvc.dll
18:32:38.0290 0x0c74  svsvc - ok
18:32:38.0290 0x0c74  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
18:32:38.0306 0x0c74  swenum - ok
18:32:38.0353 0x0c74  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\Windows\System32\swprv.dll
18:32:38.0368 0x0c74  swprv - ok
18:32:38.0431 0x0c74  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\Windows\system32\sysmain.dll
18:32:38.0462 0x0c74  SysMain - ok
18:32:38.0540 0x0c74  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:32:38.0571 0x0c74  SystemEventsBroker - ok
18:32:38.0587 0x0c74  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
18:32:38.0587 0x0c74  TabletInputService - ok
18:32:38.0603 0x0c74  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:32:38.0618 0x0c74  TapiSrv - ok
18:32:38.0759 0x0c74  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:32:38.0806 0x0c74  Tcpip - ok
18:32:38.0868 0x0c74  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:32:38.0915 0x0c74  TCPIP6 - ok
18:32:38.0946 0x0c74  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:32:38.0946 0x0c74  tcpipreg - ok
18:32:38.0962 0x0c74  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:32:38.0962 0x0c74  tdx - ok
18:32:39.0196 0x0c74  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
18:32:39.0275 0x0c74  TeamViewer9 - ok
18:32:39.0290 0x0c74  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
18:32:39.0290 0x0c74  terminpt - ok
18:32:39.0337 0x0c74  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\Windows\System32\termsrv.dll
18:32:39.0353 0x0c74  TermService - ok
18:32:39.0384 0x0c74  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
18:32:39.0384 0x0c74  Themes - ok
18:32:39.0415 0x0c74  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:32:39.0415 0x0c74  THREADORDER - ok
18:32:39.0431 0x0c74  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
18:32:39.0431 0x0c74  TimeBroker - ok
18:32:39.0446 0x0c74  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
18:32:39.0446 0x0c74  TPM - ok
18:32:39.0462 0x0c74  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
18:32:39.0462 0x0c74  TrkWks - ok
18:32:39.0509 0x0c74  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:32:39.0524 0x0c74  TrustedInstaller - ok
18:32:39.0571 0x0c74  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:32:39.0571 0x0c74  TsUsbFlt - ok
18:32:39.0587 0x0c74  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
18:32:39.0587 0x0c74  TsUsbGD - ok
18:32:39.0603 0x0c74  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:32:39.0603 0x0c74  tunnel - ok
18:32:39.0603 0x0c74  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:32:39.0603 0x0c74  uagp35 - ok
18:32:39.0618 0x0c74  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
18:32:39.0618 0x0c74  UASPStor - ok
18:32:39.0649 0x0c74  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
18:32:39.0649 0x0c74  UCX01000 - ok
18:32:39.0665 0x0c74  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:32:39.0681 0x0c74  udfs - ok
18:32:39.0696 0x0c74  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
18:32:39.0696 0x0c74  UEFI - ok
18:32:39.0712 0x0c74  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:32:39.0712 0x0c74  UI0Detect - ok
18:32:39.0728 0x0c74  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:32:39.0728 0x0c74  uliagpkx - ok
18:32:39.0774 0x0c74  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
18:32:39.0774 0x0c74  umbus - ok
18:32:39.0790 0x0c74  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
18:32:39.0806 0x0c74  UmPass - ok
18:32:39.0837 0x0c74  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:32:39.0837 0x0c74  UmRdpService - ok
18:32:39.0868 0x0c74  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
18:32:39.0884 0x0c74  upnphost - ok
18:32:39.0915 0x0c74  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
18:32:39.0931 0x0c74  usbccgp - ok
18:32:39.0931 0x0c74  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
18:32:39.0931 0x0c74  usbcir - ok
18:32:39.0962 0x0c74  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
18:32:39.0978 0x0c74  usbehci - ok
18:32:39.0993 0x0c74  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
18:32:39.0993 0x0c74  usbfilter - ok
18:32:40.0024 0x0c74  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
18:32:40.0024 0x0c74  usbhub - ok
18:32:40.0040 0x0c74  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
18:32:40.0056 0x0c74  USBHUB3 - ok
18:32:40.0103 0x0c74  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
18:32:40.0103 0x0c74  usbohci - ok
18:32:40.0134 0x0c74  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
18:32:40.0134 0x0c74  usbprint - ok
18:32:40.0196 0x0c74  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
18:32:40.0196 0x0c74  USBSTOR - ok
18:32:40.0259 0x0c74  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
18:32:40.0259 0x0c74  usbuhci - ok
18:32:40.0321 0x0c74  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
18:32:40.0321 0x0c74  USBXHCI - ok
18:32:40.0353 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:32:40.0353 0x0c74  VaultSvc - ok
18:32:40.0353 0x0c74  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:32:40.0368 0x0c74  vdrvroot - ok
18:32:40.0493 0x0c74  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\Windows\System32\vds.exe
18:32:40.0524 0x0c74  vds - ok
18:32:40.0524 0x0c74  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
18:32:40.0540 0x0c74  VerifierExt - ok
18:32:40.0556 0x0c74  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
18:32:40.0571 0x0c74  vhdmp - ok
18:32:40.0587 0x0c74  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:32:40.0587 0x0c74  viaide - ok
18:32:40.0587 0x0c74  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid             C:\Windows\System32\drivers\Vid.sys
18:32:40.0603 0x0c74  Vid - ok
18:32:40.0618 0x0c74  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:32:40.0618 0x0c74  vmbus - ok
18:32:40.0618 0x0c74  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
18:32:40.0634 0x0c74  VMBusHID - ok
18:32:40.0649 0x0c74  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
