Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus(bitcoinminer) durch svhost.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.09.2014, 20:16   #1
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Hallo zusammen,
habe gerade durch Zufall den Backdoor.Agent und 2 Mal PUP.BitCoinMiner mit Malwarebytes Anti-Malware entdeckt.
Diese wurden laut mbam entfernt.(logfile in der Beschreibung)
Bisher habe ich immer Avira Free Antivirus gehabt, der hat auch nie was was gefunden.
Jetzt stell ich mir die Frage, ob ich "clean" bin.
Für Hilfe wäre ich sehr dankbar.
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.09.2014
Suchlauf-Zeit: 19:53:52
Logdatei: logmbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.04.07
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: MuF

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 334957
Verstrichene Zeit: 5 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 3
PUP.BitCoinMiner, C:\Users\MuF\AppData\Roaming\Microsoft\svhost.exe, , [61467079d0ab60d68743bd2600016b95], 
PUP.BitCoinMiner, C:\Users\MuF\AppData\Roaming\Microsoft\IE10\svhost.exe, , [6c3b9a4fadce81b515b50bd821e00ff1], 
Backdoor.Agent, C:\Users\MuF\AppData\Roaming\Microsoft\svhost.exe, , [04a37b6e86f5e056e93e0a434cb7768a], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 04.09.2014, 21:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.09.2014, 21:15   #3
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Erstmal Danke, dass du mir hilfst.
Hier die 2 Log files:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by MuF (administrator) on MUF-PC on 04-09-2014 21:08:06
Running from C:\Users\MuF\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Foxit Corporation) D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-22] (Microsoft Corporation)
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000\...\MountPoints2: {27ec2691-db4e-11e2-b736-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000\...\MountPoints2: {dd87c54c-db52-11e2-b79e-806e6f6e6963} - N:\autorun.exe
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {27ec2691-db4e-11e2-b736-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dd87c54c-db52-11e2-b79e-806e6f6e6963} - N:\autorun.exe
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {27ec2691-db4e-11e2-b736-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {dd87c54c-db52-11e2-b79e-806e6f6e6963} - N:\autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
IFEO\utilman.exe: [Debugger] cmd.exe
Startup: C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4751E2C1846FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> mscoree.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - mscoree.dll No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

FireFox:
========
FF ProfilePath: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default
FF Homepage: hxxp://battlelog.battlefield.com/bf4/de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\battlefieldplay4free@ea.com [2014-08-07]
FF Extension: HTTPS-Everywhere - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\https-everywhere@eff.org [2014-08-23]
FF Extension: Better Battlelog (BBLog) - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2014-09-04]
FF Extension: WOT - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: MEGA - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\firefox@mega.co.nz.xpi [2014-08-22]
FF Extension: YouTube Center - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-05]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-22]
FF Extension: NoScript - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-22]
FF Extension: Adblock Edge - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-07-26]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] () [File not signed]
R2 FoxitCloudUpdateService; D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-21] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-25] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
U0 vrqn; C:\Windows\System32\drivers\lxwftxw.sys [79064 2014-09-04] (Malwarebytes Corporation)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 21:08 - 2014-09-04 21:08 - 00024127 _____ () C:\Users\MuF\Desktop\FRST.txt
2014-09-04 21:07 - 2014-09-04 21:08 - 00000000 ____D () C:\FRST
2014-09-04 21:07 - 2014-09-04 21:07 - 02104832 _____ (Farbar) C:\Users\MuF\Desktop\FRST64.exe
2014-09-04 20:00 - 2014-09-04 20:00 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\lxwftxw.sys
2014-09-04 19:49 - 2014-09-04 20:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:48 - 2014-09-04 19:48 - 00000837 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Wireshark
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-03 20:49 - 2014-09-03 20:50 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-03 20:48 - 2014-09-03 20:50 - 00000830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-03 20:47 - 2014-09-04 21:07 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-03 20:46 - 2014-09-03 20:46 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-09-03 07:05 - 2014-09-03 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-09-03 05:02 - 2014-09-03 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-09-02 21:00 - 2014-09-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 10:47 - 2014-08-28 13:53 - 00000000 ____D () C:\Users\MuF\AppData\Local\TeknoGods
2014-08-27 23:02 - 2014-08-27 23:02 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 20:36 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:36 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:36 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 17:34 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files (x86)\HDClone 5.0 Free Edition
2014-08-21 20:25 - 2014-03-16 14:22 - 02698088 _____ () C:\Windows\SysWOW64\pbsvc_pg.exe
2014-08-20 13:07 - 2014-08-20 13:08 - 00000000 ____D () C:\CrystalDiskInfoPortable
2014-08-20 00:52 - 2014-08-20 00:52 - 00000000 ____D () C:\Users\MuF\AppData\Local\Microsoft Research
2014-08-19 21:45 - 2014-08-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 13:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 13:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 13:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 13:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 13:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 13:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 13:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 13:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 13:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 00:03 - 2014-08-19 00:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-15 16:21 - 2014-08-15 16:21 - 02441216 _____ () C:\Windows\SysWOW64\WinHIIP.WDS
2014-08-15 16:19 - 2014-08-15 16:21 - 00000321 _____ () C:\Windows\SysWOW64\WinHIIP 1.7.6.log
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-14 02:00 - 2014-09-04 19:53 - 00000000 ____D () C:\Users\MuF\AppData\Local\Adobe
2014-08-14 00:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 00:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 00:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 00:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 00:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 00:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 00:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 00:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 00:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 00:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 00:39 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 00:39 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 00:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 00:39 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 00:39 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 00:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 00:39 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 00:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 00:39 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 00:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 00:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 00:39 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 00:39 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 00:39 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 00:39 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 00:39 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 00:39 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 00:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 00:39 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 00:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 00:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 00:39 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 00:39 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 00:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 00:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 00:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 00:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 00:39 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 00:39 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 00:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 00:39 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 00:39 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 00:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 00:39 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 00:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 00:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 00:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 00:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 00:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 00:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 00:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 00:39 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 00:39 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 00:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 00:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 00:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 00:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 00:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 00:39 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 00:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 00:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 00:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 00:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 00:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 00:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 00:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 00:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 00:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 00:39 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 00:38 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 00:38 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 00:38 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 00:38 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 21:44 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Crytek
2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-10 16:45 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-08-07 21:12 - 2014-08-08 21:13 - 00001114 _____ () C:\Users\MuF\Desktop\Konsole.lnk
2014-08-07 16:20 - 2014-08-07 16:20 - 00000000 ____D () C:\Users\MuF\.android
2014-08-07 15:00 - 2014-08-07 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-08-06 19:42 - 2014-08-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 16:12 - 2014-08-05 16:35 - 00000000 ____D () C:\nvidiainspector
2014-08-05 15:23 - 2014-08-05 15:23 - 00000000 ____D () C:\ProgramData\REX Game Studios, LLC
2014-08-05 14:30 - 2014-08-19 21:45 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 21:08 - 2014-09-04 21:08 - 00024127 _____ () C:\Users\MuF\Desktop\FRST.txt
2014-09-04 21:08 - 2014-09-04 21:07 - 00000000 ____D () C:\FRST
2014-09-04 21:07 - 2014-09-04 21:07 - 02104832 _____ (Farbar) C:\Users\MuF\Desktop\FRST64.exe
2014-09-04 21:07 - 2014-09-03 20:47 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-04 20:50 - 2014-02-06 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 20:46 - 2014-09-04 19:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 20:00 - 2014-09-04 20:00 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\lxwftxw.sys
2014-09-04 19:53 - 2014-08-14 02:00 - 00000000 ____D () C:\Users\MuF\AppData\Local\Adobe
2014-09-04 19:49 - 2009-08-25 20:32 - 00656692 _____ () C:\Windows\system32\perfh01D.dat
2014-09-04 19:49 - 2009-08-25 20:32 - 00143008 _____ () C:\Windows\system32\perfc01D.dat
2014-09-04 19:49 - 2009-08-25 19:41 - 00717572 _____ () C:\Windows\system32\perfh019.dat
2014-09-04 19:49 - 2009-08-25 19:41 - 00151376 _____ () C:\Windows\system32\perfc019.dat
2014-09-04 19:49 - 2009-08-25 19:33 - 00736470 _____ () C:\Windows\system32\perfh013.dat
2014-09-04 19:49 - 2009-08-25 19:33 - 00153636 _____ () C:\Windows\system32\perfc013.dat
2014-09-04 19:49 - 2009-08-25 19:25 - 00487486 _____ () C:\Windows\system32\perfh014.dat
2014-09-04 19:49 - 2009-08-25 19:25 - 00095938 _____ () C:\Windows\system32\perfc014.dat
2014-09-04 19:49 - 2009-08-25 19:18 - 00733018 _____ () C:\Windows\system32\perfh010.dat
2014-09-04 19:49 - 2009-08-25 19:18 - 00147380 _____ () C:\Windows\system32\perfc010.dat
2014-09-04 19:49 - 2009-08-25 19:09 - 00738688 _____ () C:\Windows\system32\perfh00C.dat
2014-09-04 19:49 - 2009-08-25 19:09 - 00150114 _____ () C:\Windows\system32\perfc00C.dat
2014-09-04 19:49 - 2009-08-25 19:01 - 00474466 _____ () C:\Windows\system32\perfh00B.dat
2014-09-04 19:49 - 2009-08-25 19:01 - 00102054 _____ () C:\Windows\system32\perfc00B.dat
2014-09-04 19:49 - 2009-08-25 18:54 - 00738428 _____ () C:\Windows\system32\perfh00A.dat
2014-09-04 19:49 - 2009-08-25 18:54 - 00159008 _____ () C:\Windows\system32\perfc00A.dat
2014-09-04 19:49 - 2009-08-25 18:46 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2014-09-04 19:49 - 2009-08-25 18:46 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 19:49 - 2009-08-25 18:38 - 00502386 _____ () C:\Windows\system32\perfh006.dat
2014-09-04 19:49 - 2009-08-25 18:38 - 00099192 _____ () C:\Windows\system32\perfc006.dat
2014-09-04 19:49 - 2009-07-14 07:13 - 08603980 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 19:48 - 2014-09-04 19:48 - 00000837 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:48 - 2009-07-14 06:45 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 19:48 - 2009-07-14 06:45 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 19:47 - 2013-06-22 17:24 - 01989822 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 19:43 - 2014-04-13 22:45 - 00072399 _____ () C:\Windows\setupact.log
2014-09-04 19:43 - 2014-02-12 17:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-04 19:43 - 2013-06-22 17:35 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-04 19:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 21:24 - 2013-06-25 18:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-03 21:24 - 2013-06-25 18:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-03 21:14 - 2013-10-30 17:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Wireshark
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-03 20:50 - 2014-09-03 20:49 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-03 20:50 - 2014-09-03 20:48 - 00000830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-03 20:46 - 2014-09-03 20:46 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-09-03 20:43 - 2014-04-29 16:41 - 00040316 _____ () C:\Windows\PFRO.log
2014-09-03 20:43 - 2013-12-25 05:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-03 20:43 - 2013-06-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 20:38 - 2014-05-11 16:06 - 00007601 _____ () C:\Users\MuF\AppData\Local\resmon.resmoncfg
2014-09-03 20:33 - 2013-09-14 21:34 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Skype
2014-09-03 19:28 - 2014-05-18 18:22 - 00000000 ___RD () C:\Users\MuF\Desktop\Spiele
2014-09-03 07:05 - 2014-09-03 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-09-03 05:02 - 2014-09-03 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-09-03 05:02 - 2014-04-25 19:46 - 00583534 _____ () C:\Windows\DirectX.log
2014-09-02 21:00 - 2014-09-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 00:48 - 2013-11-08 17:16 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\FileZilla
2014-08-31 03:42 - 2014-05-16 20:37 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\.minecraft
2014-08-31 00:39 - 2013-06-22 17:25 - 00000000 ____D () C:\Users\MuF
2014-08-30 20:20 - 2014-02-27 22:19 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\TS3Client
2014-08-30 16:02 - 2014-05-18 18:47 - 00000000 ___RD () C:\Users\MuF\Desktop\Communications
2014-08-28 16:46 - 2014-04-20 23:05 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Notepad++
2014-08-28 13:53 - 2014-08-28 10:47 - 00000000 ____D () C:\Users\MuF\AppData\Local\TeknoGods
2014-08-28 02:37 - 2013-11-08 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-27 23:02 - 2014-08-27 23:02 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 22:18 - 2009-07-14 06:45 - 05127864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 22:06 - 2013-09-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2014-08-24 21:18 - 2014-03-09 20:33 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\vlc
2014-08-24 17:42 - 2014-06-07 16:29 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-08-24 17:42 - 2014-06-07 16:29 - 00004656 _____ () C:\Windows\LkmdfCoInst.log
2014-08-24 17:34 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files (x86)\HDClone 5.0 Free Edition
2014-08-23 04:07 - 2014-08-27 20:36 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:36 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:36 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 22:42 - 2013-08-23 11:38 - 00291096 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-21 22:15 - 2013-06-25 18:35 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-21 21:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 13:08 - 2014-08-20 13:07 - 00000000 ____D () C:\CrystalDiskInfoPortable
2014-08-20 00:52 - 2014-08-20 00:52 - 00000000 ____D () C:\Users\MuF\AppData\Local\Microsoft Research
2014-08-19 21:45 - 2014-08-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 21:45 - 2014-08-05 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-19 21:45 - 2013-10-11 22:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 21:45 - 2013-06-22 17:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-19 00:03 - 2014-08-19 00:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 23:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-15 16:21 - 2014-08-15 16:21 - 02441216 _____ () C:\Windows\SysWOW64\WinHIIP.WDS
2014-08-15 16:21 - 2014-08-15 16:19 - 00000321 _____ () C:\Windows\SysWOW64\WinHIIP 1.7.6.log
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-14 03:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 00:52 - 2014-01-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 00:48 - 2013-08-14 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 00:47 - 2013-06-22 21:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 00:43 - 2014-04-29 16:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 00:05 - 2014-02-06 14:34 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 00:05 - 2014-02-06 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 00:05 - 2014-02-06 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-11 10:57 - 2013-12-23 16:27 - 00000000 ____D () C:\Users\MuF\AppData\Local\LogMeIn Hamachi
2014-08-11 10:55 - 2014-05-18 18:05 - 00000000 ___RD () C:\Users\MuF\Desktop\Bearbeitung
2014-08-10 21:44 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Crytek
2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-09 22:48 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 02:22 - 2014-06-02 16:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-09 02:22 - 2014-06-02 16:00 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-09 02:22 - 2014-05-16 16:52 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-08-09 02:22 - 2014-05-16 16:52 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-08-08 21:13 - 2014-08-07 21:12 - 00001114 _____ () C:\Users\MuF\Desktop\Konsole.lnk
2014-08-08 13:51 - 2013-06-27 16:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-07 16:20 - 2014-08-07 16:20 - 00000000 ____D () C:\Users\MuF\.android
2014-08-07 16:08 - 2014-06-28 14:12 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-08-07 15:02 - 2013-06-25 18:36 - 00000000 ____D () C:\Users\MuF\AppData\Local\PunkBuster
2014-08-07 15:00 - 2014-08-07 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-08-07 04:06 - 2014-08-14 00:38 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 00:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 19:42 - 2014-08-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 19:42 - 2014-07-21 21:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 19:42 - 2014-07-21 21:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 19:42 - 2014-07-21 21:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 19:42 - 2014-07-21 21:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-05 22:33 - 2013-06-24 20:51 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\DVDVideoSoft
2014-08-05 22:33 - 2013-06-24 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-05 16:35 - 2014-08-05 16:12 - 00000000 ____D () C:\nvidiainspector
2014-08-05 16:32 - 2014-05-18 18:38 - 00000000 ___RD () C:\Users\MuF\Desktop\Flusi
2014-08-05 15:23 - 2014-08-05 15:23 - 00000000 ____D () C:\ProgramData\REX Game Studios, LLC
2014-08-05 14:30 - 2013-06-22 17:52 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:20 - 2013-06-22 17:43 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\MuF\1.dat


Some content of TEMP:
====================
C:\Users\MuF\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 12:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by MuF at 2014-09-04 21:08:28
Running from C:\Users\MuF\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
Aerosoft's - F-16 Fighting Falcon (HKLM-x32\...\{A663BED9-978C-4A04-82A3-3029245055BE}) (Version: 1.10 - Aerosoft)
AI Carriers (HKLM-x32\...\AICarriers) (Version:  - )
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
America's Army: Proving Grounds Beta (HKLM-x32\...\Steam App 203290) (Version:  - )
America's Army: Proving Grounds Dedicated Server (HKLM-x32\...\Steam App 203300) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield 4™ CTE (HKLM-x32\...\{551A08D1-B60E-4DED-9B67-C3B38258CCA3}) (Version: 1.0.2.10442 - Electronic Arts)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.0 - EA Digital Illusions CE AB)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.6.20768 - )
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT 3 (x32 Version: 1.0.0003.130 - Codemasters) Hidden
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
DiRT2 (x32 Version: 1.0.0002.133 - Codemasters) Hidden
Easy Tune 6 B11.0823.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0823.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elevated Shortcut (HKLM-x32\...\Elevated Shortcut) (Version: 1.1 - hxxp://www.winreview.ru/)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Europa Raser (HKLM-x32\...\Europa Raser) (Version: 1.0.0.23 - Davilex Software)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free Video to iPhone Converter version 5.0.28.827 (HKLM-x32\...\Free Video to iPhone Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
FreePIE (HKLM-x32\...\{EA5E0B20-451F-4AD0-B0DC-8C919556E889}) (Version: 1.4.433.0 - FreePIE)
FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version:  - Electronic Arts)
Futuremark SystemInfo (HKLM-x32\...\{4115C9AA-35E0-45D8-9363-47635B8750C7}) (Version: 4.29.438.0 - Futuremark)
GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.00.0000 - Codemasters)
GTR 2 1.0.0.0 (HKLM-x32\...\{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1) (Version: v1.0.0.0 - 10tacle Studios Publishing AG)
HDClone 5.0.7 Free Edition (HKLM\...\Miray.HDClone.Free.5.0.7.1031-{52F473E1-36B9-4A68-965C-7E622F10B461}) (Version: 5.0 - Miray Software AG)
HDLD GUI 2.1 (HKLM-x32\...\HDLD GUI) (Version: 2.1 - LordBoGaMi)
Horizon v2.7.2.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.2.0 - Daring Development Inc.)
HxD Hex Editor Version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MotoGP™13 Demo (HKLM-x32\...\Steam App 243820) (Version:  - Milestone S.r.l.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint)
Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.2.0 - Electronic Arts)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.7.19.0 - Red Giant, LLC)
Re-Volt (HKLM-x32\...\Re-Volt) (Version:  - )
REX Auto Update (HKLM-x32\...\REX Auto Update 1.0.2014.0603) (Version: 1.0.2014.0603 - REX Game Studios, LLC.)
REX Auto Update (x32 Version: 1.0.2014.0603 - REX Game Studios, LLC.) Hidden
REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Shader 3 Mod for Flight Simulator X (HKLM-x32\...\{B813B812-CBAA-4BC0-95A5-4D07C8B215BD}) (Version: 1.5.0 - Bojote)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.2 - Activision)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
TouchCopy 12 (HKLM-x32\...\{838F12C2-14CA-43A2-83C4-97681576C0D7}) (Version: 12.03 - Wide Angle Software)
TrackIR 5 (HKLM-x32\...\{2f2e6053-043c-4d69-94d0-4d42304ea4ee}) (Version: 5.2.0200 - NaturalPoint)
TrackMania² Canyon Demo (HKLM-x32\...\Steam App 264850) (Version:  - Nadeo)
TrackMania² Stadium Demo (HKLM-x32\...\Steam App 233070) (Version:  - Nadeo)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.5 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.5 - Ubisoft) Hidden
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version:  - Ubisoft)
Unreal Development Kit: 2014-02 (HKLM\...\UDK-f125d46a-742b-4335-a6fc-5c6011029e55) (Version:  - Epic Games, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
War Thunder Launcher 1.0.1.361 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.12.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.0 - The Wireshark developer community, hxxp://www.wireshark.org)
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2355214367-3536077307-1448681871-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> mscoree.dll No File

==================== Restore Points  =========================

03-09-2014 18:46:29 Installed NetSpeedMonitor 2.5.4.0 x64

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1FEACD-4644-46B3-B782-1DE64AE1F8B3} - System32\Tasks\AdobeAAMUpdater-1.0-MuF-PC-MuF => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {3C241FB2-5D72-41C3-BCB0-17B287CC3ED7} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2013-10-10] ()
Task: {40239DB5-7E08-486B-9325-0D4260AD9CD6} - System32\Tasks\elevated_MSIAfterburner_1~TFAISM2~ARGORPD => D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {4A8693F8-EABF-45CB-A2E6-2DA169ADA9AF} - System32\Tasks\{6F6C44B8-A10A-449A-B660-39A750921E33} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.7.0.102&LastError=404
Task: {502BA2FD-7883-4049-B54A-3E5566D6CB81} - System32\Tasks\elevated_trialsFMX_kcapatad1~SLAIRTtfosibU2~ARGORPD => D:\Program Files (x86)\Ubisoft\Trials Evolution Gold Edition\datapack\trialsFMX.exe [2013-11-12] (Ubisoft Entertainment.)
Task: {581143B1-CFAC-4449-9F3A-89F9C0B1113C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {5DD0D142-994D-487C-B02D-9F0C152E0349} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {7AF387ED-7B1B-4302-B534-AB436D2BC627} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8BE247B9-75EB-4088-BA40-527145A09C2B} - System32\Tasks\REX Software Update for Auto Update => D:\REX Auto Update\updater.exe [2014-06-03] (REX Game Studios, LLC.)
Task: {A62D555C-7005-4D1A-875C-6F6DC0B3C7B7} - System32\Tasks\{E8449434-4A9D-406A-B72F-BD11078E4EEA} => D:\Program Files (x86)\Ubisoft\Trials Evolution Gold Edition\datapack\trialsFMX.exe [2013-11-12] (Ubisoft Entertainment.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-16 16:48 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-13 13:20 - 2013-12-13 13:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-06-22 17:34 - 2013-06-22 17:34 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
2013-06-22 17:35 - 2011-08-22 15:26 - 00057344 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2013-06-25 18:35 - 2014-08-21 22:15 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-16 16:52 - 2014-08-09 02:23 - 00699864 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-05-16 16:52 - 2014-08-09 02:23 - 00855512 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-06-23 13:51 - 2013-06-23 13:51 - 00012520 _____ () C:\Users\MuF\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-06-23 13:51 - 2013-06-23 13:51 - 00015080 _____ () C:\Users\MuF\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-06-23 13:51 - 2013-06-23 13:51 - 00014056 _____ () C:\Users\MuF\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-22 17:35 - 2009-05-04 17:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-05 14:30 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\MuF\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-02 21:00 - 2014-09-02 21:00 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\MuF\Lokale Einstellungen:k1eRAKnshbZOwi9KdsazbqAenPpV0
AlternateDataStreams: C:\Users\MuF\AppData\Local:k1eRAKnshbZOwi9KdsazbqAenPpV0
AlternateDataStreams: C:\Users\MuF\AppData\Local\Anwendungsdaten:k1eRAKnshbZOwi9KdsazbqAenPpV0
AlternateDataStreams: C:\Users\MuF\AppData\Local\Temp:7W10V4CPoxhYfkbdUvcSGHB6n9D
AlternateDataStreams: C:\Users\MuF\AppData\Local\Temporary Internet Files:9d7oPrduasPylacFwyeKH1rtPq

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MuF^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MuF^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => "C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe" -stealth
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvLedServiceHost => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe RunStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VSA => C:\Users\MuF\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 07:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Name des fehlerhaften Moduls: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000bbed77
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xbf4cte.exe0
Pfad der fehlerhaften Anwendung: bf4cte.exe1
Pfad des fehlerhaften Moduls: bf4cte.exe2
Berichtskennung: bf4cte.exe3

Error: (09/03/2014 07:39:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Name des fehlerhaften Moduls: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000bbed77
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xbf4cte.exe0
Pfad der fehlerhaften Anwendung: bf4cte.exe1
Pfad des fehlerhaften Moduls: bf4cte.exe2
Berichtskennung: bf4cte.exe3

Error: (09/03/2014 07:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Name des fehlerhaften Moduls: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000bbed77
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xbf4cte.exe0
Pfad der fehlerhaften Anwendung: bf4cte.exe1
Pfad des fehlerhaften Moduls: bf4cte.exe2
Berichtskennung: bf4cte.exe3

Error: (09/03/2014 07:30:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Name des fehlerhaften Moduls: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000bbed77
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xbf4cte.exe0
Pfad der fehlerhaften Anwendung: bf4cte.exe1
Pfad des fehlerhaften Moduls: bf4cte.exe2
Berichtskennung: bf4cte.exe3

Error: (09/03/2014 07:29:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Name des fehlerhaften Moduls: bf4cte.exe, Version: 1.0.2.10442, Zeitstempel: 0x53f4121a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000bbed77
ID des fehlerhaften Prozesses: 0xa04
Startzeit der fehlerhaften Anwendung: 0xbf4cte.exe0
Pfad der fehlerhaften Anwendung: bf4cte.exe1
Pfad des fehlerhaften Moduls: bf4cte.exe2
Berichtskennung: bf4cte.exe3

Error: (09/02/2014 02:15:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{71549dfa-289e-11e4-a8af-50e549e48e7d}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: D:\
   Ausführungskontext: Coordinator

Error: (09/02/2014 02:15:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{71549dfa-289e-11e4-a8af-50e549e48e7d}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: D:\
   Ausführungskontext: Coordinator

Error: (09/02/2014 02:15:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{71549dfa-289e-11e4-a8af-50e549e48e7d}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: D:\
   Ausführungskontext: Coordinator

Error: (09/02/2014 02:15:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{71549dfa-289e-11e4-a8af-50e549e48e7d}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: D:\
   Ausführungskontext: Coordinator

Error: (09/02/2014 01:22:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6cc

Startzeit: 01cfc63ae1b933b5

Endzeit: 0

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: c707a31c-322e-11e4-8bbe-50e549e48e7d


System errors:
=============
Error: (09/04/2014 07:46:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2014 08:33:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/02/2014 02:39:27 PM) (Source: volsnap) (EventID: 25) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.

Error: (09/02/2014 00:01:46 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (09/02/2014 00:01:44 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (09/02/2014 00:01:42 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (09/02/2014 00:01:40 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (09/01/2014 00:34:55 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (08/30/2014 09:42:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/30/2014 09:42:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 12271.11 MB
Available physical RAM: 9565.33 MB
Total Pagefile: 13035.29 MB
Available Pagefile: 10024.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:37.18 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:454.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B8C492B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F86EFE87)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 05.09.2014, 13:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2014, 13:43   #5
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Ich sehe gerade, dass Avira in letzter Zeit doch mal etwas gefunden hat, mich aber gar nicht darüber informiert hat:

Code:
ATTFilter
Exportierte Ereignisse:

31.08.2014 00:39 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\MuF\MapList.dat'
      wurde ein Virus oder unerwünschtes Programm 'SPR/AutoIt.Gen' [riskware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         