18:32:40.0649 0x0c74  vmbusr - ok
18:32:40.0681 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
18:32:40.0696 0x0c74  vmicguestinterface - ok
18:32:40.0696 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
18:32:40.0712 0x0c74  vmicheartbeat - ok
18:32:40.0728 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:32:40.0743 0x0c74  vmickvpexchange - ok
18:32:40.0743 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\Windows\System32\ICSvc.dll
18:32:40.0759 0x0c74  vmicrdv - ok
18:32:40.0774 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
18:32:40.0790 0x0c74  vmicshutdown - ok
18:32:40.0790 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
18:32:40.0806 0x0c74  vmictimesync - ok
18:32:40.0821 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\Windows\System32\ICSvc.dll
18:32:40.0821 0x0c74  vmicvss - ok
18:32:40.0837 0x0c74  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:32:40.0837 0x0c74  volmgr - ok
18:32:40.0868 0x0c74  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:32:40.0868 0x0c74  volmgrx - ok
18:32:40.0884 0x0c74  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:32:40.0900 0x0c74  volsnap - ok
18:32:40.0900 0x0c74  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
18:32:40.0900 0x0c74  vpci - ok
18:32:40.0915 0x0c74  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp         C:\Windows\System32\drivers\vpcivsp.sys
18:32:40.0915 0x0c74  vpcivsp - ok
18:32:40.0931 0x0c74  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:32:40.0931 0x0c74  vsmraid - ok
18:32:41.0040 0x0c74  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\Windows\system32\vssvc.exe
18:32:41.0071 0x0c74  VSS - ok
18:32:41.0087 0x0c74  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
18:32:41.0087 0x0c74  VSTXRAID - ok
18:32:41.0118 0x0c74  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:32:41.0118 0x0c74  vwifibus - ok
18:32:41.0165 0x0c74  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:32:41.0181 0x0c74  vwififlt - ok
18:32:41.0196 0x0c74  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:32:41.0212 0x0c74  vwifimp - ok
18:32:41.0228 0x0c74  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\Windows\system32\w32time.dll
18:32:41.0243 0x0c74  W32Time - ok
18:32:41.0259 0x0c74  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
18:32:41.0259 0x0c74  WacomPen - ok
18:32:41.0275 0x0c74  [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:32:41.0290 0x0c74  Wanarp - ok
18:32:41.0290 0x0c74  [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:32:41.0290 0x0c74  Wanarpv6 - ok
18:32:41.0353 0x0c74  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
18:32:41.0384 0x0c74  wbengine - ok
18:32:41.0415 0x0c74  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:32:41.0431 0x0c74  WbioSrvc - ok
18:32:41.0446 0x0c74  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
18:32:41.0446 0x0c74  Wcmsvc - ok
18:32:41.0478 0x0c74  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:32:41.0478 0x0c74  wcncsvc - ok
18:32:41.0493 0x0c74  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:32:41.0493 0x0c74  WcsPlugInService - ok
18:32:41.0525 0x0c74  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
18:32:41.0525 0x0c74  WdBoot - ok
18:32:41.0603 0x0c74  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:32:41.0634 0x0c74  Wdf01000 - ok
18:32:41.0665 0x0c74  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
18:32:41.0696 0x0c74  WdFilter - ok
18:32:41.0696 0x0c74  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:32:41.0712 0x0c74  WdiServiceHost - ok
18:32:41.0712 0x0c74  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:32:41.0712 0x0c74  WdiSystemHost - ok
18:32:41.0728 0x0c74  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
18:32:41.0728 0x0c74  WdNisDrv - ok
18:32:41.0759 0x0c74  WdNisSvc - ok
18:32:41.0790 0x0c74  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\Windows\System32\webclnt.dll
18:32:41.0790 0x0c74  WebClient - ok
18:32:41.0821 0x0c74  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:32:41.0821 0x0c74  Wecsvc - ok
18:32:41.0837 0x0c74  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
18:32:41.0837 0x0c74  WEPHOSTSVC - ok
18:32:41.0853 0x0c74  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:32:41.0853 0x0c74  wercplsupport - ok
18:32:41.0868 0x0c74  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:32:41.0868 0x0c74  WerSvc - ok
18:32:41.0884 0x0c74  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
18:32:41.0884 0x0c74  WFPLWFS - ok
18:32:41.0900 0x0c74  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
18:32:41.0915 0x0c74  WiaRpc - ok
18:32:41.0931 0x0c74  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:32:41.0931 0x0c74  WIMMount - ok
18:32:41.0931 0x0c74  WinDefend - ok
18:32:41.0962 0x0c74  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
18:32:41.0993 0x0c74  WinHttpAutoProxySvc - ok
18:32:42.0025 0x0c74  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:32:42.0025 0x0c74  Winmgmt - ok
18:32:42.0150 0x0c74  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:32:42.0212 0x0c74  WinRM - ok
18:32:42.0290 0x0c74  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\Windows\System32\wlansvc.dll
18:32:42.0321 0x0c74  WlanSvc - ok
18:32:42.0368 0x0c74  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
18:32:42.0400 0x0c74  wlidsvc - ok
18:32:42.0415 0x0c74  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
18:32:42.0415 0x0c74  WmiAcpi - ok
18:32:42.0446 0x0c74  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:32:42.0446 0x0c74  wmiApSrv - ok
18:32:42.0446 0x0c74  WMPNetworkSvc - ok
18:32:42.0478 0x0c74  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
18:32:42.0478 0x0c74  Wof - ok
18:32:42.0525 0x0c74  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
18:32:42.0571 0x0c74  workfolderssvc - ok
18:32:42.0603 0x0c74  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
18:32:42.0603 0x0c74  wpcfltr - ok
18:32:42.0634 0x0c74  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:32:42.0634 0x0c74  WPCSvc - ok