hier der log vom tdss:
Code:
ATTFilter
13:47:20.0936 0x0cf0  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:47:24.0250 0x0cf0  ============================================================
13:47:24.0250 0x0cf0  Current date / time: 2014/09/05 13:47:24.0250
13:47:24.0250 0x0cf0  SystemInfo:
13:47:24.0250 0x0cf0  
13:47:24.0250 0x0cf0  OS Version: 6.1.7601 ServicePack: 1.0
13:47:24.0250 0x0cf0  Product type: Workstation
13:47:24.0250 0x0cf0  ComputerName: MUF-PC
13:47:24.0251 0x0cf0  UserName: MuF
13:47:24.0251 0x0cf0  Windows directory: C:\Windows
13:47:24.0251 0x0cf0  System windows directory: C:\Windows
13:47:24.0251 0x0cf0  Running under WOW64
13:47:24.0251 0x0cf0  Processor architecture: Intel x64
13:47:24.0251 0x0cf0  Number of processors: 4
13:47:24.0251 0x0cf0  Page size: 0x1000
13:47:24.0251 0x0cf0  Boot type: Normal boot
13:47:24.0251 0x0cf0  ============================================================
13:47:24.0428 0x0cf0  KLMD registered as C:\Windows\system32\drivers\03214972.sys
13:47:24.0494 0x0cf0  System UUID: {CFD40CC3-9F99-E70C-DF80-408B0C22FEB6}
13:47:24.0768 0x0cf0  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x54CB7, SectorsPerTrack: 0xC, TracksPerCylinder: 0x3C, Type 'K0', Flags 0x00000040
13:47:24.0794 0x0cf0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:47:24.0808 0x0cf0  ============================================================
13:47:24.0808 0x0cf0  \Device\Harddisk0\DR0:
13:47:24.0808 0x0cf0  MBR partitions:
13:47:24.0808 0x0cf0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:47:24.0808 0x0cf0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
13:47:24.0808 0x0cf0  \Device\Harddisk1\DR1:
13:47:24.0808 0x0cf0  MBR partitions:
13:47:24.0808 0x0cf0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
13:47:24.0808 0x0cf0  ============================================================
13:47:24.0810 0x0cf0  C: <-> \Device\Harddisk0\DR0\Partition2
13:47:24.0830 0x0cf0  D: <-> \Device\Harddisk1\DR1\Partition1
13:47:24.0830 0x0cf0  ============================================================
13:47:24.0831 0x0cf0  Initialize success
13:47:24.0831 0x0cf0  ============================================================
13:47:59.0295 0x0f28  ============================================================
13:47:59.0295 0x0f28  Scan started
13:47:59.0295 0x0f28  Mode: Manual; SigCheck; TDLFS; 
13:47:59.0295 0x0f28  ============================================================
13:47:59.0295 0x0f28  KSN ping started
13:48:28.0061 0x0f28  KSN ping finished: true
13:48:34.0857 0x0f28  ================ Scan system memory ========================
13:48:34.0857 0x0f28  System memory - ok
13:48:34.0857 0x0f28  ================ Scan services =============================
13:48:34.0881 0x0f28  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:48:34.0926 0x0f28  1394ohci - ok
13:48:34.0939 0x0f28  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:48:34.0957 0x0f28  ACPI - ok
13:48:34.0960 0x0f28  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:48:34.0973 0x0f28  AcpiPmi - ok
13:48:34.0991 0x0f28  [ F4BF3ADDDDC1AD372604F13C2B0C1F65, FA37ED5014336A72F778C485226B61BEFECEB861AB754862738795C167F0BAB7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:48:35.0008 0x0f28  AdobeFlashPlayerUpdateSvc - ok
13:48:35.0021 0x0f28  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:48:35.0041 0x0f28  adp94xx - ok
13:48:35.0050 0x0f28  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:48:35.0067 0x0f28  adpahci - ok
13:48:35.0073 0x0f28  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:48:35.0086 0x0f28  adpu320 - ok
13:48:35.0091 0x0f28  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:48:35.0118 0x0f28  AeLookupSvc - ok
13:48:35.0130 0x0f28  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:48:35.0155 0x0f28  AFD - ok
13:48:35.0159 0x0f28  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:48:35.0169 0x0f28  agp440 - ok
13:48:35.0173 0x0f28  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:48:35.0189 0x0f28  ALG - ok
13:48:35.0191 0x0f28  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:48:35.0200 0x0f28  aliide - ok
13:48:35.0207 0x0f28  [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:48:35.0234 0x0f28  AMD External Events Utility - ok
13:48:35.0236 0x0f28  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:48:35.0245 0x0f28  amdide - ok
13:48:35.0248 0x0f28  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:48:35.0262 0x0f28  AmdK8 - ok
13:48:35.0529 0x0f28  [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:48:35.0922 0x0f28  amdkmdag - ok
13:48:35.0948 0x0f28  [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:48:35.0978 0x0f28  amdkmdap - ok
13:48:35.0981 0x0f28  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:48:35.0994 0x0f28  AmdPPM - ok
13:48:35.0999 0x0f28  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:48:36.0011 0x0f28  amdsata - ok
13:48:36.0017 0x0f28  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:48:36.0030 0x0f28  amdsbs - ok
13:48:36.0033 0x0f28  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:48:36.0042 0x0f28  amdxata - ok
13:48:36.0058 0x0f28  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:48:36.0076 0x0f28  AntiVirSchedulerService - ok
13:48:36.0087 0x0f28  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:48:36.0105 0x0f28  AntiVirService - ok
13:48:36.0108 0x0f28  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:48:36.0134 0x0f28  AppID - ok
13:48:36.0137 0x0f28  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:48:36.0164 0x0f28  AppIDSvc - ok
13:48:36.0168 0x0f28  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:48:36.0181 0x0f28  Appinfo - ok
13:48:36.0186 0x0f28  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:48:36.0196 0x0f28  Apple Mobile Device - ok
13:48:36.0198 0x0f28  [ 6BE11AD81D4527D299F0CB5F3731AABC, 9C01278D3336CD74B9672A2A9EF7AF836CB0E7F2EA5BC310E9ADDD1238B92229 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
13:48:36.0212 0x0f28  AppleCharger - ok
13:48:36.0215 0x0f28  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
13:48:36.0224 0x0f28  AppleChargerSrv - ok
13:48:36.0231 0x0f28  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:48:36.0248 0x0f28  AppMgmt - ok
13:48:36.0252 0x0f28  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:48:36.0263 0x0f28  arc - ok
13:48:36.0267 0x0f28  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:48:36.0278 0x0f28  arcsas - ok
13:48:36.0286 0x0f28  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:48:36.0299 0x0f28  aspnet_state - ok
13:48:36.0302 0x0f28  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:48:36.0327 0x0f28  AsyncMac - ok
13:48:36.0330 0x0f28  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:48:36.0339 0x0f28  atapi - ok
13:48:36.0344 0x0f28  [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:48:36.0357 0x0f28  AtiHDAudioService - ok
13:48:36.0374 0x0f28  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:48:36.0418 0x0f28  AudioEndpointBuilder - ok
13:48:36.0433 0x0f28  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:48:36.0467 0x0f28  AudioSrv - ok
13:48:36.0472 0x0f28  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:48:36.0484 0x0f28  avgntflt - ok
13:48:36.0489 0x0f28  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:48:36.0501 0x0f28  avipbb - ok
13:48:36.0507 0x0f28  [ A59D07E02A75EDC8FA141470C5EC96C3, A20416444B3C15F85651383F8D40F4F93400B1B78A60174A2AD3A6308836ED93 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
13:48:36.0514 0x0f28  Avira.OE.ServiceHost - ok
13:48:36.0517 0x0f28  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:48:36.0527 0x0f28  avkmgr - ok
13:48:36.0531 0x0f28  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:48:36.0556 0x0f28  AxInstSV - ok
13:48:36.0567 0x0f28  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:48:36.0591 0x0f28  b06bdrv - ok
13:48:36.0599 0x0f28  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:48:36.0616 0x0f28  b57nd60a - ok
13:48:36.0622 0x0f28  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:48:36.0637 0x0f28  BDESVC - ok
13:48:36.0639 0x0f28  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:48:36.0662 0x0f28  Beep - ok
13:48:36.0678 0x0f28  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:48:36.0709 0x0f28  BFE - ok
13:48:36.0728 0x0f28  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:48:36.0778 0x0f28  BITS - ok
13:48:36.0781 0x0f28  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:48:36.0793 0x0f28  blbdrive - ok
13:48:36.0805 0x0f28  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:48:36.0824 0x0f28  Bonjour Service - ok
13:48:36.0829 0x0f28  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:48:36.0842 0x0f28  bowser - ok
13:48:36.0844 0x0f28  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:48:36.0856 0x0f28  BrFiltLo - ok
13:48:36.0859 0x0f28  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:48:36.0870 0x0f28  BrFiltUp - ok
13:48:36.0875 0x0f28  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:48:36.0892 0x0f28  Browser - ok
13:48:36.0899 0x0f28  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:48:36.0920 0x0f28  Brserid - ok
13:48:36.0923 0x0f28  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:48:36.0936 0x0f28  BrSerWdm - ok
13:48:36.0939 0x0f28  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:48:36.0951 0x0f28  BrUsbMdm - ok
13:48:36.0953 0x0f28  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:48:36.0964 0x0f28  BrUsbSer - ok
13:48:36.0968 0x0f28  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:48:36.0981 0x0f28  BTHMODEM - ok
13:48:36.0986 0x0f28  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:48:37.0015 0x0f28  bthserv - ok
13:48:37.0019 0x0f28  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:48:37.0046 0x0f28  cdfs - ok
13:48:37.0051 0x0f28  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:48:37.0063 0x0f28  cdrom - ok
13:48:37.0067 0x0f28  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:48:37.0095 0x0f28  CertPropSvc - ok
13:48:37.0098 0x0f28  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:48:37.0111 0x0f28  circlass - ok
13:48:37.0121 0x0f28  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:48:37.0139 0x0f28  CLFS - ok
13:48:37.0144 0x0f28  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:37.0156 0x0f28  clr_optimization_v2.0.50727_32 - ok
13:48:37.0161 0x0f28  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:48:37.0173 0x0f28  clr_optimization_v2.0.50727_64 - ok
13:48:37.0183 0x0f28  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:48:37.0197 0x0f28  clr_optimization_v4.0.30319_32 - ok
13:48:37.0202 0x0f28  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:48:37.0219 0x0f28  clr_optimization_v4.0.30319_64 - ok
13:48:37.0222 0x0f28  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:48:37.0232 0x0f28  CmBatt - ok
13:48:37.0235 0x0f28  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:48:37.0244 0x0f28  cmdide - ok
13:48:37.0255 0x0f28  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:48:37.0281 0x0f28  CNG - ok
13:48:37.0284 0x0f28  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:48:37.0293 0x0f28  Compbatt - ok
13:48:37.0297 0x0f28  [ 0C5B0DF7EF9F719EBAE9F8FE70E083A9, 3C21F5688D7EF748B7D48625E85FB9D5A6A4ABCE1939AF4D6993D3AD5CE71FD2 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
13:48:37.0306 0x0f28  CompFilter64 - ok
13:48:37.0309 0x0f28  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:48:37.0322 0x0f28  CompositeBus - ok
13:48:37.0324 0x0f28  COMSysApp - ok
13:48:37.0341 0x0f28  [ AAA4A82C0DFBF87C6E06523A4A535E51, 17BC707D9251A4A84FF62D6AF2A2282984BF107FB28F538EE42C085B945B09F9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:48:37.0359 0x0f28  cphs - ok
13:48:37.0362 0x0f28  cpuz137 - ok
13:48:37.0365 0x0f28  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:48:37.0374 0x0f28  crcdisk - ok
13:48:37.0381 0x0f28  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:48:37.0398 0x0f28  CryptSvc - ok
13:48:37.0410 0x0f28  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:48:37.0434 0x0f28  CSC - ok
13:48:37.0450 0x0f28  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:48:37.0481 0x0f28  CscService - ok
13:48:37.0494 0x0f28  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:48:37.0528 0x0f28  DcomLaunch - ok
13:48:37.0536 0x0f28  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:48:37.0570 0x0f28  defragsvc - ok
13:48:37.0575 0x0f28  [ 5C9F7E0E93D31F3A8DE6732FD9F7E6FD, 6C47BA69CB6D24528E67C5E983036D64D4AB1CB582D9724694BE46C89B3AB74A ] DES2 Service    C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
13:48:37.0585 0x0f28  DES2 Service - detected UnsignedFile.Multi.Generic ( 1 )
13:48:43.0034 0x0f28  Detect skipped due to KSN trusted
13:48:43.0034 0x0f28  DES2 Service - ok
13:48:43.0042 0x0f28  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:48:43.0080 0x0f28  DfsC - ok
13:48:43.0089 0x0f28  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:48:43.0111 0x0f28  Dhcp - ok
13:48:43.0114 0x0f28  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:48:43.0140 0x0f28  discache - ok
13:48:43.0144 0x0f28  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:48:43.0155 0x0f28  Disk - ok
13:48:43.0161 0x0f28  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:48:43.0178 0x0f28  Dnscache - ok
13:48:43.0186 0x0f28  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:48:43.0219 0x0f28  dot3svc - ok
13:48:43.0224 0x0f28  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:48:43.0254 0x0f28  DPS - ok
13:48:43.0256 0x0f28  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:48:43.0265 0x0f28  drmkaud - ok
13:48:43.0287 0x0f28  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:48:43.0317 0x0f28  DXGKrnl - ok
13:48:43.0322 0x0f28  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:48:43.0352 0x0f28  EapHost - ok
13:48:43.0413 0x0f28  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:48:43.0504 0x0f28  ebdrv - ok
13:48:43.0509 0x0f28  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:48:43.0522 0x0f28  EFS - ok
13:48:43.0539 0x0f28  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:48:43.0573 0x0f28  ehRecvr - ok
13:48:43.0577 0x0f28  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:48:43.0595 0x0f28  ehSched - ok
13:48:43.0608 0x0f28  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:48:43.0630 0x0f28  elxstor - ok
13:48:43.0633 0x0f28  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:48:43.0643 0x0f28  ErrDev - ok
13:48:43.0647 0x0f28  [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv           C:\Windows\etdrv.sys
13:48:43.0656 0x0f28  etdrv - ok
13:48:43.0659 0x0f28  [ FD291A75ECAF197F07BD2040C2A7322A, B4DE1B8A75928C8E6DF870A7B6F286EAA0B9A5D9443E99B66633F8B60013AC67 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
13:48:43.0671 0x0f28  EtronHub3 - ok
13:48:43.0675 0x0f28  [ DDE9068F9BAC0210195F217AA39B9276, 3AE8CE03B0F93EF6006B46F8DFD5523F6C1951D98FB9A411EA90261C368A453F ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
13:48:43.0687 0x0f28  EtronXHCI - ok
13:48:43.0698 0x0f28  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:48:43.0735 0x0f28  EventSystem - ok
13:48:43.0741 0x0f28  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:48:43.0768 0x0f28  exfat - ok
13:48:43.0774 0x0f28  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:48:43.0801 0x0f28  fastfat - ok
13:48:43.0817 0x0f28  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:48:43.0846 0x0f28  Fax - ok
13:48:43.0849 0x0f28  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:48:43.0861 0x0f28  fdc - ok
13:48:43.0863 0x0f28  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:48:43.0888 0x0f28  fdPHost - ok
13:48:43.0891 0x0f28  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:48:43.0919 0x0f28  FDResPub - ok
13:48:43.0922 0x0f28  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:48:43.0933 0x0f28  FileInfo - ok
13:48:43.0935 0x0f28  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:48:43.0961 0x0f28  Filetrace - ok
13:48:43.0963 0x0f28  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:48:43.0974 0x0f28  flpydisk - ok
13:48:43.0982 0x0f28  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:48:43.0999 0x0f28  FltMgr - ok
13:48:44.0023 0x0f28  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:48:44.0066 0x0f28  FontCache - ok
13:48:44.0070 0x0f28  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:48:44.0079 0x0f28  FontCache3.0.0.0 - ok
13:48:44.0149 0x0f28  [ 26EABEEA7F30DCF21DA0577C4EE26FAA, 20C3CD2579ED6853249B1EAEF23DF2904779BA2E806D00C30F81EA9A1612AE0F ] FoxitCloudUpdateService D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
13:48:44.0174 0x0f28  FoxitCloudUpdateService - ok
13:48:44.0179 0x0f28  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:48:44.0195 0x0f28  FsDepends - ok
13:48:44.0199 0x0f28  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:48:44.0209 0x0f28  Fs_Rec - ok
13:48:44.0223 0x0f28  [ 6A420537442958B8F470CE60C55EDF2B, 4C41D157E5B1C8F4B1B00C454AD8AAEBB672898837B6C6E403398E5B878D18F2 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
13:48:44.0245 0x0f28  Futuremark SystemInfo Service - ok
13:48:44.0252 0x0f28  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:48:44.0270 0x0f28  fvevol - ok
13:48:44.0274 0x0f28  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:48:44.0285 0x0f28  gagp30kx - ok
13:48:44.0287 0x0f28  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
13:48:44.0295 0x0f28  gdrv - ok
13:48:44.0298 0x0f28  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:48:44.0307 0x0f28  GEARAspiWDM - ok
13:48:44.0324 0x0f28  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:48:44.0371 0x0f28  gpsvc - ok
13:48:44.0373 0x0f28  GPUZ - ok
13:48:44.0377 0x0f28  [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64        C:\Windows\GVTDrv64.sys
13:48:44.0386 0x0f28  GVTDrv64 - ok
13:48:44.0390 0x0f28  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
13:48:44.0398 0x0f28  hamachi - ok
13:48:44.0478 0x0f28  [ E24E88736B13BC54CA93E7F86A0F4FCF, 0BD480373AE40C1155E4B4C1D5607C7DF9CD4C5D9C5034F7A35993180BDF2665 ] Hamachi2Svc     D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:48:44.0544 0x0f28  Hamachi2Svc - ok
13:48:44.0549 0x0f28  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:48:44.0562 0x0f28  hcw85cir - ok
13:48:44.0571 0x0f28  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:48:44.0594 0x0f28  HdAudAddService - ok
13:48:44.0599 0x0f28  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:48:44.0615 0x0f28  HDAudBus - ok
13:48:44.0618 0x0f28  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:48:44.0630 0x0f28  HidBatt - ok
13:48:44.0634 0x0f28  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:48:44.0649 0x0f28  HidBth - ok
13:48:44.0652 0x0f28  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:48:44.0666 0x0f28  HidIr - ok
13:48:44.0669 0x0f28  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:48:44.0696 0x0f28  hidserv - ok
13:48:44.0699 0x0f28  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:48:44.0710 0x0f28  HidUsb - ok
13:48:44.0714 0x0f28  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:48:44.0743 0x0f28  hkmsvc - ok
13:48:44.0750 0x0f28  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:48:44.0771 0x0f28  HomeGroupListener - ok
13:48:44.0777 0x0f28  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:48:44.0794 0x0f28  HomeGroupProvider - ok
13:48:44.0798 0x0f28  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:48:44.0809 0x0f28  HpSAMD - ok
13:48:44.0826 0x0f28  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:48:44.0873 0x0f28  HTTP - ok
13:48:44.0876 0x0f28  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:48:44.0885 0x0f28  hwpolicy - ok
13:48:44.0889 0x0f28  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:48:44.0902 0x0f28  i8042prt - ok
13:48:44.0917 0x0f28  [ 2FDAEC4B02729C48C0FD1B0B4695995B, 87331D91FA3A23257B9913067B7B16D08710408070795B638058DBF728BBB288 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:48:44.0938 0x0f28  iaStor - ok
13:48:44.0954 0x0f28  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
13:48:44.0971 0x0f28  iaStorA - ok
13:48:44.0976 0x0f28  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:48:44.0984 0x0f28  IAStorDataMgrSvc - ok
13:48:44.0987 0x0f28  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
13:48:44.0996 0x0f28  iaStorF - ok
13:48:45.0006 0x0f28  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:48:45.0025 0x0f28  iaStorV - ok
13:48:45.0031 0x0f28  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:48:45.0045 0x0f28  ICCS - ok
13:48:45.0050 0x0f28  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:48:45.0061 0x0f28  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:48:50.0810 0x0f28  Detect skipped due to KSN trusted
13:48:50.0810 0x0f28  IDriverT - ok
13:48:50.0843 0x0f28  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:48:50.0881 0x0f28  idsvc - ok
13:48:50.0883 0x0f28  IEEtwCollectorService - ok
13:48:50.0981 0x0f28  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:48:51.0126 0x0f28  igfx - ok
13:48:51.0133 0x0f28  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:48:51.0143 0x0f28  iirsp - ok
13:48:51.0163 0x0f28  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:48:51.0197 0x0f28  IKEEXT - ok
13:48:51.0273 0x0f28  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:48:51.0370 0x0f28  IntcAzAudAddService - ok
13:48:51.0382 0x0f28  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:48:51.0401 0x0f28  IntcDAud - ok
13:48:51.0405 0x0f28  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:48:51.0414 0x0f28  intelide - ok
13:48:51.0417 0x0f28  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:48:51.0431 0x0f28  intelppm - ok
13:48:51.0435 0x0f28  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:48:51.0465 0x0f28  IPBusEnum - ok
13:48:51.0469 0x0f28  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:48:51.0495 0x0f28  IpFilterDriver - ok
13:48:51.0508 0x0f28  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:48:51.0536 0x0f28  iphlpsvc - ok
13:48:51.0541 0x0f28  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:48:51.0554 0x0f28  IPMIDRV - ok
13:48:51.0559 0x0f28  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:48:51.0587 0x0f28  IPNAT - ok
13:48:51.0602 0x0f28  [ 68A5EDD4843CF0033BAE537C9C495F69, 386C66A6562218D0F0A616D75457CDA4B82DB87DC3DA83935497819963DB6D86 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:48:51.0627 0x0f28  iPod Service - ok
13:48:51.0630 0x0f28  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:48:51.0648 0x0f28  IRENUM - ok
13:48:51.0651 0x0f28  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:48:51.0660 0x0f28  isapnp - ok
13:48:51.0668 0x0f28  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:48:51.0684 0x0f28  iScsiPrt - ok
13:48:51.0687 0x0f28  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:48:51.0697 0x0f28  kbdclass - ok
13:48:51.0700 0x0f28  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:48:51.0710 0x0f28  kbdhid - ok
13:48:51.0713 0x0f28  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:48:51.0721 0x0f28  KeyIso - ok
13:48:51.0725 0x0f28  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:48:51.0736 0x0f28  KSecDD - ok
13:48:51.0741 0x0f28  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:48:51.0754 0x0f28  KSecPkg - ok
13:48:51.0757 0x0f28  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:48:51.0782 0x0f28  ksthunk - ok
13:48:51.0792 0x0f28  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:48:51.0828 0x0f28  KtmRm - ok
13:48:51.0835 0x0f28  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:48:51.0866 0x0f28  LanmanServer - ok
13:48:51.0871 0x0f28  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:48:51.0900 0x0f28  LanmanWorkstation - ok
13:48:51.0903 0x0f28  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
13:48:51.0912 0x0f28  LGBusEnum - ok
13:48:51.0915 0x0f28  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
13:48:51.0929 0x0f28  LGSHidFilt - ok
13:48:51.0932 0x0f28  [ 8F4DA100274CF85D94FBA8CA76125255, 1ADA7C36C915CB9BD41CF291F8E6990746A83F4D2ABCC5CAF765A3CE388BE5E5 ] LGSUsbFilt      C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
13:48:51.0941 0x0f28  LGSUsbFilt - ok
13:48:51.0943 0x0f28  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
13:48:51.0951 0x0f28  LGVirHid - ok
13:48:51.0955 0x0f28  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:48:51.0981 0x0f28  lltdio - ok
13:48:51.0989 0x0f28  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:48:52.0025 0x0f28  lltdsvc - ok
13:48:52.0027 0x0f28  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:48:52.0052 0x0f28  lmhosts - ok
13:48:52.0057 0x0f28  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:48:52.0069 0x0f28  LSI_FC - ok
13:48:52.0073 0x0f28  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:48:52.0085 0x0f28  LSI_SAS - ok
13:48:52.0088 0x0f28  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:48:52.0099 0x0f28  LSI_SAS2 - ok
13:48:52.0103 0x0f28  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:48:52.0115 0x0f28  LSI_SCSI - ok
13:48:52.0119 0x0f28  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:48:52.0148 0x0f28  luafv - ok
13:48:52.0157 0x0f28  [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
13:48:52.0174 0x0f28  LVRS64 - ok
13:48:52.0260 0x0f28  [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
13:48:52.0370 0x0f28  LVUVC64 - ok
13:48:52.0377 0x0f28  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:48:52.0392 0x0f28  Mcx2Svc - ok
13:48:52.0395 0x0f28  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:48:52.0405 0x0f28  megasas - ok
13:48:52.0413 0x0f28  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:48:52.0428 0x0f28  MegaSR - ok
13:48:52.0432 0x0f28  [ 1C6E73FC46B509EFF9D0086AA37132DF, B4FB5512D75112C553FC22593F6123A7C9B9B7825D40148F604CCEFEB149FD97 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:48:52.0441 0x0f28  MEIx64 - ok
13:48:52.0445 0x0f28  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:48:52.0472 0x0f28  MMCSS - ok
13:48:52.0475 0x0f28  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:48:52.0499 0x0f28  Modem - ok
13:48:52.0502 0x0f28  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:48:52.0515 0x0f28  monitor - ok
13:48:52.0518 0x0f28  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:48:52.0528 0x0f28  mouclass - ok
13:48:52.0531 0x0f28  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:48:52.0543 0x0f28  mouhid - ok
13:48:52.0547 0x0f28  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:48:52.0559 0x0f28  mountmgr - ok
13:48:52.0563 0x0f28  [ 43BCA4038E290F75B5B6FECBFF5288A2, 52076DC16CDBD5A86AF2157528E56B52442489C45429B5EE39D7B34863414682 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:48:52.0576 0x0f28  MozillaMaintenance - ok
13:48:52.0582 0x0f28  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:48:52.0596 0x0f28  mpio - ok
13:48:52.0599 0x0f28  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:48:52.0626 0x0f28  mpsdrv - ok
13:48:52.0644 0x0f28  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:48:52.0692 0x0f28  MpsSvc - ok
13:48:52.0698 0x0f28  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:48:52.0713 0x0f28  MRxDAV - ok
13:48:52.0718 0x0f28  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:48:52.0734 0x0f28  mrxsmb - ok
13:48:52.0742 0x0f28  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:48:52.0759 0x0f28  mrxsmb10 - ok
13:48:52.0765 0x0f28  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:48:52.0779 0x0f28  mrxsmb20 - ok
13:48:52.0782 0x0f28  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:48:52.0791 0x0f28  msahci - ok
13:48:52.0797 0x0f28  [ A592A054D78750B4D73ABAA4C94DECDF, 40B135C9F9EE698EC78BD19BD18353AE2CF4D020DDB9CFC37CD2FDBF7602614A ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
13:48:52.0811 0x0f28  MSCamSvc - ok
13:48:52.0816 0x0f28  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:48:52.0829 0x0f28  msdsm - ok
13:48:52.0834 0x0f28  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:48:52.0850 0x0f28  MSDTC - ok
13:48:52.0854 0x0f28  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:48:52.0876 0x0f28  Msfs - ok
13:48:52.0879 0x0f28  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:48:52.0902 0x0f28  mshidkmdf - ok
13:48:52.0905 0x0f28  [ 55218F924E55FD2786ED40EDF4ED79C3, C6000DE3A1FB526ECB77438A03F7212517CCD5E0CC9DDA07826865F8B980BEA0 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
13:48:52.0914 0x0f28  MSHUSBVideo - ok
13:48:52.0917 0x0f28  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:48:52.0925 0x0f28  msisadrv - ok
13:48:52.0931 0x0f28  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:48:52.0961 0x0f28  MSiSCSI - ok
13:48:52.0963 0x0f28  msiserver - ok
13:48:52.0965 0x0f28  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:48:52.0989 0x0f28  MSKSSRV - ok
13:48:52.0992 0x0f28  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:48:53.0016 0x0f28  MSPCLOCK - ok
13:48:53.0018 0x0f28  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:48:53.0042 0x0f28  MSPQM - ok
13:48:53.0051 0x0f28  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:48:53.0065 0x0f28  MsRPC - ok
13:48:53.0069 0x0f28  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:48:53.0079 0x0f28  mssmbios - ok
13:48:53.0081 0x0f28  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:48:53.0106 0x0f28  MSTEE - ok
13:48:53.0108 0x0f28  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:48:53.0119 0x0f28  MTConfig - ok
13:48:53.0123 0x0f28  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:48:53.0133 0x0f28  Mup - ok
13:48:53.0145 0x0f28  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:48:53.0177 0x0f28  napagent - ok
13:48:53.0186 0x0f28  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:48:53.0209 0x0f28  NativeWifiP - ok
13:48:53.0230 0x0f28  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:48:53.0265 0x0f28  NDIS - ok
13:48:53.0269 0x0f28  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:48:53.0294 0x0f28  NdisCap - ok
13:48:53.0297 0x0f28  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:48:53.0321 0x0f28  NdisTapi - ok
13:48:53.0325 0x0f28  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:48:53.0350 0x0f28  Ndisuio - ok
13:48:53.0356 0x0f28  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:53.0385 0x0f28  NdisWan - ok
13:48:53.0388 0x0f28  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:48:53.0411 0x0f28  NDProxy - ok
13:48:53.0414 0x0f28  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:48:53.0440 0x0f28  NetBIOS - ok
13:48:53.0448 0x0f28  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:48:53.0479 0x0f28  NetBT - ok
13:48:53.0482 0x0f28  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:48:53.0490 0x0f28  Netlogon - ok
13:48:53.0499 0x0f28  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:48:53.0537 0x0f28  Netman - ok
13:48:53.0543 0x0f28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:53.0559 0x0f28  NetMsmqActivator - ok
13:48:53.0563 0x0f28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:53.0572 0x0f28  NetPipeActivator - ok
13:48:53.0584 0x0f28  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:48:53.0621 0x0f28  netprofm - ok
13:48:53.0625 0x0f28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:53.0635 0x0f28  NetTcpActivator - ok
13:48:53.0639 0x0f28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:53.0648 0x0f28  NetTcpPortSharing - ok
13:48:53.0651 0x0f28  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:48:53.0661 0x0f28  nfrd960 - ok
13:48:53.0669 0x0f28  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:48:53.0689 0x0f28  NlaSvc - ok
13:48:53.0693 0x0f28  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
13:48:53.0702 0x0f28  NPF - ok
13:48:53.0705 0x0f28  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:48:53.0728 0x0f28  Npfs - ok
13:48:53.0731 0x0f28  [ B785BC959F7B0514971A317CA86A2628, A282E67035D024D08C9F70D19B17A3CA5FC0424AD37C8FA0912DEFBF340A8FB0 ] npusbio         C:\Windows\system32\Drivers\npusbio_x64.sys
13:48:53.0741 0x0f28  npusbio - ok
13:48:53.0744 0x0f28  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:48:53.0770 0x0f28  nsi - ok
13:48:53.0773 0x0f28  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:48:53.0798 0x0f28  nsiproxy - ok
13:48:53.0832 0x0f28  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:48:53.0872 0x0f28  Ntfs - ok
13:48:53.0876 0x0f28  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:48:53.0899 0x0f28  Null - ok
13:48:53.0905 0x0f28  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
13:48:53.0918 0x0f28  NVHDA - ok
13:48:54.0163 0x0f28  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:48:54.0475 0x0f28  nvlddmkm - ok
13:48:54.0518 0x0f28  [ D3791C720DDEE697C0933B14DC135D9C, BE10585887F3C48464A856AC3510AF30D14849EEC1556D9E356A506784CB02A5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
13:48:54.0572 0x0f28  NvNetworkService - ok
13:48:54.0579 0x0f28  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:48:54.0591 0x0f28  nvraid - ok
13:48:54.0597 0x0f28  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:48:54.0610 0x0f28  nvstor - ok
13:48:54.0614 0x0f28  [ 89C5BFA394D65CD305A35D3C4884265E, AA7C2007C7668817408CC56A593700FAA1D618607F71445C2D039A0BE5DE1DD1 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:48:54.0622 0x0f28  NvStreamKms - ok
13:48:54.0970 0x0f28  [ 5E7DD556394FA56B3C2AAB6B4C624DAC, 11364E6F5B98B21DBAAC3567687C49254CBBDEED666CEF830C4BC7F294FDB245 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
13:48:55.0404 0x0f28  NvStreamSvc - ok
13:48:55.0439 0x0f28  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:48:55.0464 0x0f28  nvsvc - ok
13:48:55.0468 0x0f28  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
13:48:55.0477 0x0f28  nvvad_WaveExtensible - ok
13:48:55.0482 0x0f28  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:48:55.0493 0x0f28  nv_agp - ok
13:48:55.0505 0x0f28  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:48:55.0526 0x0f28  odserv - ok
13:48:55.0530 0x0f28  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:48:55.0542 0x0f28  ohci1394 - ok
13:48:55.0548 0x0f28  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:55.0561 0x0f28  ose - ok
13:48:55.0571 0x0f28  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:48:55.0592 0x0f28  p2pimsvc - ok
13:48:55.0603 0x0f28  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:48:55.0627 0x0f28  p2psvc - ok
13:48:55.0631 0x0f28  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:48:55.0644 0x0f28  Parport - ok
13:48:55.0648 0x0f28  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:48:55.0659 0x0f28  partmgr - ok
13:48:55.0665 0x0f28  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:48:55.0685 0x0f28  PcaSvc - ok
13:48:55.0691 0x0f28  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:48:55.0705 0x0f28  pci - ok
13:48:55.0708 0x0f28  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:48:55.0716 0x0f28  pciide - ok
13:48:55.0723 0x0f28  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:48:55.0737 0x0f28  pcmcia - ok
13:48:55.0741 0x0f28  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:48:55.0751 0x0f28  pcw - ok
13:48:55.0766 0x0f28  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:48:55.0812 0x0f28  PEAUTH - ok
13:48:55.0840 0x0f28  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:48:55.0888 0x0f28  PeerDistSvc - ok
13:48:55.0901 0x0f28  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:48:55.0913 0x0f28  PerfHost - ok
13:48:55.0944 0x0f28  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:48:56.0004 0x0f28  pla - ok
13:48:56.0015 0x0f28  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:48:56.0039 0x0f28  PlugPlay - ok
13:48:56.0044 0x0f28  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
13:48:56.0056 0x0f28  PnkBstrA - ok
13:48:56.0059 0x0f28  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:48:56.0072 0x0f28  PNRPAutoReg - ok
13:48:56.0081 0x0f28  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:48:56.0095 0x0f28  PNRPsvc - ok
13:48:56.0107 0x0f28  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:48:56.0145 0x0f28  PolicyAgent - ok
13:48:56.0151 0x0f28  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:48:56.0182 0x0f28  Power - ok
13:48:56.0186 0x0f28  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:48:56.0214 0x0f28  PptpMiniport - ok
13:48:56.0217 0x0f28  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:48:56.0230 0x0f28  Processor - ok
13:48:56.0236 0x0f28  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:48:56.0255 0x0f28  ProfSvc - ok
13:48:56.0257 0x0f28  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:48:56.0265 0x0f28  ProtectedStorage - ok
13:48:56.0270 0x0f28  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:48:56.0299 0x0f28  Psched - ok
13:48:56.0302 0x0f28  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:48:56.0312 0x0f28  PxHlpa64 - ok
13:48:56.0342 0x0f28  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:48:56.0385 0x0f28  ql2300 - ok
13:48:56.0391 0x0f28  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:48:56.0403 0x0f28  ql40xx - ok
13:48:56.0410 0x0f28  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:48:56.0432 0x0f28  QWAVE - ok
13:48:56.0434 0x0f28  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:48:56.0449 0x0f28  QWAVEdrv - ok
13:48:56.0451 0x0f28  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:48:56.0475 0x0f28  RasAcd - ok
13:48:56.0479 0x0f28  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:48:56.0505 0x0f28  RasAgileVpn - ok
13:48:56.0509 0x0f28  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:48:56.0538 0x0f28  RasAuto - ok
13:48:56.0543 0x0f28  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:48:56.0572 0x0f28  Rasl2tp - ok
13:48:56.0581 0x0f28  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:48:56.0616 0x0f28  RasMan - ok
13:48:56.0620 0x0f28  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:48:56.0647 0x0f28  RasPppoe - ok
13:48:56.0651 0x0f28  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:48:56.0678 0x0f28  RasSstp - ok
13:48:56.0687 0x0f28  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:48:56.0720 0x0f28  rdbss - ok
13:48:56.0723 0x0f28  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:48:56.0735 0x0f28  rdpbus - ok
13:48:56.0737 0x0f28  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:48:56.0761 0x0f28  RDPCDD - ok
13:48:56.0768 0x0f28  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:48:56.0784 0x0f28  RDPDR - ok
13:48:56.0786 0x0f28  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:48:56.0810 0x0f28  RDPENCDD - ok
13:48:56.0813 0x0f28  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:48:56.0838 0x0f28  RDPREFMP - ok
13:48:56.0841 0x0f28  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:48:56.0852 0x0f28  RdpVideoMiniport - ok
13:48:56.0859 0x0f28  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:48:56.0872 0x0f28  RDPWD - ok
13:48:56.0879 0x0f28  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:48:56.0894 0x0f28  rdyboost - ok
13:48:56.0898 0x0f28  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:48:56.0927 0x0f28  RemoteAccess - ok
13:48:56.0933 0x0f28  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:48:56.0964 0x0f28  RemoteRegistry - ok
13:48:56.0970 0x0f28  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
13:48:56.0982 0x0f28  rpcapd - ok
13:48:56.0986 0x0f28  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:48:57.0014 0x0f28  RpcEptMapper - ok
13:48:57.0016 0x0f28  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:48:57.0027 0x0f28  RpcLocator - ok
13:48:57.0039 0x0f28  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:48:57.0071 0x0f28  RpcSs - ok
13:48:57.0075 0x0f28  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:48:57.0102 0x0f28  rspndr - ok
13:48:57.0111 0x0f28  [ 2E7D1CA91D62501713C9D6E6704395C6, 823D9D9CC0971732D9121B67C534E30A78C83869594E4CCA91FCC0BE743610EF ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
13:48:57.0128 0x0f28  RTHDMIAzAudService - ok
13:48:57.0143 0x0f28  [ 7F4F11527AF5A7E4526CB6A146B3E40C, 705177014374AB2F12AF4558344C35C206C2820BD1A16770173EA10D094D182B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:48:57.0165 0x0f28  RTL8167 - ok
13:48:57.0169 0x0f28  [ E16B7C030A05EF649B18FAB0A93D871F, 0F532D534A93D71650E2F7AF677419A6B38CE3142C98983565F1D759E544A4ED ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
13:48:57.0177 0x0f28  RtNdPt60 - ok
13:48:57.0181 0x0f28  [ 66B7587714BC9BD850D0A49041B90CA0, 48FCA14E6D4851BFA7C84536771F409CAD2EE7F5DE5F9EC01901B5A12E27BBA9 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam620.sys
13:48:57.0190 0x0f28  RTTEAMPT - ok
13:48:57.0192 0x0f28  [ C74798D1A2743C102154BD7871D92833, 521A4C9D8E614F2C12E4435FFC8703F7AFA98B0A0DC64F6615ECB4FE62F422EC ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan620.sys
13:48:57.0201 0x0f28  RTVLANPT - ok
13:48:57.0203 0x0f28  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:48:57.0213 0x0f28  s3cap - ok
13:48:57.0216 0x0f28  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:48:57.0224 0x0f28  SamSs - ok
13:48:57.0228 0x0f28  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:48:57.0240 0x0f28  sbp2port - ok
13:48:57.0246 0x0f28  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:48:57.0278 0x0f28  SCardSvr - ok
13:48:57.0281 0x0f28  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:48:57.0306 0x0f28  scfilter - ok
13:48:57.0334 0x0f28  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:48:57.0394 0x0f28  Schedule - ok
13:48:57.0398 0x0f28  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:48:57.0421 0x0f28  SCPolicySvc - ok
13:48:57.0429 0x0f28  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:48:57.0449 0x0f28  SDRSVC - ok
13:48:57.0451 0x0f28  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:48:57.0474 0x0f28  secdrv - ok
13:48:57.0477 0x0f28  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:48:57.0503 0x0f28  seclogon - ok
13:48:57.0509 0x0f28  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:48:57.0537 0x0f28  SENS - ok