18:32:42.0665 0x0c74  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:32:42.0681 0x0c74  WPDBusEnum - ok
18:32:42.0696 0x0c74  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
18:32:42.0696 0x0c74  WpdUpFltr - ok
18:32:42.0696 0x0c74  wpnfd_1_10_0_2 - ok
18:32:42.0712 0x0c74  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:32:42.0712 0x0c74  ws2ifsl - ok
18:32:42.0759 0x0c74  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:32:42.0775 0x0c74  wscsvc - ok
18:32:42.0790 0x0c74  WSearch - ok
18:32:42.0962 0x0c74  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\Windows\System32\WSService.dll
18:32:43.0040 0x0c74  WSService - ok
18:32:43.0165 0x0c74  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:32:43.0243 0x0c74  wuauserv - ok
18:32:43.0290 0x0c74  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:32:43.0306 0x0c74  WudfPf - ok
18:32:43.0337 0x0c74  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
18:32:43.0353 0x0c74  WUDFRd - ok
18:32:43.0368 0x0c74  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:43.0368 0x0c74  WUDFSensorLP - ok
18:32:43.0384 0x0c74  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:32:43.0400 0x0c74  wudfsvc - ok
18:32:43.0400 0x0c74  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:43.0400 0x0c74  WUDFWpdFs - ok
18:32:43.0431 0x0c74  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:32:43.0446 0x0c74  WwanSvc - ok
18:32:43.0478 0x0c74  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\Windows\System32\drivers\xusb22.sys
18:32:43.0493 0x0c74  xusb22 - ok
18:32:43.0493 0x0c74  ================ Scan global ===============================
18:32:43.0556 0x0c74  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
18:32:43.0571 0x0c74  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
18:32:43.0603 0x0c74  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
18:32:43.0634 0x0c74  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
18:32:43.0650 0x0c74  [ Global ] - ok
18:32:43.0650 0x0c74  ================ Scan MBR ==================================
18:32:43.0650 0x0c74  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:32:43.0806 0x0c74  \Device\Harddisk0\DR0 - ok
18:32:43.0821 0x0c74  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:32:43.0884 0x0c74  \Device\Harddisk1\DR1 - ok
18:32:43.0884 0x0c74  ================ Scan VBR ==================================
18:32:43.0900 0x0c74  [ 56E31F542461E82C23D26EA542EFDD14 ] \Device\Harddisk0\DR0\Partition1
18:32:43.0931 0x0c74  \Device\Harddisk0\DR0\Partition1 - ok
18:32:43.0931 0x0c74  [ A25CB02F330B5C729728C60E6DB588EE ] \Device\Harddisk1\DR1\Partition1
18:32:43.0978 0x0c74  \Device\Harddisk1\DR1\Partition1 - ok
18:32:43.0978 0x0c74  ================ Scan generic autorun ======================
18:32:44.0025 0x0c74  [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:32:44.0040 0x0c74  Classic Start Menu - ok
18:32:44.0056 0x0c74  GameforgeLive - ok
18:32:44.0071 0x05c0  Object required for P2P: [ 35608D966D4170CB1E7DB6CBCA7F3483 ] NetHttpService
18:32:44.0150 0x0c74  [ 4F521D834261058DACD22FC48CC72815, D10166DA58BC3CC67C16B95DA88C941B2620A09A8CAC76D3DEC5A4EF80C074DD ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
18:32:44.0165 0x0c74  StartCCC - ok
18:32:44.0228 0x0c74  [ 80086ED442941DE2CA18CB6DAE8C1422, F7BE958F2E8E17970C238E3806F4A742B12DA09EB21093BD6371CF4B580C5BE4 ] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
18:32:44.0275 0x0c74  Aeria Ignite - ok
18:32:44.0321 0x0c74  ConvertAd - ok
18:32:44.0353 0x0c74  OfferBoulevard - ok
18:32:44.0509 0x0c74  [ 0FB5EB5C3639C88A02DADA0BBC079A58, 0C55C5ADEC91999F3C748F369F106BDA7D95237150AB84DD07795AAB10E82BE0 ] C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
18:32:44.0571 0x0c74  Battle.net - ok
18:32:44.0759 0x0c74  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe
18:32:44.0853 0x0c74  Akamai NetSession Interface - ok
18:32:44.0868 0x0c74  Waiting for KSN requests completion. In queue: 227
18:32:45.0884 0x0c74  Waiting for KSN requests completion. In queue: 227
18:32:46.0900 0x0c74  Waiting for KSN requests completion. In queue: 227
18:32:47.0587 0x05c0  Object send P2P result: true
18:32:47.0603 0x05c0  Object required for P2P: [ B66E1D9E07691C2DBF771224EE6C23BE ] ServiceUpdater
18:32:47.0915 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:48.0931 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:49.0946 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:50.0962 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:51.0087 0x05c0  Object send P2P result: true
18:32:51.0978 0x0c74  Have new async UDS detects: 2
18:32:51.0978 0x0c74  ServiceUpdater - detected UDS:DangerousObject.Multi.Generic ( 0 )
18:32:52.0087 0x0c74  ServiceUpdater ( UDS:DangerousObject.Multi.Generic ) - infected
18:32:52.0087 0x0c74  Force sending object to P2P due to detect: ServiceUpdater
18:32:55.0587 0x0c74  Object send P2P result: true
18:32:58.0150 0x0c74  NetHttpService - detected UDS:DangerousObject.Multi.Generic ( 0 )
18:32:58.0150 0x0c74  NetHttpService ( UDS:DangerousObject.Multi.Generic ) - infected
18:32:58.0150 0x0c74  Force sending object to P2P due to detect: NetHttpService
18:33:01.0634 0x0c74  Object send P2P result: true
18:33:04.0118 0x0c74  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x61100 ( enabled : updated )
18:33:04.0134 0x0c74  Win FW state via NFP2: enabled
18:33:06.0587 0x0c74  ============================================================
18:33:06.0587 0x0c74  Scan finished
18:33:06.0587 0x0c74  ============================================================
18:33:06.0587 0x0ae0  Detected object count: 2
18:33:06.0587 0x0ae0  Actual detected object count: 2
18:33:55.0665 0x0ae0  ServiceUpdater ( UDS:DangerousObject.Multi.Generic ) - skipped by user
18:33:55.0665 0x0ae0  ServiceUpdater ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
18:33:55.0665 0x0ae0  NetHttpService ( UDS:DangerousObject.Multi.Generic ) - skipped by user
18:33:55.0665 0x0ae0  NetHttpService ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip

cosinus · 09.01.2015, 18:41

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hassel · 11.01.2015, 09:42

ADWCleaner

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 18:48:16
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : DarkDragons - SHOCKDRAGONS
# Gestartet von : C:\Users\DarkDragons\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginServices
Dienst Gelöscht : netfilter64
Dienst Gelöscht : nethfdrv
Dienst Gelöscht : NethxxpService
Dienst Gelöscht : ServiceUpdater
Dienst Gelöscht : CouponArificService64
[#] Dienst Gelöscht : wpnfd_1_10_0_2

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\CoupSocanner
Ordner Gelöscht : C:\ProgramData\7e32c95910c02541
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\ASP
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Probit Software
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\RCP
Ordner Gelöscht : C:\Program Files (x86)\snipsmart
Ordner Gelöscht : C:\Program Files (x86)\OfferBoulevard
Ordner Gelöscht : C:\Program Files (x86)\Search Extensions
Ordner Gelöscht : C:\Program Files (x86)\CoupSocanner
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files\CouponArific
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\Gameo
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\ZombieInvasion
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\Genesis_09190925
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\mbot_de_82
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Gameo
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\PennyBee
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Security Systems
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\DarkDragons\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\Extensions\superdrag@enjoyfreeware.org
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\hfpapi.dll
Datei Gelöscht : C:\Windows\SysWOW64\installd.exe
Datei Gelöscht : C:\Windows\SysWOW64\nethtsrv.exe
Datei Gelöscht : C:\Windows\SysWOW64\netupdsrv.exe
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\DarkDragons\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\invalidprefs.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\searchplugins\astromenda.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\user.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\user.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\p97fwsvk.default-1417276636067\user.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\zay3160o.default-1417290609102\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml

***** [ Tasks ] *****

Task Gelöscht : AmiUpdXp
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ASP
Task Gelöscht : LaunchSignup
Task Gelöscht : PennyBee
Task Gelöscht : InfiniteCrisis TW2
Task Gelöscht : InfiniteCrisis TW1

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9a96531-b093-4d07-9e4c-9704a365c441}]
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [OfferBoulevard]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CoupuScaanneer.CoupuScaanneer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CoupuScaanneer.CoupuScaanneer.3.2
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_de_82]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E56A02B-46FE-4490-B169-F16E5231533B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\PennyBee
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\WebEnhance
Schlüssel Gelöscht : HKCU\Software\Easy Speed Check
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\StormWatch
Schlüssel Gelöscht : HKCU\Software\CoinisRS
Schlüssel Gelöscht : HKCU\Software\gameo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Browse Safe
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\WordProser_1.10.0.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=55&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D[...]
[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "1494e0fbc71b32f3fb13688e5dbfa325");

*************************

AdwCleaner[R0].txt - [19619 octets] - [09/01/2015 18:47:08]
AdwCleaner[S0].txt - [15231 octets] - [09/01/2015 18:48:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15292 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by DarkDragons on 09.01.2015 at 18:54:40,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-9A6A3D32.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\DarkDragons\AppData\Roaming\mozilla\firefox\profiles\62w0zqkx.default-1417292043854\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at 18:56:20,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by DarkDragons (administrator) on SHOCKDRAGONS on 09-01-2015 18:58:23
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Time Lapse Solutions) C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Akamai NetSession Interface] => C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\DarkDragons\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Deutsch (DE) Language Pack - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-09]
FF Extension: Locale Switcher - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-01-09]
FF Extension: Adblock Plus - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-09]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\DarkDragons\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:58 - 2015-01-09 18:58 - 00008767 _____ () C:\Users\DarkDragons\Desktop\FRST.txt
2015-01-09 18:56 - 2015-01-09 18:56 - 00000926 _____ () C:\Users\DarkDragons\Desktop\JRT.txt
2015-01-09 18:54 - 2015-01-09 18:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 18:53 - 2015-01-09 18:54 - 01707939 _____ (Thisisu) C:\Users\DarkDragons\Desktop\JRT.exe
2015-01-09 18:48 - 2015-01-09 18:50 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\ZombieInvasion
2015-01-09 18:47 - 2015-01-09 18:48 - 00000000 ____D () C:\AdwCleaner
2015-01-09 18:46 - 2015-01-09 18:46 - 02191360 _____ () C:\Users\DarkDragons\Desktop\AdwCleaner_4.107.exe
2015-01-09 18:30 - 2015-01-09 18:30 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\DarkDragons\Desktop\tdsskiller.exe
2015-01-09 17:50 - 2015-01-09 17:50 - 00000687 _____ () C:\awhFAE7.tmp
2015-01-09 17:33 - 2015-01-09 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 17:33 - 2015-01-09 18:10 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 17:33 - 2015-01-09 17:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 17:31 - 2015-01-09 18:21 - 00000000 ____D () C:\Users\DarkDragons\Desktop\mbar
2015-01-09 17:31 - 2015-01-09 18:09 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 15:30 - 2015-01-09 18:58 - 00000000 ____D () C:\FRST
2015-01-09 15:29 - 2015-01-09 15:29 - 02124288 _____ (Farbar) C:\Users\DarkDragons\Desktop\FRST64.exe
2015-01-04 20:29 - 2015-01-04 20:29 - 00000687 _____ () C:\awh2A63.tmp
2015-01-03 14:54 - 2015-01-03 14:54 - 00000687 _____ () C:\awhB136.tmp
2015-01-01 10:39 - 2015-01-01 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-12-24 13:16 - 2014-12-24 13:16 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Alien Isolation.url
2014-12-23 11:18 - 2014-12-23 11:18 - 00000687 _____ () C:\awh81D9.tmp
2014-12-21 20:45 - 2014-12-21 20:45 - 00000687 _____ () C:\awhEC60.tmp
2014-12-19 18:44 - 2014-12-19 18:44 - 00000687 _____ () C:\awh4855.tmp
2014-12-18 20:31 - 2014-12-18 20:32 - 00280752 _____ () C:\Windows\Minidump\121814-25093-01.dmp
2014-12-18 20:31 - 2014-12-18 20:31 - 696154421 _____ () C:\Windows\MEMORY.DMP
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 21:56 - 2014-12-16 21:56 - 00000687 _____ () C:\awhF7AA.tmp
2014-12-16 21:25 - 2014-12-16 21:25 - 00000687 _____ () C:\awh9CB.tmp
2014-12-15 23:06 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 23:06 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 16:33 - 2014-12-14 16:33 - 00000687 _____ () C:\awh966D.tmp
2014-12-12 14:03 - 2014-12-12 14:03 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Sacred 3.url
2014-12-12 08:47 - 2014-12-12 08:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 05:06 - 2014-12-10 05:06 - 00000687 _____ () C:\awhB13.tmp
2014-12-10 00:08 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 00:08 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:54 - 2014-05-16 18:29 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357861172-224482980-2813433480-1001
2015-01-09 18:50 - 2014-05-16 18:15 - 01667223 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 18:49 - 2014-03-18 02:51 - 00109654 _____ () C:\Windows\PFRO.log
2015-01-09 18:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 18:44 - 2014-10-19 14:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 18:34 - 2014-05-16 18:45 - 00000000 ____D () C:\Users\DarkDragons\AppData\Roaming\ClassicShell
2015-01-09 18:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-09 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-09 17:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2015-01-09 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-09 15:23 - 2014-05-16 18:34 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7F5C46-D0D5-44D6-A666-2A83C8BD8ED4}
2015-01-05 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 00:19 - 2014-06-07 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 00:19 - 2014-05-16 18:18 - 00000000 ____D () C:\Users\DarkDragons
2015-01-04 20:19 - 2014-05-16 18:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\JDownloader v2.0
2014-12-31 12:14 - 2014-08-30 21:15 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 20:38 - 2014-06-20 16:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-18 18:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 20:53 - 2014-09-02 09:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Akamai
2014-12-16 21:19 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 22:11 - 2014-05-18 12:07 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Battle.net
2014-12-12 16:37 - 2014-06-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-12 12:46 - 2014-06-22 14:57 - 00000000 ____D () C:\Users\DarkDragons\Documents\StarCraft II
2014-12-12 10:02 - 2014-05-18 12:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 15:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 00:15 - 2014-05-19 10:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 00:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 00:10 - 2014-05-19 10:14 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 02:51