13:48:57.0541 0x0f28  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:48:57.0555 0x0f28  SensrSvc - ok
13:48:57.0558 0x0f28  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:48:57.0569 0x0f28  Serenum - ok
13:48:57.0573 0x0f28  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:48:57.0586 0x0f28  Serial - ok
13:48:57.0589 0x0f28  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:48:57.0600 0x0f28  sermouse - ok
13:48:57.0607 0x0f28  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:48:57.0637 0x0f28  SessionEnv - ok
13:48:57.0639 0x0f28  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:48:57.0651 0x0f28  sffdisk - ok
13:48:57.0654 0x0f28  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:48:57.0666 0x0f28  sffp_mmc - ok
13:48:57.0668 0x0f28  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:48:57.0680 0x0f28  sffp_sd - ok
13:48:57.0682 0x0f28  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:48:57.0693 0x0f28  sfloppy - ok
13:48:57.0702 0x0f28  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:48:57.0738 0x0f28  SharedAccess - ok
13:48:57.0748 0x0f28  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:48:57.0783 0x0f28  ShellHWDetection - ok
13:48:57.0786 0x0f28  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:48:57.0796 0x0f28  SiSRaid2 - ok
13:48:57.0800 0x0f28  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:48:57.0811 0x0f28  SiSRaid4 - ok
13:48:57.0816 0x0f28  [ 101556F6216E97F1258D87C38203695F, 49506CC2BB4630EB016CE806B3FFEDA183D17D16FFD04FC5A7850E5660C0C1E2 ] Smart TimeLock  C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
13:48:57.0826 0x0f28  Smart TimeLock - detected UnsignedFile.Multi.Generic ( 1 )
13:49:03.0269 0x0f28  Detect skipped due to KSN trusted
13:49:03.0270 0x0f28  Smart TimeLock - ok
13:49:03.0277 0x0f28  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:49:03.0324 0x0f28  Smb - ok
13:49:03.0328 0x0f28  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:49:03.0340 0x0f28  SNMPTRAP - ok
13:49:03.0544 0x0f28  [ 37D91C6385BB1104D67925FC43800ED0, E3DBD9B7A4AC7EE193454C83A978EA6F1D7212B282CCDDC4A9366D4EB4F1C3B6 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
13:49:03.0828 0x0f28  SNPSTD3 - ok
13:49:03.0839 0x0f28  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:49:03.0846 0x0f28  spldr - ok
13:49:03.0860 0x0f28  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:49:03.0888 0x0f28  Spooler - ok
13:49:03.0955 0x0f28  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:49:04.0072 0x0f28  sppsvc - ok
13:49:04.0078 0x0f28  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:49:04.0107 0x0f28  sppuinotify - ok
13:49:04.0112 0x0f28  [ 3F1292E8ABF33070BF5A3838D85DF121, 96D3CEF6DE210463C0909499CBCD25599B76E8FC486A1CF8004807CD15986767 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:49:04.0126 0x0f28  SQLWriter - ok
13:49:04.0138 0x0f28  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:49:04.0162 0x0f28  srv - ok
13:49:04.0173 0x0f28  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:49:04.0196 0x0f28  srv2 - ok
13:49:04.0202 0x0f28  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:49:04.0217 0x0f28  srvnet - ok
13:49:04.0223 0x0f28  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:49:04.0256 0x0f28  SSDPSRV - ok
13:49:04.0260 0x0f28  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:49:04.0288 0x0f28  SstpSvc - ok
13:49:04.0307 0x0f28  [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:49:04.0340 0x0f28  Steam Client Service - ok
13:49:04.0351 0x0f28  [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:49:04.0374 0x0f28  Stereo Service - ok
13:49:04.0377 0x0f28  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:49:04.0386 0x0f28  stexstor - ok
13:49:04.0400 0x0f28  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:49:04.0432 0x0f28  stisvc - ok
13:49:04.0435 0x0f28  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:49:04.0445 0x0f28  storflt - ok
13:49:04.0448 0x0f28  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:49:04.0458 0x0f28  storvsc - ok
13:49:04.0460 0x0f28  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:49:04.0469 0x0f28  swenum - ok
13:49:04.0483 0x0f28  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:49:04.0511 0x0f28  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:49:09.0958 0x0f28  Detect skipped due to KSN trusted
13:49:09.0958 0x0f28  SwitchBoard - ok
13:49:09.0981 0x0f28  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:49:10.0034 0x0f28  swprv - ok
13:49:10.0036 0x0f28  Synth3dVsc - ok
13:49:10.0071 0x0f28  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:49:10.0133 0x0f28  SysMain - ok
13:49:10.0138 0x0f28  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:49:10.0156 0x0f28  TabletInputService - ok
13:49:10.0165 0x0f28  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:49:10.0199 0x0f28  TapiSrv - ok
13:49:10.0203 0x0f28  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:49:10.0231 0x0f28  TBS - ok
13:49:10.0268 0x0f28  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:49:10.0329 0x0f28  Tcpip - ok
13:49:10.0366 0x0f28  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:49:10.0403 0x0f28  TCPIP6 - ok
13:49:10.0409 0x0f28  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:49:10.0420 0x0f28  tcpipreg - ok
13:49:10.0424 0x0f28  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:49:10.0434 0x0f28  TDPIPE - ok
13:49:10.0436 0x0f28  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:49:10.0447 0x0f28  TDTCP - ok
13:49:10.0451 0x0f28  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:49:10.0478 0x0f28  tdx - ok
13:49:10.0482 0x0f28  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:49:10.0490 0x0f28  teamviewervpn - ok
13:49:10.0493 0x0f28  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:49:10.0504 0x0f28  TermDD - ok
13:49:10.0520 0x0f28  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:49:10.0559 0x0f28  TermService - ok
13:49:10.0563 0x0f28  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:49:10.0580 0x0f28  Themes - ok
13:49:10.0584 0x0f28  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:49:10.0607 0x0f28  THREADORDER - ok
13:49:10.0612 0x0f28  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:49:10.0642 0x0f28  TrkWks - ok
13:49:10.0648 0x0f28  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:49:10.0678 0x0f28  TrustedInstaller - ok
13:49:10.0682 0x0f28  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:49:10.0693 0x0f28  tssecsrv - ok
13:49:10.0697 0x0f28  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:49:10.0710 0x0f28  TsUsbFlt - ok
13:49:10.0712 0x0f28  tsusbhub - ok
13:49:10.0717 0x0f28  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:49:10.0746 0x0f28  tunnel - ok
13:49:10.0750 0x0f28  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:49:10.0762 0x0f28  uagp35 - ok
13:49:10.0771 0x0f28  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:49:10.0805 0x0f28  udfs - ok
13:49:10.0810 0x0f28  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:49:10.0824 0x0f28  UI0Detect - ok
13:49:10.0827 0x0f28  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:49:10.0838 0x0f28  uliagpkx - ok
13:49:10.0841 0x0f28  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
13:49:10.0854 0x0f28  umbus - ok
13:49:10.0857 0x0f28  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:49:10.0867 0x0f28  UmPass - ok
13:49:10.0873 0x0f28  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:49:10.0891 0x0f28  UmRdpService - ok
13:49:10.0901 0x0f28  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:49:10.0937 0x0f28  upnphost - ok
13:49:10.0942 0x0f28  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:49:10.0955 0x0f28  USBAAPL64 - ok
13:49:10.0959 0x0f28  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:49:10.0974 0x0f28  usbaudio - ok
13:49:10.0978 0x0f28  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:49:10.0992 0x0f28  usbccgp - ok
13:49:10.0996 0x0f28  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:49:11.0011 0x0f28  usbcir - ok
13:49:11.0014 0x0f28  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:49:11.0026 0x0f28  usbehci - ok
13:49:11.0035 0x0f28  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:49:11.0057 0x0f28  usbhub - ok
13:49:11.0059 0x0f28  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:49:11.0069 0x0f28  usbohci - ok
13:49:11.0072 0x0f28  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:49:11.0085 0x0f28  usbprint - ok
13:49:11.0089 0x0f28  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:49:11.0102 0x0f28  USBSTOR - ok
13:49:11.0105 0x0f28  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:49:11.0116 0x0f28  usbuhci - ok
13:49:11.0122 0x0f28  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:49:11.0136 0x0f28  usbvideo - ok
13:49:11.0139 0x0f28  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:49:11.0166 0x0f28  UxSms - ok
13:49:11.0169 0x0f28  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:49:11.0176 0x0f28  VaultSvc - ok
13:49:11.0179 0x0f28  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:49:11.0189 0x0f28  vdrvroot - ok
13:49:11.0201 0x0f28  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:49:11.0240 0x0f28  vds - ok
13:49:11.0243 0x0f28  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:49:11.0256 0x0f28  vga - ok
13:49:11.0258 0x0f28  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:49:11.0283 0x0f28  VgaSave - ok
13:49:11.0285 0x0f28  VGPU - ok
13:49:11.0292 0x0f28  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:49:11.0307 0x0f28  vhdmp - ok
13:49:11.0310 0x0f28  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:49:11.0319 0x0f28  viaide - ok
13:49:11.0325 0x0f28  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:49:11.0341 0x0f28  vmbus - ok
13:49:11.0344 0x0f28  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:49:11.0354 0x0f28  VMBusHID - ok
13:49:11.0357 0x0f28  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:49:11.0368 0x0f28  volmgr - ok
13:49:11.0377 0x0f28  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:49:11.0395 0x0f28  volmgrx - ok
13:49:11.0404 0x0f28  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:49:11.0421 0x0f28  volsnap - ok
13:49:11.0426 0x0f28  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:49:11.0439 0x0f28  vsmraid - ok
13:49:11.0471 0x0f28  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:49:11.0537 0x0f28  VSS - ok
13:49:11.0540 0x0f28  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:49:11.0553 0x0f28  vwifibus - ok
13:49:11.0563 0x0f28  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:49:11.0600 0x0f28  W32Time - ok
13:49:11.0603 0x0f28  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:49:11.0614 0x0f28  WacomPen - ok
13:49:11.0618 0x0f28  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:49:11.0645 0x0f28  WANARP - ok
13:49:11.0648 0x0f28  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:49:11.0670 0x0f28  Wanarpv6 - ok
13:49:11.0701 0x0f28  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:49:11.0750 0x0f28  wbengine - ok
13:49:11.0757 0x0f28  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:49:11.0778 0x0f28  WbioSrvc - ok
13:49:11.0788 0x0f28  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:49:11.0814 0x0f28  wcncsvc - ok
13:49:11.0817 0x0f28  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:49:11.0832 0x0f28  WcsPlugInService - ok
13:49:11.0834 0x0f28  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:49:11.0844 0x0f28  Wd - ok
13:49:11.0862 0x0f28  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:49:11.0892 0x0f28  Wdf01000 - ok
13:49:11.0897 0x0f28  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:49:11.0924 0x0f28  WdiServiceHost - ok
13:49:11.0927 0x0f28  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:49:11.0940 0x0f28  WdiSystemHost - ok
13:49:11.0948 0x0f28  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:49:11.0967 0x0f28  WebClient - ok
13:49:11.0974 0x0f28  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:49:12.0009 0x0f28  Wecsvc - ok
13:49:12.0013 0x0f28  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:49:12.0037 0x0f28  wercplsupport - ok
13:49:12.0041 0x0f28  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:49:12.0070 0x0f28  WerSvc - ok
13:49:12.0073 0x0f28  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:49:12.0097 0x0f28  WfpLwf - ok
13:49:12.0100 0x0f28  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:49:12.0109 0x0f28  WIMMount - ok
13:49:12.0111 0x0f28  WinDefend - ok
13:49:12.0114 0x0f28  WinHttpAutoProxySvc - ok
13:49:12.0123 0x0f28  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:49:12.0156 0x0f28  Winmgmt - ok
13:49:12.0195 0x0f28  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:49:12.0273 0x0f28  WinRM - ok
13:49:12.0279 0x0f28  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:49:12.0293 0x0f28  WinUsb - ok
13:49:12.0313 0x0f28  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:49:12.0352 0x0f28  Wlansvc - ok
13:49:12.0400 0x0f28  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:49:12.0460 0x0f28  wlidsvc - ok
13:49:12.0464 0x0f28  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:49:12.0475 0x0f28  WmiAcpi - ok
13:49:12.0482 0x0f28  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:49:12.0499 0x0f28  wmiApSrv - ok
13:49:12.0501 0x0f28  WMPNetworkSvc - ok
13:49:12.0504 0x0f28  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:49:12.0517 0x0f28  WPCSvc - ok
13:49:12.0521 0x0f28  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:49:12.0540 0x0f28  WPDBusEnum - ok
13:49:12.0543 0x0f28  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:49:12.0568 0x0f28  ws2ifsl - ok
13:49:12.0573 0x0f28  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:49:12.0590 0x0f28  wscsvc - ok
13:49:12.0592 0x0f28  WSearch - ok
13:49:12.0642 0x0f28  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:49:12.0700 0x0f28  wuauserv - ok
13:49:12.0706 0x0f28  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:49:12.0719 0x0f28  WudfPf - ok
13:49:12.0726 0x0f28  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:49:12.0742 0x0f28  WUDFRd - ok
13:49:12.0746 0x0f28  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:49:12.0760 0x0f28  wudfsvc - ok
13:49:12.0767 0x0f28  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:49:12.0787 0x0f28  WwanSvc - ok
13:49:12.0797 0x0f28  X6va011 - ok
13:49:12.0800 0x0f28  X6va015 - ok
13:49:12.0802 0x0f28  X6va017 - ok
13:49:12.0808 0x0f28  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
13:49:12.0819 0x0f28  xusb21 - ok
13:49:12.0821 0x0f28  ================ Scan global ===============================
13:49:12.0824 0x0f28  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:49:12.0835 0x0f28  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:49:12.0850 0x0f28  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:49:12.0856 0x0f28  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:49:12.0868 0x0f28  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:49:12.0874 0x0f28  [ Global ] - ok
13:49:12.0875 0x0f28  ================ Scan MBR ==================================
13:49:12.0876 0x0f28  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:49:12.0928 0x0f28  \Device\Harddisk0\DR0 - ok
13:49:12.0930 0x0f28  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:49:13.0006 0x0f28  \Device\Harddisk1\DR1 - ok
13:49:13.0006 0x0f28  ================ Scan VBR ==================================
13:49:13.0008 0x0f28  [ 2EC8C907999C277A242723803DFF8E4A ] \Device\Harddisk0\DR0\Partition1
13:49:13.0009 0x0f28  \Device\Harddisk0\DR0\Partition1 - ok
13:49:13.0011 0x0f28  [ 4CA81E7DEF645E33A2CFC1CF27CCB3C0 ] \Device\Harddisk0\DR0\Partition2
13:49:13.0012 0x0f28  \Device\Harddisk0\DR0\Partition2 - ok
13:49:13.0013 0x0f28  [ 1587AF081CE67EB5FD0BB3076648F461 ] \Device\Harddisk1\DR1\Partition1
13:49:13.0060 0x0f28  \Device\Harddisk1\DR1\Partition1 - ok
13:49:13.0060 0x0f28  ================ Scan generic autorun ======================
13:49:13.0080 0x0f28  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
13:49:13.0102 0x0f28  XboxStat - ok
13:49:13.0103 0x0f28  Nvtmru - ok
13:49:13.0152 0x0f28  [ 51F760F54E2CBDE649B342DA35B713D2, EDE61A7F2D5C015404264521FD0578B18B079844B5BEC093D421E44BD87AB28E ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
13:49:13.0206 0x0f28  NvBackend - ok
13:49:13.0211 0x0f28  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
13:49:13.0220 0x0f28  ShadowPlay - ok
13:49:13.0449 0x0f28  [ 834A309C2FDF52FC09353F348CFE1235, FF8D5B0C4D8DEF3B313E11B01D6A2A29758E8721EF2EC0AAC2DB3C9AAF399276 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:49:13.0668 0x0f28  RtHDVCpl - ok
13:49:13.0678 0x0f28  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
13:49:13.0685 0x0f28  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
13:49:23.0747 0x0f28  IAStorIcon ( UnsignedFile.Multi.Generic ) - warning
13:49:43.0435 0x0f28  [ AC6F2EC671CA3CB162901BE770FA31A9, 33E5FB8462ED0E1A68816A581627E62164BDFBCD0119EFD3D613DB420D54058D ] C:\Program Files\Logitech Gaming Software\LCore.exe
13:49:43.0668 0x0f28  Launch LCore - ok
13:49:43.0689 0x0f28  [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:49:43.0704 0x0f28  AdobeAAMUpdater-1.0 - ok
13:49:43.0756 0x0f28  [ D0C890130CF0BF7CBF82DF739FA5435F, 180096C0718975C089D03A59E0AB0F48889553724E8691A7DEB2D9E97033DA5A ] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
13:49:43.0831 0x0f28  RPMKickstart - detected UnsignedFile.Multi.Generic ( 1 )
13:49:49.0287 0x0f28  Detect skipped due to KSN trusted
13:49:49.0287 0x0f28  RPMKickstart - ok
13:49:49.0292 0x0f28  [ D2AEADFD998706B4216315B2BD3FA79E, D45634355B7733F9B6754A6FB80B7EC20C0D584A08E2F710DF612B393D96A8F9 ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
13:49:49.0300 0x0f28  ISUSScheduler - detected UnsignedFile.Multi.Generic ( 1 )
13:49:54.0749 0x0f28  Detect skipped due to KSN trusted
13:49:54.0749 0x0f28  ISUSScheduler - ok
13:49:54.0780 0x0f28  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
13:49:54.0806 0x0f28  avgnt - ok
13:49:54.0810 0x0f28  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:49:54.0820 0x0f28  APSDaemon - ok
13:49:54.0833 0x0f28  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:49:54.0848 0x0f28  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:49:54.0848 0x0f28  Detect skipped due to KSN trusted
13:49:54.0848 0x0f28  SwitchBoard - ok
13:49:54.0871 0x0f28  [ 3EE19173AC7BB16AD239B195D97C13B0, A9E5FC90F20DC7500A186C9D184ED55BC04038FFC6D97714E64C660EAE808A98 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
13:49:54.0907 0x0f28  AdobeCS6ServiceManager - ok
13:49:54.0915 0x0f28  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:49:54.0924 0x0f28  SunJavaUpdateSched - ok
13:49:54.0929 0x0f28  [ 3B5045DDD039FAB9782851BC486FD92B, 12C59F9E79EB37F26FE0805585EA6B0DAFB41FB8A4FAE972774BC8E3815A1673 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:49:54.0936 0x0f28  iTunesHelper - ok
13:49:54.0942 0x0f28  [ 51DAD159BD771681B67593B9B8289A45, 40A7277819C2D7BCA10D22DC2F443F986DF04E777D3A4A0C89CC0991B020607C ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
13:49:54.0949 0x0f28  Avira Systray - ok
13:49:54.0973 0x0f28  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:49:55.0028 0x0f28  Sidebar - ok
13:49:55.0032 0x0f28  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:49:55.0048 0x0f28  mctadmin - ok
13:49:55.0072 0x0f28  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:49:55.0102 0x0f28  Sidebar - ok
13:49:55.0106 0x0f28  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:49:55.0118 0x0f28  mctadmin - ok
13:49:55.0124 0x0f28  [ A379B75A6FFE4DFD3184F35F0141CE91, C777B01B4361456D4D829E96723C85CCDC2E3647C4CF25894AC83100552E36AB ] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
13:49:55.0141 0x0f28  ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
13:50:00.0584 0x0f28  Detect skipped due to KSN trusted
13:50:00.0584 0x0f28  ISUSPM Startup - ok
13:50:00.0635 0x0f28  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
13:50:00.0691 0x0f28  Sidebar - ok
13:50:00.0693 0x0f28  Waiting for KSN requests completion. In queue: 11
13:50:01.0693 0x0f28  Waiting for KSN requests completion. In queue: 11
13:50:02.0693 0x0f28  Waiting for KSN requests completion. In queue: 11
13:50:03.0693 0x0f28  Waiting for KSN requests completion. In queue: 1
13:50:04.0693 0x0f28  Waiting for KSN requests completion. In queue: 1
13:50:05.0693 0x0f28  Waiting for KSN requests completion. In queue: 1
13:50:06.0719 0x0f28  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x41000 ( enabled : updated )
13:50:06.0730 0x0f28  Win FW state via NFP2: enabled
13:50:12.0188 0x0f28  ============================================================
13:50:12.0188 0x0f28  Scan finished
13:50:12.0188 0x0f28  ============================================================
13:50:12.0195 0x16d0  Detected object count: 1
13:50:12.0195 0x16d0  Actual detected object count: 1
13:50:22.0279 0x16d0  IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:22.0279 0x16d0  IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Grüße


Geändert von MuF (05.09.2014 um 13:53 Uhr)

Alt 06.09.2014, 12:18   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Virus(bitcoinminer) durch svhost.exe

Alt 06.09.2014, 14:12   #7
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



So, Combofix wurde ausgeführt, der hat jedoch rumgemeckert, dass Avira noch offen war(ich hatte davor den Echtzeit Scanner ausgemacht, dachte das reicht)habe dann aber den Avira prozess mit dem Tskmgr ausgeschaltet und Combofix durchlaufen lassen.

Hier der Log:
Code:
ATTFilter
ComboFix 14-09-05.01 - MuF 06.09.2014  14:00:53.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.12271.8779 [GMT 2:00]
ausgeführt von:: c:\users\MuF\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MuF\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\7Loader.TAG
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-06 bis 2014-09-06  ))))))))))))))))))))))))))))))
.
.
2014-09-06 12:04 . 2014-09-06 12:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-04 19:07 . 2014-09-04 19:08	--------	d-----w-	C:\FRST
2014-09-04 17:49 . 2014-09-05 10:57	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 17:48 . 2014-09-04 17:48	--------	d-----w-	c:\programdata\Malwarebytes
2014-09-04 17:48 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-04 17:48 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 17:48 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-03 18:50 . 2014-09-03 18:50	--------	d-----w-	c:\program files (x86)\WinPcap
2014-09-03 18:50 . 2014-09-03 18:50	--------	d-----w-	c:\users\MuF\AppData\Roaming\Wireshark
2014-09-03 18:47 . 2014-09-06 12:04	--------	d-----w-	c:\users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-03 18:46 . 2014-09-03 18:46	--------	d-----w-	c:\program files\NetSpeedMonitor
2014-09-02 12:25 . 2014-08-21 03:43	11319192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{577A2BC4-C137-44D2-A4B5-AFA218929D0C}\mpengine.dll
2014-08-28 08:47 . 2014-08-28 11:53	--------	d-----w-	c:\users\MuF\AppData\Local\TeknoGods
2014-08-27 21:02 . 2014-08-27 21:02	--------	d-----w-	c:\users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 18:36 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-27 18:36 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-27 18:36 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-24 15:34 . 2014-08-24 15:34	--------	d-----w-	c:\program files (x86)\HDClone 5.0 Free Edition
2014-08-21 18:25 . 2014-03-16 12:22	2698088	----a-w-	c:\windows\SysWow64\pbsvc_pg.exe
2014-08-20 11:07 . 2014-08-20 11:08	--------	d-----w-	C:\CrystalDiskInfoPortable
2014-08-19 22:52 . 2014-08-19 22:52	--------	d-----w-	c:\users\MuF\AppData\Local\Microsoft Research
2014-08-18 22:03 . 2014-08-18 22:03	--------	d-----w-	c:\program files\iPod
2014-08-18 22:03 . 2014-08-18 22:03	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-18 22:03 . 2014-08-18 22:03	--------	d-----w-	c:\program files\iTunes
2014-08-18 22:03 . 2014-08-18 22:03	--------	d-----w-	c:\program files (x86)\iTunes
2014-08-14 00:00 . 2014-09-06 11:57	--------	d-----w-	c:\users\MuF\AppData\Local\Adobe
2014-08-13 22:44 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-13 22:44 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-13 22:44 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-13 22:44 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-13 22:44 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-13 22:44 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-13 22:44 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 22:44 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-13 22:40 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-08-13 22:40 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-08-13 22:40 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-08-13 22:40 . 2014-07-09 02:03	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-08-13 22:40 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-08-13 22:40 . 2014-07-09 01:31	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 22:40 . 2014-07-09 01:31	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 22:38 . 2014-08-07 02:06	529920	----a-w-	c:\windows\system32\aepdu.dll
2014-08-13 22:38 . 2014-08-07 02:01	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-08-13 22:38 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-13 22:38 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-08-10 19:44 . 2014-08-10 19:44	--------	d-----w-	c:\users\MuF\AppData\Roaming\Crytek
2014-08-10 14:45 . 2009-03-18 16:35	33856	---ha-w-	c:\windows\system32\hamachi.sys
2014-08-07 14:20 . 2014-08-07 14:20	--------	d-----w-	c:\users\MuF\.android
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-06 12:05 . 2013-06-22 15:35	25640	----a-w-	c:\windows\gdrv.sys
2014-09-03 19:24 . 2013-06-25 16:35	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-09-03 19:24 . 2013-06-25 16:35	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-08-24 15:42 . 2014-06-07 14:29	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-08-23 10:05 . 2009-08-18 09:24	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-22 20:42 . 2013-08-23 09:38	291096	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-08-21 20:15 . 2013-06-25 16:35	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-08-13 22:47 . 2013-06-22 19:04	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-08-13 22:05 . 2014-02-06 12:34	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-13 22:05 . 2014-02-06 12:34	699568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-09 00:22 . 2014-06-02 14:00	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-08-09 00:22 . 2014-05-16 14:52	1126480	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-08-09 00:22 . 2014-06-02 14:00	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-08-09 00:22 . 2014-05-16 14:52	1283136	----a-w-	c:\windows\system32\nvspcap64.dll
2014-08-07 14:08 . 2014-06-28 12:12	76152	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-08-06 17:42 . 2014-07-21 19:44	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 07:20 . 2013-06-22 15:43	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-07-25 14:18 . 2013-06-22 15:46	30528	----a-w-	c:\windows\GVTDrv64.sys
2014-07-18 16:19 . 2014-01-11 12:18	25640	----a-w-	c:\windows\etdrv.sys
2014-07-10 12:44 . 2013-06-23 07:37	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-08 20:50 . 2014-02-21 17:50	5659136	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-02 20:48 . 2014-07-29 15:46	944928	----a-w-	c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-07-29 15:46	907096	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-07-29 15:46	869152	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-07-29 15:46	846832	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-07-29 15:46	4247000	----a-w-	c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-07-29 15:46	418760	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2014-07-02 20:48 . 2014-07-29 15:46	3989960	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-07-29 15:46	391640	----a-w-	c:\windows\system32\NvIFROpenGL.dll
2014-07-02 20:48 . 2014-07-29 15:46	354016	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-07-02 20:48 . 2014-07-29 15:46	348120	----a-w-	c:\windows\SysWow64\NvIFROpenGL.dll
2014-07-02 20:48 . 2014-07-29 15:46	31512520	----a-w-	c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-07-29 15:46	305600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-07-02 20:48 . 2014-07-29 15:46	24196896	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-07-29 15:46	22994208	----a-w-	c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-07-29 15:46	1890080	----a-w-	c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-07-29 15:46	16122344	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-07-29 15:46	1539928	----a-w-	c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-07-29 15:46	15294296	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-07-29 15:46	13922752	----a-w-	c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-07-29 15:46	13835208	----a-w-	c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-07-29 15:46	12866008	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-07-29 15:46	11283344	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-07-29 15:46	11222048	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2014-05-27 13:45	903624	----a-w-	c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-05-27 13:45	502232	----a-w-	c:\windows\system32\nvEncodeAPI64.dll
2014-07-02 20:48 . 2014-05-27 13:45	17555104	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-05-16 14:47	965312	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-05-16 14:47	3196816	----a-w-	c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-05-16 14:47	2814656	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-05-16 14:47	18626304	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-05-16 14:47	166568	----a-w-	c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2014-05-16 14:47	146480	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2014-05-16 14:47	14498552	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2014-05-16 14:48	6783776	----a-w-	c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-05-16 14:48	3522392	----a-w-	c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-05-16 14:48	935368	----a-w-	c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-05-16 14:48	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-05-16 14:48	386520	----a-w-	c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-05-16 14:48	2559960	----a-w-	c:\windows\system32\nvsvcr.dll
2014-07-02 17:44 . 2014-07-29 15:47	609240	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2014-05-16 14:48	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-06-28 13:29 . 2013-08-21 13:29	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2014-06-28 13:29 . 2013-08-21 13:29	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2014-06-27 19:33 . 2013-08-21 13:29	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2014-06-27 19:33 . 2013-08-21 13:29	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2014-06-24 12:30 . 2013-06-22 15:52	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-06-18 02:18 . 2014-07-09 13:05	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 13:05	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-13 02:59 . 2014-06-21 13:43	1542088	----a-w-	c:\windows\system32\nvdispgenco6434043.dll
2014-06-13 02:59 . 2014-06-21 13:43	1890264	----a-w-	c:\windows\system32\nvdispco6434043.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-05 751184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584]
.
c:\users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\windows\system32\schtasks.exe  /run /tn SamsungMagician [2013-6-22 285696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech B525 HD Webcam(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;d:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;d:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys;c:\windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 22:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-12-13 11:20	3359600	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-12-13 11:20	3359600	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-12-13 11:20	3359600	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-04-15 10396440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - d:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf4/de/
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-HDLD GUI - d:\program files (x86)\LordBoGaMis HDL_Dump GUI 2\uninst.exe
AddRemove-pcsx2-r5875 - d:\program files (x86)\PCSX2 1.2.1\Uninst-pcsx2-r5875.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_pg.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va017]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2355214367-3536077307-1448681871-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ad,1b,ec,f1,99,6f,20,33,78,06,c2,36,e5,f0,ae,e3,79,37,05,22,01,8e,0c,
   25,21,21,db,63,65,2c,da,64,44,67,f4,6b,e8,c8,c4,a2,48,a3,6d,98,38,34,9e,a5,\
"??"=hex:69,74,cf,be,a0,db,b6,f1,87,e4,a3,4e,46,64,2b,e2
.
[HKEY_USERS\S-1-5-21-2355214367-3536077307-1448681871-1000\Software\SecuROM\License information*]
"datasecu"=hex:ac,67,82,a3,b9,1e,75,82,b9,53,d9,4a,4f,20,1f,4c,b4,48,a6,d7,9e,
   43,eb,7b,e4,9a,d2,4f,43,33,e0,d2,91,62,93,4d,7b,36,87,a6,fd,f2,59,b0,88,7a,\
"rkeysecu"=hex:fb,97,6e,16,09,1a,18,be,59,8d,d1,98,00,43,f5,9e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-RN7E-TTFT-R99X-3F35-WJJP-B34TY3D"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-06  14:07:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-06 12:07
.
Vor Suchlauf: 16 Verzeichnis(se), 42.708.078.592 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 42.465.611.776 Bytes frei
.
- - End Of File - - 906F9524993B506DEE2DEECFB447549E
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 06.09.2014, 22:14   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2014, 01:38   #9
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



mbam.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.09.2014
Suchlauf-Zeit: 01:21:11
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.06.08
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: MuF

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348357
Verstrichene Zeit: 6 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 07/09/2014 um 01:30:20
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : MuF - MUF-PC
# Gestartet von : C:\Users\MuF\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\~0
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\MuF\AppData\Local\PackageAware
Datei Gelöscht : C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\foxydeal.sqlite

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0 (x86 de)

[ Datei : C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1509 octets] - [07/09/2014 01:29:50]
AdwCleaner[S0].txt - [1394 octets] - [07/09/2014 01:30:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1454 octets] ##########
         
jrt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by MuF on 07.09.2014 at  1:32:58,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\MuF\AppData\Roaming\mozilla\firefox\profiles\ziyyqbu3.default\minidumps [44 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.09.2014 at  1:36:48,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by MuF (administrator) on MUF-PC on 07-09-2014 01:37:35
Running from C:\Users\MuF\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Foxit Corporation) D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4751E2C1846FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default
FF Homepage: hxxp://battlelog.battlefield.com/bf4/de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*'))%20%7B%20return%20'PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\battlefieldplay4free@ea.com [2014-08-07]
FF Extension: HTTPS-Everywhere - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\https-everywhere@eff.org [2014-08-23]
FF Extension: Better Battlelog (BBLog) - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2014-09-04]
FF Extension: WOT - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: MEGA - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\firefox@mega.co.nz.xpi [2014-08-22]
FF Extension: YouTube Center - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-05]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-22]
FF Extension: NoScript - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-22]
FF Extension: Adblock Edge - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-07-26]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] () [File not signed]
R2 FoxitCloudUpdateService; D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-21] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-25] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 01:36 - 2014-09-07 01:36 - 00000872 _____ () C:\Users\MuF\Desktop\JRT.txt
2014-09-07 01:32 - 2014-09-07 01:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 01:29 - 2014-09-07 01:30 - 00000000 ____D () C:\AdwCleaner
2014-09-07 01:19 - 2014-09-07 01:19 - 01370483 _____ () C:\Users\MuF\Desktop\adwcleaner_3.309.exe
2014-09-07 01:19 - 2014-09-07 01:19 - 01016261 _____ (Thisisu) C:\Users\MuF\Desktop\JRT.exe
2014-09-06 14:07 - 2014-09-06 14:07 - 00027016 _____ () C:\Users\MuF\Desktop\ComboFix.txt
2014-09-06 14:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-06 14:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-06 14:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-06 13:59 - 2014-09-06 14:07 - 00000000 ____D () C:\Qoobox
2014-09-06 13:59 - 2014-09-06 14:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 13:58 - 2014-09-06 13:58 - 05576440 ____R (Swearware) C:\Users\MuF\Desktop\ComboFix.exe
2014-09-05 13:47 - 2014-09-05 13:47 - 00000000 ____D () C:\Users\MuF\Desktop\tdsskiller
2014-09-04 21:08 - 2014-09-07 01:37 - 00022380 _____ () C:\Users\MuF\Desktop\FRST.txt
2014-09-04 21:08 - 2014-09-04 21:08 - 00047509 _____ () C:\Users\MuF\Desktop\Addition.txt
2014-09-04 21:07 - 2014-09-07 01:37 - 00000000 ____D () C:\FRST
2014-09-04 21:07 - 2014-09-04 21:07 - 02104832 _____ (Farbar) C:\Users\MuF\Desktop\FRST64.exe
2014-09-04 20:00 - 2014-09-07 01:28 - 00001156 _____ () C:\Users\MuF\Desktop\mbam.txt
2014-09-04 19:49 - 2014-09-07 01:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:48 - 2014-09-04 19:48 - 00000837 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Wireshark
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-03 20:49 - 2014-09-03 20:50 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-03 20:48 - 2014-09-03 20:50 - 00000830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-03 20:47 - 2014-09-07 01:37 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-03 20:46 - 2014-09-03 20:46 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-09-03 07:05 - 2014-09-03 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-09-03 05:02 - 2014-09-03 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-09-02 21:00 - 2014-09-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 10:47 - 2014-08-28 13:53 - 00000000 ____D () C:\Users\MuF\AppData\Local\TeknoGods
2014-08-27 23:02 - 2014-08-27 23:02 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 20:36 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:36 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:36 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 17:34 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files (x86)\HDClone 5.0 Free Edition
2014-08-21 20:25 - 2014-03-16 14:22 - 02698088 _____ () C:\Windows\SysWOW64\pbsvc_pg.exe
2014-08-20 13:07 - 2014-08-20 13:08 - 00000000 ____D () C:\CrystalDiskInfoPortable
2014-08-20 00:52 - 2014-08-20 00:52 - 00000000 ____D () C:\Users\MuF\AppData\Local\Microsoft Research
2014-08-19 21:45 - 2014-08-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 13:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 13:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 13:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 13:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 13:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 13:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 13:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 13:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 13:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 00:03 - 2014-08-19 00:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-15 16:21 - 2014-08-15 16:21 - 02441216 _____ () C:\Windows\SysWOW64\WinHIIP.WDS
2014-08-15 16:19 - 2014-08-15 16:21 - 00000321 _____ () C:\Windows\SysWOW64\WinHIIP 1.7.6.log
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-14 02:00 - 2014-09-06 14:16 - 00000000 ____D () C:\Users\MuF\AppData\Local\Adobe
2014-08-14 00:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 00:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 00:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 00:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 00:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 00:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 00:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 00:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 00:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 00:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 00:39 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 00:39 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 00:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 00:39 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 00:39 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 00:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 00:39 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 00:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 00:39 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 00:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 00:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 00:39 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 00:39 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 00:39 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 00:39 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 00:39 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 00:39 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 00:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 00:39 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 00:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 00:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 00:39 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 00:39 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 00:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 00:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 00:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 00:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 00:39 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 00:39 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 00:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 00:39 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 00:39 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 00:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 00:39 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 00:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 00:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 00:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 00:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 00:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 00:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 00:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 00:39 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 00:39 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 00:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 00:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 00:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 00:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 00:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 00:39 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 00:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 00:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 00:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 00:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 00:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 00:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 00:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 00:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 00:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 00:39 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 00:38 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 00:38 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 00:38 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 00:38 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 21:44 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Crytek
2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-10 16:45 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 01:37 - 2014-09-04 21:08 - 00022380 _____ () C:\Users\MuF\Desktop\FRST.txt
2014-09-07 01:37 - 2014-09-04 21:07 - 00000000 ____D () C:\FRST
2014-09-07 01:37 - 2014-09-03 20:47 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-07 01:37 - 2009-08-25 20:32 - 00656692 _____ () C:\Windows\system32\perfh01D.dat
2014-09-07 01:37 - 2009-08-25 20:32 - 00143008 _____ () C:\Windows\system32\perfc01D.dat
2014-09-07 01:37 - 2009-08-25 19:41 - 00717572 _____ () C:\Windows\system32\perfh019.dat
2014-09-07 01:37 - 2009-08-25 19:41 - 00151376 _____ () C:\Windows\system32\perfc019.dat
2014-09-07 01:37 - 2009-08-25 19:33 - 00736470 _____ () C:\Windows\system32\perfh013.dat
2014-09-07 01:37 - 2009-08-25 19:33 - 00153636 _____ () C:\Windows\system32\perfc013.dat
2014-09-07 01:37 - 2009-08-25 19:25 - 00487486 _____ () C:\Windows\system32\perfh014.dat
2014-09-07 01:37 - 2009-08-25 19:25 - 00095938 _____ () C:\Windows\system32\perfc014.dat
2014-09-07 01:37 - 2009-08-25 19:18 - 00733018 _____ () C:\Windows\system32\perfh010.dat
2014-09-07 01:37 - 2009-08-25 19:18 - 00147380 _____ () C:\Windows\system32\perfc010.dat
2014-09-07 01:37 - 2009-08-25 19:09 - 00738688 _____ () C:\Windows\system32\perfh00C.dat
2014-09-07 01:37 - 2009-08-25 19:09 - 00150114 _____ () C:\Windows\system32\perfc00C.dat
2014-09-07 01:37 - 2009-08-25 19:01 - 00474466 _____ () C:\Windows\system32\perfh00B.dat
2014-09-07 01:37 - 2009-08-25 19:01 - 00102054 _____ () C:\Windows\system32\perfc00B.dat
2014-09-07 01:37 - 2009-08-25 18:54 - 00738428 _____ () C:\Windows\system32\perfh00A.dat
2014-09-07 01:37 - 2009-08-25 18:54 - 00159008 _____ () C:\Windows\system32\perfc00A.dat
2014-09-07 01:37 - 2009-08-25 18:46 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2014-09-07 01:37 - 2009-08-25 18:46 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2014-09-07 01:37 - 2009-08-25 18:38 - 00502386 _____ () C:\Windows\system32\perfh006.dat
2014-09-07 01:37 - 2009-08-25 18:38 - 00099192 _____ () C:\Windows\system32\perfc006.dat
2014-09-07 01:37 - 2009-07-14 07:13 - 08603980 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 01:36 - 2014-09-07 01:36 - 00000872 _____ () C:\Users\MuF\Desktop\JRT.txt
2014-09-07 01:36 - 2009-07-14 06:45 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 01:36 - 2009-07-14 06:45 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 01:32 - 2014-09-07 01:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 01:31 - 2014-04-29 16:41 - 00042336 _____ () C:\Windows\PFRO.log
2014-09-07 01:31 - 2014-04-13 22:45 - 00073407 _____ () C:\Windows\setupact.log
2014-09-07 01:31 - 2014-02-12 17:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 01:31 - 2013-06-22 17:35 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-07 01:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 01:30 - 2014-09-07 01:29 - 00000000 ____D () C:\AdwCleaner
2014-09-07 01:30 - 2013-06-22 17:24 - 01059961 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 01:28 - 2014-09-04 20:00 - 00001156 _____ () C:\Users\MuF\Desktop\mbam.txt
2014-09-07 01:20 - 2014-09-04 19:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 01:19 - 2014-09-07 01:19 - 01370483 _____ () C:\Users\MuF\Desktop\adwcleaner_3.309.exe
2014-09-07 01:19 - 2014-09-07 01:19 - 01016261 _____ (Thisisu) C:\Users\MuF\Desktop\JRT.exe
2014-09-06 14:50 - 2014-02-06 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 14:16 - 2014-08-14 02:00 - 00000000 ____D () C:\Users\MuF\AppData\Local\Adobe
2014-09-06 14:07 - 2014-09-06 14:07 - 00027016 _____ () C:\Users\MuF\Desktop\ComboFix.txt
2014-09-06 14:07 - 2014-09-06 13:59 - 00000000 ____D () C:\Qoobox
2014-09-06 14:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-06 14:06 - 2014-09-06 13:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 14:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-06 13:58 - 2014-09-06 13:58 - 05576440 ____R (Swearware) C:\Users\MuF\Desktop\ComboFix.exe
2014-09-05 13:47 - 2014-09-05 13:47 - 00000000 ____D () C:\Users\MuF\Desktop\tdsskiller
2014-09-04 21:08 - 2014-09-04 21:08 - 00047509 _____ () C:\Users\MuF\Desktop\Addition.txt
2014-09-04 21:07 - 2014-09-04 21:07 - 02104832 _____ (Farbar) C:\Users\MuF\Desktop\FRST64.exe
2014-09-04 19:48 - 2014-09-04 19:48 - 00000837 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 21:24 - 2013-06-25 18:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-03 21:24 - 2013-06-25 18:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-03 21:14 - 2013-10-30 17:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Wireshark
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-03 20:50 - 2014-09-03 20:49 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-03 20:50 - 2014-09-03 20:48 - 00000830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-03 20:46 - 2014-09-03 20:46 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-09-03 20:43 - 2013-12-25 05:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-03 20:43 - 2013-06-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 20:38 - 2014-05-11 16:06 - 00007601 _____ () C:\Users\MuF\AppData\Local\resmon.resmoncfg
2014-09-03 20:33 - 2013-09-14 21:34 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Skype
2014-09-03 19:28 - 2014-05-18 18:22 - 00000000 ___RD () C:\Users\MuF\Desktop\Spiele
2014-09-03 07:05 - 2014-09-03 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-09-03 05:02 - 2014-09-03 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-09-03 05:02 - 2014-04-25 19:46 - 00583534 _____ () C:\Windows\DirectX.log
2014-09-02 21:00 - 2014-09-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 00:48 - 2013-11-08 17:16 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\FileZilla
2014-08-31 03:42 - 2014-05-16 20:37 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\.minecraft
2014-08-31 00:39 - 2013-06-22 17:25 - 00000000 ____D () C:\Users\MuF
2014-08-30 20:20 - 2014-02-27 22:19 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\TS3Client
2014-08-30 16:02 - 2014-05-18 18:47 - 00000000 ___RD () C:\Users\MuF\Desktop\Communications
2014-08-28 16:46 - 2014-04-20 23:05 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Notepad++
2014-08-28 13:53 - 2014-08-28 10:47 - 00000000 ____D () C:\Users\MuF\AppData\Local\TeknoGods
2014-08-28 02:37 - 2013-11-08 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-27 23:02 - 2014-08-27 23:02 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 22:18 - 2009-07-14 06:45 - 05127864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 22:06 - 2013-09-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2014-08-24 21:18 - 2014-03-09 20:33 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\vlc
2014-08-24 17:42 - 2014-06-07 16:29 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-08-24 17:42 - 2014-06-07 16:29 - 00004656 _____ () C:\Windows\LkmdfCoInst.log
2014-08-24 17:34 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files (x86)\HDClone 5.0 Free Edition
2014-08-23 04:07 - 2014-08-27 20:36 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:36 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:36 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 22:42 - 2013-08-23 11:38 - 00291096 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-21 22:15 - 2013-06-25 18:35 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-21 21:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 13:08 - 2014-08-20 13:07 - 00000000 ____D () C:\CrystalDiskInfoPortable
2014-08-20 00:52 - 2014-08-20 00:52 - 00000000 ____D () C:\Users\MuF\AppData\Local\Microsoft Research
2014-08-19 21:45 - 2014-08-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 21:45 - 2014-08-05 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-19 21:45 - 2013-10-11 22:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 21:45 - 2013-06-22 17:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-19 00:03 - 2014-08-19 00:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 23:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-15 16:21 - 2014-08-15 16:21 - 02441216 _____ () C:\Windows\SysWOW64\WinHIIP.WDS
2014-08-15 16:21 - 2014-08-15 16:19 - 00000321 _____ () C:\Windows\SysWOW64\WinHIIP 1.7.6.log
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-14 03:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 00:52 - 2014-01-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 00:48 - 2013-08-14 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 00:47 - 2013-06-22 21:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 00:43 - 2014-04-29 16:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 00:05 - 2014-02-06 14:34 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 00:05 - 2014-02-06 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 00:05 - 2014-02-06 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-11 10:57 - 2013-12-23 16:27 - 00000000 ____D () C:\Users\MuF\AppData\Local\LogMeIn Hamachi
2014-08-11 10:55 - 2014-05-18 18:05 - 00000000 ___RD () C:\Users\MuF\Desktop\Bearbeitung
2014-08-10 21:44 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Crytek
2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-09 22:48 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 02:22 - 2014-06-02 16:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-09 02:22 - 2014-06-02 16:00 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-09 02:22 - 2014-05-16 16:52 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-08-09 02:22 - 2014-05-16 16:52 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-08-08 21:13 - 2014-08-07 21:12 - 00001114 _____ () C:\Users\MuF\Desktop\Konsole.lnk
2014-08-08 13:51 - 2013-06-27 16:50 - 00000000 ____D () C:\ProgramData\Adobe

Files to move or delete:
====================
C:\Users\MuF\1.dat


Some content of TEMP:
====================
C:\Users\MuF\AppData\Local\Temp\avgnt.exe
C:\Users\MuF\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 14:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---
Nochmal großes Lob an dich, dass du so vielen hier hilfst, ist ja nicht selbstverständlich

Geändert von MuF (07.09.2014 um 01:44 Uhr)

Alt 07.09.2014, 18:43   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2014, 23:21   #11
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Hi,
Also das Format Factory als Virus erkannt wird, macht mich schon etwas stutzig, da ich das Programm von Chip OHNE Chip-installer geladen habe. Naja Probleme...funktionieren tut ja alles, Es soll ja nur der Virus runter.

Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8595b6aaa6e56f4aa6062da5d80467db
# engine=20043
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-07 09:11:20
# local_time=2014-09-07 11:11:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 78438 38208066 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 77392 161754130 0 0
# scanned=709114
# found=1
# cleaned=0
# scan_time=7790
sh=9A579D06963998D2E015B69737AA1AA9D8A4F37B ft=1 fh=75557439e7bfbd68 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\Users\MuF\Downloads\FFSetup3.1.1.exe"
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.179  
 Mozilla Firefox (32.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by MuF (administrator) on MUF-PC on 07-09-2014 23:17:26
Running from C:\Users\MuF\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Foxit Corporation) D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2355214367-3536077307-1448681871-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4751E2C1846FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default
FF Homepage: hxxp://battlelog.battlefield.com/bf4/de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*'))%20%7B%20return%20'PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\battlefieldplay4free@ea.com [2014-08-07]
FF Extension: HTTPS-Everywhere - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\https-everywhere@eff.org [2014-08-23]
FF Extension: Better Battlelog (BBLog) - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2014-09-04]
FF Extension: WOT - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: MEGA - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\firefox@mega.co.nz.xpi [2014-08-22]
FF Extension: YouTube Center - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-05]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-22]
FF Extension: NoScript - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-22]
FF Extension: Adblock Edge - C:\Users\MuF\AppData\Roaming\Mozilla\Firefox\Profiles\ziyyqbu3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-07-26]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] () [File not signed]
R2 FoxitCloudUpdateService; D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-07] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-21] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-25] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 23:17 - 2014-09-07 23:17 - 00000000 ____D () C:\Users\MuF\Desktop\FRST-OlderVersion
2014-09-07 20:45 - 2014-09-07 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 20:43 - 2014-09-07 20:43 - 02347384 _____ (ESET) C:\Users\MuF\Desktop\esetsmartinstaller_deu.exe
2014-09-07 20:43 - 2014-09-07 20:43 - 00854417 _____ () C:\Users\MuF\Desktop\SecurityCheck.exe
2014-09-07 01:36 - 2014-09-07 01:36 - 00000872 _____ () C:\Users\MuF\Desktop\JRT.txt
2014-09-07 01:32 - 2014-09-07 01:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 01:29 - 2014-09-07 01:30 - 00000000 ____D () C:\AdwCleaner
2014-09-07 01:19 - 2014-09-07 01:19 - 01370483 _____ () C:\Users\MuF\Desktop\adwcleaner_3.309.exe
2014-09-07 01:19 - 2014-09-07 01:19 - 01016261 _____ (Thisisu) C:\Users\MuF\Desktop\JRT.exe
2014-09-06 14:07 - 2014-09-06 14:07 - 00027016 _____ () C:\Users\MuF\Desktop\ComboFix.txt
2014-09-06 14:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-06 14:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-06 14:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-06 14:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-06 13:59 - 2014-09-06 14:07 - 00000000 ____D () C:\Qoobox
2014-09-06 13:59 - 2014-09-06 14:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 13:58 - 2014-09-06 13:58 - 05576440 ____R (Swearware) C:\Users\MuF\Desktop\ComboFix.exe
2014-09-05 13:47 - 2014-09-05 13:47 - 00000000 ____D () C:\Users\MuF\Desktop\tdsskiller
2014-09-04 21:08 - 2014-09-07 23:17 - 00022601 _____ () C:\Users\MuF\Desktop\FRST.txt
2014-09-04 21:08 - 2014-09-04 21:08 - 00047509 _____ () C:\Users\MuF\Desktop\Addition.txt
2014-09-04 21:07 - 2014-09-07 23:17 - 02105344 _____ (Farbar) C:\Users\MuF\Desktop\FRST64.exe
2014-09-04 21:07 - 2014-09-07 23:17 - 00000000 ____D () C:\FRST
2014-09-04 20:00 - 2014-09-07 01:28 - 00001156 _____ () C:\Users\MuF\Desktop\mbam.txt
2014-09-04 19:49 - 2014-09-07 01:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:48 - 2014-09-04 19:48 - 00000837 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Wireshark
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-03 20:49 - 2014-09-03 20:50 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-03 20:48 - 2014-09-03 20:50 - 00000830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-03 20:47 - 2014-09-07 23:17 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-03 20:46 - 2014-09-03 20:46 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-09-03 07:05 - 2014-09-03 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-09-03 05:02 - 2014-09-03 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-09-02 21:00 - 2014-09-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 10:47 - 2014-08-28 13:53 - 00000000 ____D () C:\Users\MuF\AppData\Local\TeknoGods
2014-08-27 23:02 - 2014-08-27 23:02 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 20:36 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:36 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:36 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 17:34 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files (x86)\HDClone 5.0 Free Edition
2014-08-21 20:25 - 2014-03-16 14:22 - 02698088 _____ () C:\Windows\SysWOW64\pbsvc_pg.exe
2014-08-20 13:07 - 2014-08-20 13:08 - 00000000 ____D () C:\CrystalDiskInfoPortable
2014-08-20 00:52 - 2014-08-20 00:52 - 00000000 ____D () C:\Users\MuF\AppData\Local\Microsoft Research
2014-08-19 21:45 - 2014-08-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 13:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 13:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 13:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 13:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 13:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 13:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 13:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 13:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 13:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 13:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 00:03 - 2014-08-19 00:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-15 16:21 - 2014-08-15 16:21 - 02441216 _____ () C:\Windows\SysWOW64\WinHIIP.WDS
2014-08-15 16:19 - 2014-08-15 16:21 - 00000321 _____ () C:\Windows\SysWOW64\WinHIIP 1.7.6.log
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-14 02:00 - 2014-09-07 20:51 - 00000000 ____D () C:\Users\MuF\AppData\Local\Adobe
2014-08-14 00:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 00:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 00:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 00:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 00:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 00:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 00:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 00:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 00:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 00:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 00:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 00:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 00:39 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 00:39 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 00:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 00:39 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 00:39 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 00:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 00:39 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 00:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 00:39 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 00:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 00:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 00:39 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 00:39 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 00:39 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 00:39 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 00:39 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 00:39 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 00:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 00:39 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 00:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 00:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 00:39 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 00:39 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 00:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 00:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 00:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 00:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 00:39 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 00:39 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 00:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 00:39 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 00:39 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 00:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 00:39 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 00:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 00:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 00:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 00:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 00:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 00:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 00:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 00:39 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 00:39 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 00:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 00:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 00:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 00:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 00:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 00:39 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 00:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 00:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 00:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 00:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 00:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 00:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 00:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 00:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 00:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 00:39 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 00:38 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 00:38 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 00:38 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 00:38 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 21:44 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Crytek
2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-10 16:45 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 23:17 - 2014-09-07 23:17 - 00000000 ____D () C:\Users\MuF\Desktop\FRST-OlderVersion
2014-09-07 23:17 - 2014-09-04 21:08 - 00022601 _____ () C:\Users\MuF\Desktop\FRST.txt
2014-09-07 23:17 - 2014-09-04 21:07 - 02105344 _____ (Farbar) C:\Users\MuF\Desktop\FRST64.exe
2014-09-07 23:17 - 2014-09-04 21:07 - 00000000 ____D () C:\FRST
2014-09-07 23:17 - 2014-09-03 20:47 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\NetSpeedMonitor
2014-09-07 22:50 - 2014-02-06 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 22:38 - 2009-07-14 06:45 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 22:38 - 2009-07-14 06:45 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 22:34 - 2013-06-22 17:24 - 01086552 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 20:51 - 2014-08-14 02:00 - 00000000 ____D () C:\Users\MuF\AppData\Local\Adobe
2014-09-07 20:47 - 2009-08-25 20:32 - 00656692 _____ () C:\Windows\system32\perfh01D.dat
2014-09-07 20:47 - 2009-08-25 20:32 - 00143008 _____ () C:\Windows\system32\perfc01D.dat
2014-09-07 20:47 - 2009-08-25 19:41 - 00717572 _____ () C:\Windows\system32\perfh019.dat
2014-09-07 20:47 - 2009-08-25 19:41 - 00151376 _____ () C:\Windows\system32\perfc019.dat
2014-09-07 20:47 - 2009-08-25 19:33 - 00736470 _____ () C:\Windows\system32\perfh013.dat
2014-09-07 20:47 - 2009-08-25 19:33 - 00153636 _____ () C:\Windows\system32\perfc013.dat
2014-09-07 20:47 - 2009-08-25 19:25 - 00487486 _____ () C:\Windows\system32\perfh014.dat
2014-09-07 20:47 - 2009-08-25 19:25 - 00095938 _____ () C:\Windows\system32\perfc014.dat
2014-09-07 20:47 - 2009-08-25 19:18 - 00733018 _____ () C:\Windows\system32\perfh010.dat
2014-09-07 20:47 - 2009-08-25 19:18 - 00147380 _____ () C:\Windows\system32\perfc010.dat
2014-09-07 20:47 - 2009-08-25 19:09 - 00738688 _____ () C:\Windows\system32\perfh00C.dat
2014-09-07 20:47 - 2009-08-25 19:09 - 00150114 _____ () C:\Windows\system32\perfc00C.dat
2014-09-07 20:47 - 2009-08-25 19:01 - 00474466 _____ () C:\Windows\system32\perfh00B.dat
2014-09-07 20:47 - 2009-08-25 19:01 - 00102054 _____ () C:\Windows\system32\perfc00B.dat
2014-09-07 20:47 - 2009-08-25 18:54 - 00738428 _____ () C:\Windows\system32\perfh00A.dat
2014-09-07 20:47 - 2009-08-25 18:54 - 00159008 _____ () C:\Windows\system32\perfc00A.dat
2014-09-07 20:47 - 2009-08-25 18:46 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2014-09-07 20:47 - 2009-08-25 18:46 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2014-09-07 20:47 - 2009-08-25 18:38 - 00502386 _____ () C:\Windows\system32\perfh006.dat
2014-09-07 20:47 - 2009-08-25 18:38 - 00099192 _____ () C:\Windows\system32\perfc006.dat
2014-09-07 20:47 - 2009-07-14 07:13 - 08603980 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 20:45 - 2014-09-07 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 20:43 - 2014-09-07 20:43 - 02347384 _____ (ESET) C:\Users\MuF\Desktop\esetsmartinstaller_deu.exe
2014-09-07 20:43 - 2014-09-07 20:43 - 00854417 _____ () C:\Users\MuF\Desktop\SecurityCheck.exe
2014-09-07 20:41 - 2014-04-13 22:45 - 00073575 _____ () C:\Windows\setupact.log
2014-09-07 20:41 - 2014-02-12 17:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 20:41 - 2013-06-22 17:35 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-07 20:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 01:36 - 2014-09-07 01:36 - 00000872 _____ () C:\Users\MuF\Desktop\JRT.txt
2014-09-07 01:32 - 2014-09-07 01:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 01:31 - 2014-04-29 16:41 - 00042336 _____ () C:\Windows\PFRO.log
2014-09-07 01:30 - 2014-09-07 01:29 - 00000000 ____D () C:\AdwCleaner
2014-09-07 01:28 - 2014-09-04 20:00 - 00001156 _____ () C:\Users\MuF\Desktop\mbam.txt
2014-09-07 01:20 - 2014-09-04 19:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 01:19 - 2014-09-07 01:19 - 01370483 _____ () C:\Users\MuF\Desktop\adwcleaner_3.309.exe
2014-09-07 01:19 - 2014-09-07 01:19 - 01016261 _____ (Thisisu) C:\Users\MuF\Desktop\JRT.exe
2014-09-06 14:07 - 2014-09-06 14:07 - 00027016 _____ () C:\Users\MuF\Desktop\ComboFix.txt
2014-09-06 14:07 - 2014-09-06 13:59 - 00000000 ____D () C:\Qoobox
2014-09-06 14:07 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-06 14:06 - 2014-09-06 13:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 14:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-06 13:58 - 2014-09-06 13:58 - 05576440 ____R (Swearware) C:\Users\MuF\Desktop\ComboFix.exe
2014-09-05 13:47 - 2014-09-05 13:47 - 00000000 ____D () C:\Users\MuF\Desktop\tdsskiller
2014-09-04 21:08 - 2014-09-04 21:08 - 00047509 _____ () C:\Users\MuF\Desktop\Addition.txt
2014-09-04 19:48 - 2014-09-04 19:48 - 00000837 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-04 19:48 - 2014-09-04 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 21:24 - 2013-06-25 18:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-03 21:24 - 2013-06-25 18:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-03 21:14 - 2013-10-30 17:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Wireshark
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-03 20:50 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-03 20:50 - 2014-09-03 20:49 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-09-03 20:50 - 2014-09-03 20:48 - 00000830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-09-03 20:46 - 2014-09-03 20:46 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-09-03 20:43 - 2013-12-25 05:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-03 20:43 - 2013-06-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 20:38 - 2014-05-11 16:06 - 00007601 _____ () C:\Users\MuF\AppData\Local\resmon.resmoncfg
2014-09-03 20:33 - 2013-09-14 21:34 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Skype
2014-09-03 19:28 - 2014-05-18 18:22 - 00000000 ___RD () C:\Users\MuF\Desktop\Spiele
2014-09-03 07:05 - 2014-09-03 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2014-09-03 05:02 - 2014-09-03 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-09-03 05:02 - 2014-04-25 19:46 - 00583534 _____ () C:\Windows\DirectX.log
2014-09-02 21:00 - 2014-09-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 00:48 - 2013-11-08 17:16 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\FileZilla
2014-08-31 03:42 - 2014-05-16 20:37 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\.minecraft
2014-08-31 00:39 - 2013-06-22 17:25 - 00000000 ____D () C:\Users\MuF
2014-08-30 20:20 - 2014-02-27 22:19 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\TS3Client
2014-08-30 16:02 - 2014-05-18 18:47 - 00000000 ___RD () C:\Users\MuF\Desktop\Communications
2014-08-28 16:46 - 2014-04-20 23:05 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Notepad++
2014-08-28 13:53 - 2014-08-28 10:47 - 00000000 ____D () C:\Users\MuF\AppData\Local\TeknoGods
2014-08-28 02:37 - 2013-11-08 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-27 23:02 - 2014-08-27 23:02 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\MW3 FoV Changer
2014-08-27 22:18 - 2009-07-14 06:45 - 05127864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 22:06 - 2013-09-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2014-08-24 21:18 - 2014-03-09 20:33 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\vlc
2014-08-24 17:42 - 2014-06-07 16:29 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-08-24 17:42 - 2014-06-07 16:29 - 00004656 _____ () C:\Windows\LkmdfCoInst.log
2014-08-24 17:34 - 2014-08-24 17:34 - 00000000 ____D () C:\Program Files (x86)\HDClone 5.0 Free Edition
2014-08-23 04:07 - 2014-08-27 20:36 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:36 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:36 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 22:42 - 2013-08-23 11:38 - 00291096 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-21 22:15 - 2013-06-25 18:35 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-21 21:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 13:08 - 2014-08-20 13:07 - 00000000 ____D () C:\CrystalDiskInfoPortable
2014-08-20 00:52 - 2014-08-20 00:52 - 00000000 ____D () C:\Users\MuF\AppData\Local\Microsoft Research
2014-08-19 21:45 - 2014-08-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 21:45 - 2014-08-05 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-19 21:45 - 2013-10-11 22:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 21:45 - 2013-06-22 17:52 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-19 00:03 - 2014-08-19 00:03 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 00:03 - 2014-08-19 00:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-17 23:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-15 16:21 - 2014-08-15 16:21 - 02441216 _____ () C:\Windows\SysWOW64\WinHIIP.WDS
2014-08-15 16:21 - 2014-08-15 16:19 - 00000321 _____ () C:\Windows\SysWOW64\WinHIIP 1.7.6.log
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-15 16:14 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LordBoGaMi's HDL_Dump GUI 2
2014-08-14 03:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 00:52 - 2014-01-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 00:48 - 2013-08-14 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 00:47 - 2013-06-22 21:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 00:43 - 2014-04-29 16:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 00:05 - 2014-02-06 14:34 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 00:05 - 2014-02-06 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 00:05 - 2014-02-06 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-11 10:57 - 2013-12-23 16:27 - 00000000 ____D () C:\Users\MuF\AppData\Local\LogMeIn Hamachi
2014-08-11 10:55 - 2014-05-18 18:05 - 00000000 ___RD () C:\Users\MuF\Desktop\Bearbeitung
2014-08-10 21:44 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\MuF\AppData\Roaming\Crytek
2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-09 22:48 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 02:22 - 2014-06-02 16:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-09 02:22 - 2014-06-02 16:00 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-09 02:22 - 2014-05-16 16:52 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-08-09 02:22 - 2014-05-16 16:52 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-08-08 21:13 - 2014-08-07 21:12 - 00001114 _____ () C:\Users\MuF\Desktop\Konsole.lnk
2014-08-08 13:51 - 2013-06-27 16:50 - 00000000 ____D () C:\ProgramData\Adobe

Files to move or delete:
====================
C:\Users\MuF\1.dat


Some content of TEMP:
====================
C:\Users\MuF\AppData\Local\Temp\avgnt.exe
C:\Users\MuF\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 14:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
Ist das normal, dass FRST "C:\Users\MuF\1.dat" löscht, diese sich aber wiederherstellt?

Geändert von MuF (07.09.2014 um 23:28 Uhr)

Alt 08.09.2014, 20:00   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Die wird nit gelöscht, die wird nur gelistet dass man sich die näher anschauen soll. Bestehen noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2014, 20:33   #13
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Achso. Ne läuft alles
Sind wir mit der Bereinigung durch?
Schöne Grüße
MuF

Alt 09.09.2014, 19:40   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2014, 20:16   #15
MuF
 
Virus(bitcoinminer) durch svhost.exe - Standard

Virus(bitcoinminer) durch svhost.exe



Nice, ein gaaaanz fettes Danke an dich.
Eine Frage hätte ich noch:
Es heißt ja, dass man nur einen AV-Scanner benutzen sollte. In der Addition vom FRST steht aber, dass Avira und der Windows Defender aktiv sind.
Kann oder soll ich den Win Defender ausschalten?
Beste Grüße
MuF

Antwort

Themen zu Virus(bitcoinminer) durch svhost.exe
anti-malware, antivirus, appdata, backdoor.agent, coinminer, detected, entdeck, fehlercode 0x5, fehlercode 0xc0000005, hallo zusammen, malwarebytes, microsoft, pup.bitcoinminer, roaming, schutz, service, spr/autoit.gen, svhost.exe, virus, webseite, webseiten, win32/hao123.a, windows, windows 7, zusammen



Ähnliche Themen: Virus(bitcoinminer) durch svhost.exe


  1. hohe CPU-Auslastung durch svhost.exe(netsvcs)
    Plagegeister aller Art und deren Bekämpfung - 30.09.2015 (17)
  2. TR/BitCoinMiner.Gen Virus will nicht weggehen
    Log-Analyse und Auswertung - 27.09.2015 (9)
  3. HEUR/Modified.SystemFile; 'TR/BitCoinMiner.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.09.2015 (16)
  4. Svchost Bitcoinminer
    Log-Analyse und Auswertung - 28.04.2015 (11)
  5. TR/BitCoinMiner.fm
    Log-Analyse und Auswertung - 10.01.2015 (17)
  6. Habe ein TR/BitCoinMiner.Gen
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (9)
  7. Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner
    Plagegeister aller Art und deren Bekämpfung - 29.09.2014 (35)
  8. nach Befall durch BKA Virus Entfernung durch Fachhandel Jetzt startet Windows sicherheitsdienst nicht mehr
    Log-Analyse und Auswertung - 05.06.2014 (14)
  9. Avirafund TR/BitCoinMiner.18717
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (11)
  10. TR/BitCoinMiner.V
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (11)
  11. 98% Auslastung der GPU im Leerlauf, Malwarebytes erkennt svhost.exe BitCoinMiner
    Log-Analyse und Auswertung - 04.01.2014 (9)
  12. BitCoinMiner Adware entfernen
    Anleitungen, FAQs & Links - 27.10.2013 (2)
  13. Windows XP Update: 100% CPU durch svhost
    Log-Analyse und Auswertung - 14.09.2013 (5)
  14. svhost.exe ist es ein virus?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (41)
  15. svhost.exe Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (37)
  16. PC langsam durch svhost?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (6)
  17. SVHOST (nein nicht svChost!) svhost.exe nervt!
    Log-Analyse und Auswertung - 11.07.2010 (1)

Zum Thema Virus(bitcoinminer) durch svhost.exe - Hallo zusammen, habe gerade durch Zufall den Backdoor.Agent und 2 Mal PUP.BitCoinMiner mit Malwarebytes Anti-Malware entdeckt. Diese wurden laut mbam entfernt.(logfile in der Beschreibung) Bisher habe ich immer Avira Free - Virus(bitcoinminer) durch svhost.exe...
Archiv
Du betrachtest: Virus(bitcoinminer) durch svhost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.