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-09 18:59:04
Running from C:\Users\DarkDragons\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders Ancient Alien Makeover (HKLM-x32\...\7 Wonders Ancient Alien Makeover) (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version:  - EA Los Angeles)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legends of Aethereus (HKLM-x32\...\Steam App 248410) (Version:  - Three Gates)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version:  - CAPCOM CO., LTD.)
Mahjong Secrets (HKLM-x32\...\Mahjong Secrets_is1) (Version: 1.0 - Playrix Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37803 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Blitz 1.0 (HKLM\...\{F249E83F-ADF4-4159-BAF5-485965489228}) (Version: 1.0 - Headup Games)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.46 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 10:39:34 Geplanter Prüfpunkt
03-01-2015 12:51:49 Geplanter Prüfpunkt
09-01-2015 17:43:56 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {61926872-C938-4599-8D44-3B91DEE5ABA5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {76C24555-6063-4DCB-9089-A68312B203C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {A7B28A0A-56B9-4DAC-AA00-DC32A9A2307C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-22 20:59 - 2014-05-22 20:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-22 20:59 - 2014-05-22 20:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-12 08:47 - 2014-12-12 08:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\DarkDragons:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Cookies:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "GameforgeLive"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357861172-224482980-2813433480-500 - Administrator - Disabled)
DarkDragons (S-1-5-21-2357861172-224482980-2813433480-1001 - Administrator - Enabled) => C:\Users\DarkDragons
Gast (S-1-5-21-2357861172-224482980-2813433480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2357861172-224482980-2813433480-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 06:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x03af4e50
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0x9c0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x011d4e50
ID des fehlerhaften Prozesses: 0x9c0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x01644e50
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0xc70
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x011d4e50
ID des fehlerhaften Prozesses: 0xc70
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x03b34e50
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/09/2015 06:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90dfa4801d02c35e95fbb8cC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown27cb0373-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a503af4e50a4801d02c35e95fbb8cC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown2715d09d-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90df9c001d02c35c7fc68c0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown06654e70-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5011d4e509c001d02c35c7fc68c0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown05b27dfd-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90df60801d02c35b0bd7846C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownef23fb98-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a501644e5060801d02c35b0bd7846C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownee738d83-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90dfc7001d02c35aebcde67C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowned19d85f-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5011d4e50c7001d02c35aebcde67C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownec709150-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90dfe9401d02c35ab67541aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowne9d039d3-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a503b34e50e9401d02c35ab67541aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowne91d6961-9828-11e4-8289-1c6f658f0b60


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 18%
Total physical RAM: 8189.55 MB
Available physical RAM: 6686.38 MB
Total Pagefile: 16381.55 MB
Available Pagefile: 14885.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:431.02 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:510.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B788E10F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C1DEE9F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

habe probleme mit dem plugin adobe flash es stürzt dauernd ab und im hintergrund kommt auch ständig werbung mit zombie invasion im browser

Muss nochwas gemacht werden oder sind wir soweit durch? Was war eigentlich der Grund? War was schlimmes dran?

cosinus · 11.01.2015, 14:19

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
C:\Users\DarkDragons\AppData\Roaming\sweet-page
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe
C:\ProgramData\sAIkGLEQxy
C:\Program Files (x86)\Enigma Software Group
C:\awhFAE7.tmp
C:\awh2A63.tmp
C:\awhB136.tmp
C:\awh81D9.tmp
C:\awhEC60.tmp
C:\awh4855.tmp
C:\awhF7AA.tmp
C:\awh9CB.tmp
C:\awh966D.tmp
C:\awhB13.tmp
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hassel · 13.01.2015, 17:53

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-13 17:47:06 Run:2
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
C:\Users\DarkDragons\AppData\Roaming\sweet-page
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe
C:\ProgramData\sAIkGLEQxy
C:\Program Files (x86)\Enigma Software Group
C:\awhFAE7.tmp
C:\awh2A63.tmp
C:\awhB136.tmp
C:\awh81D9.tmp
C:\awhEC60.tmp
C:\awh4855.tmp
C:\awhF7AA.tmp
C:\awh9CB.tmp
C:\awh966D.tmp
C:\awhB13.tmp
EmptyTemp:
Hosts:
         
*****************

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HfnISlqYdAO => Service not found.
esgiguard => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26BB7950-F533-4E0B-A2B2-AB596E93BDAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26BB7950-F533-4E0B-A2B2-AB596E93BDAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8AC7A3BA-D971-4989-A537-552B3F77AD2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AC7A3BA-D971-4989-A537-552B3F77AD2E}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Windows\AutoKMS => Moved successfully.
"C:\Users\DarkDragons\AppData\Roaming\sweet-page" => File/Directory not found.
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe => Moved successfully.

"C:\ProgramData\sAIkGLEQxy" directory move:

Could not move "C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.dat" => Scheduled to move on reboot.
C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe => Moved successfully.
C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe.config => Moved successfully.
Could not move "C:\ProgramData\sAIkGLEQxy\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\ihLAgOtCCuQ.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\TYpiSJlKegW.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\awhFAE7.tmp => Moved successfully.
C:\awh2A63.tmp => Moved successfully.
C:\awhB136.tmp => Moved successfully.
C:\awh81D9.tmp => Moved successfully.
C:\awhEC60.tmp => Moved successfully.
C:\awh4855.tmp => Moved successfully.
C:\awhF7AA.tmp => Moved successfully.
C:\awh9CB.tmp => Moved successfully.
C:\awh966D.tmp => Moved successfully.
C:\awhB13.tmp => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 14.9 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-13 17:51:28)<=

C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.dat => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\info.dat => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\ihLAgOtCCuQ.dll => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\TYpiSJlKegW.dll => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe.config => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe.config => Is moved successfully.
C:\ProgramData\sAIkGLEQxy => Is moved successfully.

==== End of Fixlog 17:51:28 ====

cosinus · 13.01.2015, 18:25

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

Hassel · 13.01.2015, 18:34

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by DarkDragons (administrator) on SHOCKDRAGONS on 13-01-2015 18:31:06
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Akamai NetSession Interface] => C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\DarkDragons\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Deutsch (DE) Language Pack - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-09]
FF Extension: Locale Switcher - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-01-09]
FF Extension: Adblock Plus - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-09]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\DarkDragons\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:31 - 2015-01-13 18:31 - 00007903 _____ () C:\Users\DarkDragons\Desktop\FRST.txt
2015-01-09 18:54 - 2015-01-09 18:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 18:53 - 2015-01-09 18:54 - 01707939 _____ (Thisisu) C:\Users\DarkDragons\Desktop\JRT.exe
2015-01-09 18:48 - 2015-01-09 18:50 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\ZombieInvasion
2015-01-09 18:47 - 2015-01-09 18:48 - 00000000 ____D () C:\AdwCleaner
2015-01-09 18:46 - 2015-01-09 18:46 - 02191360 _____ () C:\Users\DarkDragons\Desktop\AdwCleaner_4.107.exe
2015-01-09 18:30 - 2015-01-09 18:30 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\DarkDragons\Desktop\tdsskiller.exe
2015-01-09 17:33 - 2015-01-09 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 17:33 - 2015-01-09 18:10 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 17:33 - 2015-01-09 17:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 17:31 - 2015-01-09 18:21 - 00000000 ____D () C:\Users\DarkDragons\Desktop\mbar
2015-01-09 17:31 - 2015-01-09 18:09 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 15:30 - 2015-01-13 18:31 - 00000000 ____D () C:\FRST
2015-01-09 15:29 - 2015-01-09 15:29 - 02124288 _____ (Farbar) C:\Users\DarkDragons\Desktop\FRST64.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-12-24 13:16 - 2014-12-24 13:16 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Alien Isolation.url
2014-12-18 20:31 - 2014-12-18 20:32 - 00280752 _____ () C:\Windows\Minidump\121814-25093-01.dmp
2014-12-18 20:31 - 2014-12-18 20:31 - 696154421 _____ () C:\Windows\MEMORY.DMP
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-15 23:06 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 23:06 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:29 - 2014-05-16 18:15 - 01890446 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 18:20 - 2014-05-16 18:45 - 00000000 ____D () C:\Users\DarkDragons\AppData\Roaming\ClassicShell
2015-01-13 18:15 - 2014-05-16 18:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357861172-224482980-2813433480-1001
2015-01-13 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-13 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-13 17:51 - 2014-09-16 18:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-13 17:50 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 17:46 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-13 17:45 - 2014-05-16 18:34 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7F5C46-D0D5-44D6-A666-2A83C8BD8ED4}
2015-01-13 17:44 - 2014-10-19 14:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 19:56 - 2014-05-18 12:07 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Battle.net
2015-01-09 18:49 - 2014-03-18 02:51 - 00109654 _____ () C:\Windows\PFRO.log
2015-01-09 18:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-09 17:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2015-01-05 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 00:19 - 2014-06-07 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 00:19 - 2014-05-16 18:18 - 00000000 ____D () C:\Users\DarkDragons
2015-01-04 20:19 - 2014-05-16 18:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\JDownloader v2.0
2014-12-31 12:14 - 2014-08-30 21:15 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 20:38 - 2014-06-20 16:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-18 18:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 20:53 - 2014-09-02 09:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Akamai
2014-12-16 21:19 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-13 18:03

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-13 18:31:53
Running from C:\Users\DarkDragons\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders Ancient Alien Makeover (HKLM-x32\...\7 Wonders Ancient Alien Makeover) (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version:  - EA Los Angeles)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legends of Aethereus (HKLM-x32\...\Steam App 248410) (Version:  - Three Gates)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version:  - CAPCOM CO., LTD.)
Mahjong Secrets (HKLM-x32\...\Mahjong Secrets_is1) (Version: 1.0 - Playrix Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37803 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Blitz 1.0 (HKLM\...\{F249E83F-ADF4-4159-BAF5-485965489228}) (Version: 1.0 - Headup Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 10:39:34 Geplanter Prüfpunkt
03-01-2015 12:51:49 Geplanter Prüfpunkt
09-01-2015 17:43:56 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-01-13 17:47 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {61926872-C938-4599-8D44-3B91DEE5ABA5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {76C24555-6063-4DCB-9089-A68312B203C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {CD462D9A-A2DE-487A-AB86-9A2EB9944E98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-22 20:59 - 2014-05-22 20:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-22 20:59 - 2014-05-22 20:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-12 08:47 - 2014-12-12 08:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\DarkDragons:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Cookies:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "GameforgeLive"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357861172-224482980-2813433480-500 - Administrator - Disabled)
DarkDragons (S-1-5-21-2357861172-224482980-2813433480-1001 - Administrator - Enabled) => C:\Users\DarkDragons
Gast (S-1-5-21-2357861172-224482980-2813433480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2357861172-224482980-2813433480-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 06:29:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/13/2015 06:29:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/13/2015 05:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x711090df
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x9ac
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (01/13/2015 05:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00554e50
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x711090df
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00814e50
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x711090df
ID des fehlerhaften Prozesses: 0xd54
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5


System errors:
=============
Error: (01/13/2015 06:04:18 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/13/2015 06:03:48 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/13/2015 05:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/09/2015 07:57:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/09/2015 07:56:30 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:56:00 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:55:30 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:55:00 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:54:30 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:54:00 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (01/13/2015 06:29:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/13/2015 06:29:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/13/2015 05:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005711090dfc001d02f509033fa39C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncedbe128-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014259ac01d02f50902d6a9fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllcea2a8b5-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500554e50c001d02f509033fa39C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncde9bca2-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005711090dfba801d02f508d402a91C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncbedbe21-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500814e50ba801d02f508d402a91C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncaf74c93-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005711090dfd5401d02f508a45cb23C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownc8dd6562-9b43-11e4-828a-1c6f658f0b60


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 16%
Total physical RAM: 8189.55 MB
Available physical RAM: 6824.43 MB
Total Pagefile: 16381.55 MB
Available Pagefile: 14980.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:440.54 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:510.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B788E10F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C1DEE9F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

09.01.2015, 18:04	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung Starte den Rechner neu, wiederhole MBAR, um sicherzustellen, dass es die Funde auch dauerhaft entfernt hat __________________ --> Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung

13.01.2015, 18:25	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ Logfiles bitte immer in CODE-Tags posten

Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung

Log-Analyse und Auswertung: Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung