Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unsichtbares Internetexplorerfenster

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2014, 16:03   #1
marmeladelow
 
Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



Hey,
seit kurzem öffnet sich im Hintergrund ein Iexplorerfenster im Hintergrund, das ich sehen kann wenn ich den Computer herunterfahre.
Anfangs hat dieses Fenster noch mit mir geredet und nur deshalb habe ich es überhaupt gemerkt.
Wäre toll wenn mir jemand helfen kann, ich fühle mich an dem Computer bei Onlinekäufen nicht mehr sicher und möchte diesen "virus?" nicht einfach so aussitzen .

Alt 09.09.2014, 16:05   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.09.2014, 16:10   #3
marmeladelow
 
Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 09-09-2014 16:07:24
Running from C:\Users\Sebastian\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-22] (Microsoft Corporation)
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\Run: [InetStat] => C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe [1325536 2014-07-15] ()
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\MountPoints2: {6b94cbc8-b051-11e3-bc2a-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000\...\MountPoints2: {7966b4e0-b11e-11e3-80e1-00256489b9d5} - K:\setup.exe
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [InetStat] => C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe [1325536 2014-07-15] ()
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6b94cbc8-b051-11e3-bc2a-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7966b4e0-b11e-11e3-80e1-00256489b9d5} - K:\setup.exe
HKU\S-1-5-21-2532947452-1858761559-3390100972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6b94cbc8-b051-11e3-bc2a-806e6f6e6963} - D:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3172B1316744CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {B3BDAE2A-737D-4D9A-92D9-B51ADC242E32} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\amazon-icon@giga.de [2014-04-20]
FF Extension: Securita Scout - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\isec@securitascout.com [2014-04-20]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\sparpilot@sparpilot.com [2014-04-20]
FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]

Chrome: 
=======
CHR HomePage: Default -> 4402EC7686F10B1BB287109286A83A92D5A671A7D06D18C0757BC78B5604FF9E
CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M7D8F0070-D06D-4D1F-941F-1F3057A97FD4&SearchSource=58&CUI=&UM=6&UP=SP1E911EA5-0E78-4787-8D27-584136421595&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Amazon-Icon) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Sebastian\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-21] (Disc Soft Ltd)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-09] (Malwarebytes Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 16:07 - 2014-09-09 16:07 - 00013361 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-09-09 16:07 - 2014-09-09 16:07 - 00000000 ____D () C:\FRST
2014-09-09 16:06 - 2014-09-09 16:06 - 02105344 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java
2014-09-08 15:08 - 2014-09-08 15:34 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft
2014-09-08 15:00 - 2014-09-08 15:49 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype
2014-09-08 14:47 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy
2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk
2014-09-07 11:04 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-07 11:04 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-07 11:04 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur
2014-08-23 18:59 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 18:59 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 18:59 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 18:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 18:59 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 18:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 18:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 18:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 18:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-16 17:59 - 2014-08-16 17:59 - 00013753 _____ () C:\Users\Sebastian\Downloads\EasyLoot-v2.2.6.1.zip
2014-08-16 17:30 - 2014-08-16 17:30 - 00032778 _____ () C:\Users\Sebastian\Downloads\SmartLoot.zip
2014-08-14 14:17 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 14:17 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 14:17 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 14:17 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 14:17 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 14:17 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 14:17 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 14:17 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 11:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 11:04 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 11:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 11:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 11:04 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 11:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 11:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 11:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 11:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 11:04 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 11:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 11:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 11:04 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 11:04 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 11:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 11:04 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 11:04 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 11:04 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 11:04 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 11:04 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 11:04 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 11:04 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 11:04 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 11:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 11:04 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 11:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 11:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 11:04 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 11:04 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 11:04 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 11:04 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 11:04 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 11:04 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 11:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 11:04 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 11:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 11:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 11:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 11:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 11:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 11:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 11:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 11:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 11:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 11:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 11:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 11:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 11:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 11:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 11:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 11:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 11:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 11:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 11:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 11:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 11:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 10:57 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 10:57 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 10:57 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 10:47 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 10:47 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 10:47 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 10:47 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 10:47 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 10:47 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 10:47 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 10:47 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 10:47 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 10:43 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 10:43 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 10:42 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 10:42 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 10:42 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 10:42 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 10:42 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 10:42 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 10:42 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 10:41 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 10:41 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 10:36 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 10:36 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 10:16 - 2014-09-09 15:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 10:16 - 2014-08-14 10:16 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 10:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 10:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 10:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 10:10 - 2014-08-14 10:10 - 01101648 _____ () C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 16:07 - 2014-09-09 16:07 - 00013361 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-09-09 16:07 - 2014-09-09 16:07 - 00000000 ____D () C:\FRST
2014-09-09 16:06 - 2014-09-09 16:06 - 02105344 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-09-09 15:54 - 2014-08-14 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 15:49 - 2014-03-20 21:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-09-09 15:42 - 2014-04-23 18:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 15:42 - 2014-03-20 20:15 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job
2014-09-09 15:31 - 2014-03-20 21:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-09 12:42 - 2014-03-20 19:07 - 01171040 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 12:05 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 12:05 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 12:04 - 2014-03-20 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 12:04 - 2014-03-20 20:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 12:04 - 2014-03-20 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 11:58 - 2014-06-07 16:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
2014-09-09 11:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 11:57 - 2009-07-14 06:51 - 00076178 _____ () C:\Windows\setupact.log
2014-09-09 00:41 - 2014-03-20 21:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-09-08 22:33 - 2014-07-30 21:12 - 00000000 ____D () C:\Users\Conni\AppData\Local\LogMeIn Hamachi
2014-09-08 22:10 - 2014-04-15 12:44 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-09-08 15:49 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype
2014-09-08 15:34 - 2014-09-08 15:08 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft
2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype
2014-09-08 14:56 - 2014-07-22 11:06 - 00000000 ____D () C:\Users\Conni\AppData\Local\Battle.net
2014-09-08 14:51 - 2014-09-08 14:47 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy
2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk
2014-09-08 12:39 - 2009-07-14 06:45 - 00315352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 11:42 - 2014-03-20 20:14 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-26 20:20 - 2014-07-19 20:09 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-25 18:56 - 2014-05-04 15:11 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-25 16:29 - 2014-07-22 20:45 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\TS3Client
2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur
2014-08-23 19:09 - 2014-03-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-23 04:07 - 2014-09-07 11:04 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-07 11:04 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-07 11:04 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 11:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 17:59 - 2014-08-16 17:59 - 00013753 _____ () C:\Users\Sebastian\Downloads\EasyLoot-v2.2.6.1.zip
2014-08-16 17:30 - 2014-08-16 17:30 - 00032778 _____ () C:\Users\Sebastian\Downloads\SmartLoot.zip
2014-08-15 17:56 - 2014-03-21 04:01 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-08-15 17:56 - 2014-03-21 04:01 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-08-15 17:56 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 10:12 - 2014-03-20 22:15 - 00186512 _____ () C:\Windows\PFRO.log
2014-08-14 16:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 14:27 - 2014-04-04 16:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 14:22 - 2014-04-04 16:21 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 14:17 - 2014-05-06 13:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 10:16 - 2014-08-14 10:16 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 10:16 - 2014-08-14 10:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-14 10:10 - 2014-08-14 10:10 - 01101648 _____ () C:\Users\Sebastian\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-08-11 17:47 - 2014-03-20 20:42 - 00000000 ____D () C:\Users\Sebastian\Desktop\Die HübscheBoy Saga

Some content of TEMP:
====================
C:\Users\Conni\AppData\Local\Temp\avgnt.exe
C:\Users\Conni\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sebastian\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Sebastian\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Sebastian\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe
C:\Users\Sebastian\AppData\Local\Temp\MW3HackzZ4PC.exe
C:\Users\Sebastian\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Sebastian\AppData\Local\Temp\sdapskill.exe
C:\Users\Sebastian\AppData\Local\Temp\sdaspwn.exe
C:\Users\Sebastian\AppData\Local\Temp\securitascout_3.exe
C:\Users\Sebastian\AppData\Local\Temp\setup_292.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 11:38

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Sebastian at 2014-09-09 16:07:58
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version:  - )
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fragen-Lern-CD 4.5 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB) (Version: 4.5.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.5 (x32 Version: 4.5.0 - Wendel-Verlag GmbH) Hidden
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.2.0.2042 - Infernum Productions AG)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
S4 League_EU (HKLM-x32\...\{B4D144E3-B498-4539-9E52-014E061D7A78}) (Version: 1.00.0000 - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532947452-1858761559-3390100972-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

23-08-2014 16:59:12 Windows Update
24-08-2014 22:05:40 Windows Update
07-09-2014 21:57:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4FEEE190-9705-4EC8-9B9C-37AF7CC9F31D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {942BE680-5702-4D5A-9182-79BAA42949FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {F8F81793-EF39-4FD1-9B16-03D83C7A9D08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-15 20:17 - 2014-07-15 20:17 - 01325536 _____ () C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe
2014-03-20 20:54 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-27 17:39 - 2014-08-07 10:27 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2014 11:15:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ts3client_win64.exe, Version 3.0.14.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 984

Startzeit: 01cfcae0a59eecd0

Endzeit: 40

Anwendungspfad: C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

Berichts-ID: 1e5e28a9-36d4-11e4-9fc9-00256489b9d5

Error: (09/07/2014 06:09:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sebastian-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/09/2014 09:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0x728
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3

Error: (07/24/2014 10:18:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004e4e4
ID des fehlerhaften Prozesses: 0x7ec
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (07/23/2014 06:18:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HOpsGame.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f30

Startzeit: 01cfa69153762d0a

Endzeit: 38

Anwendungspfad: C:\Program Files (x86)\Hazard Ops\UnrealEngine3\Binaries\Win32\HOpsGame.exe

Berichts-ID:

Error: (07/22/2014 08:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.17.31000, Zeitstempel: 0x53ba89c2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x6f8
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (07/22/2014 08:40:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.CreateInstance(System.Reflection.ConstructorInfo, System.Object[])
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.GetInstanceActivatingIfNeeded()
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.NotifyImportSatisfied()
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.Activate()
   bei System.ComponentModel.Composition.Hosting.ImportEngine+PartManager.TryOnComposed()
   bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImportsStateMachine(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart)
   bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImports(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart, Boolean)
   bei System.ComponentModel.Composition.Hosting.ImportEngine.SatisfyImports(System.ComponentModel.Composition.Primitives.ComposablePart)
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   bei Avira.OE.ServiceHost.ComputerAndServicesInfo.<get_AvStatusReporterFactory>b__0()
   bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   bei Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (07/19/2014 11:27:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 8.0.5.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d28

Startzeit: 01cfa333a1596dee

Endzeit: 11

Anwendungspfad: C:\Program Files\Java\jre8\bin\javaw.exe

Berichts-ID: f54d06c9-0f26-11e4-8ee9-00256489b9d5

Error: (07/18/2014 09:12:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Name des fehlerhaften Moduls: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Ausnahmecode: 0xc0000417
Fehleroffset: 0x01194140
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xUplay.exe0
Pfad der fehlerhaften Anwendung: Uplay.exe1
Pfad des fehlerhaften Moduls: Uplay.exe2
Berichtskennung: Uplay.exe3

Error: (07/18/2014 09:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Name des fehlerhaften Moduls: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Ausnahmecode: 0xc0000417
Fehleroffset: 0x01194140
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xUplay.exe0
Pfad der fehlerhaften Anwendung: Uplay.exe1
Pfad des fehlerhaften Moduls: Uplay.exe2
Berichtskennung: Uplay.exe3


System errors:
=============
Error: (09/08/2014 09:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/08/2014 09:58:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/07/2014 10:55:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/25/2014 02:45:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎08.‎2014 um 00:10:13 unerwartet heruntergefahren.

Error: (08/23/2014 06:54:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎08.‎2014 um 12:44:15 unerwartet heruntergefahren.

Error: (08/17/2014 00:27:27 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (08/16/2014 02:24:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/15/2014 02:40:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/15/2014 02:40:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (08/06/2014 11:13:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/07/2014 11:15:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ts3client_win64.exe3.0.14.098401cfcae0a59eecd040C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe1e5e28a9-36d4-11e4-9fc9-00256489b9d5

Error: (09/07/2014 06:09:52 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sebastian-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/09/2014 09:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmGui.exe14.0.6.52253bec647ipmGui.exe14.0.6.52253bec647c00000050000795b72801cfb3f62a91a32aC:\program files (x86)\avira\antivir desktop\ipmGui.exeC:\program files (x86)\avira\antivir desktop\ipmGui.exe2eda1e6e-1ffa-11e4-9a6f-00256489b9d5

Error: (07/24/2014 10:18:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e47ec01cfa77c4d671e2aC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllb47ad498-136f-11e4-8376-00256489b9d5

Error: (07/23/2014 06:18:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HOpsGame.exe0.0.0.0f3001cfa69153762d0a38C:\Program Files (x86)\Hazard Ops\UnrealEngine3\Binaries\Win32\HOpsGame.exe

Error: (07/22/2014 08:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.17.3100053ba89c2KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d6f801cfa5dc512f6c94C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dllb29e5efa-11cf-11e4-821a-00256489b9d5

Error: (07/22/2014 08:40:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
   bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.CreateInstance(System.Reflection.ConstructorInfo, System.Object[])
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.GetInstanceActivatingIfNeeded()
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.NotifyImportSatisfied()
   bei System.ComponentModel.Composition.ReflectionModel.ReflectionComposablePart.Activate()
   bei System.ComponentModel.Composition.Hosting.ImportEngine+PartManager.TryOnComposed()
   bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImportsStateMachine(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart)
   bei System.ComponentModel.Composition.Hosting.ImportEngine.TrySatisfyImports(PartManager, System.ComponentModel.Composition.Primitives.ComposablePart, Boolean)
   bei System.ComponentModel.Composition.Hosting.ImportEngine.SatisfyImports(System.ComponentModel.Composition.Primitives.ComposablePart)
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   bei Avira.OE.ServiceHost.ComputerAndServicesInfo.<get_AvStatusReporterFactory>b__0()
   bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
   bei Avira.OE.ServiceHost.ServiceHost.DispatchAnonymousSyncStatus(Avira.OE.Communicator.Interface.ICommunicator)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (07/19/2014 11:27:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.5.13d2801cfa333a1596dee11C:\Program Files\Java\jre8\bin\javaw.exef54d06c9-0f26-11e4-8ee9-00256489b9d5

Error: (07/18/2014 09:12:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Uplay.exe4.6.1.321753b41990Uplay.exe4.6.1.321753b41990c0000417011941408a001cfa25771155d05C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exeC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exee270744b-0e4a-11e4-8e7a-00256489b9d5

Error: (07/18/2014 09:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Uplay.exe4.6.1.321753b41990Uplay.exe4.6.1.321753b41990c0000417011941407e801cfa256742e7fffC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exeC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe3a5b6c93-0e4a-11e4-8e7a-00256489b9d5


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 21%
Total physical RAM: 8190.98 MB
Available physical RAM: 6406.89 MB
Total Pagefile: 16380.15 MB
Available Pagefile: 14276.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.46 GB) (Free:659.4 GB) NTFS
Drive d: (Fragen-Lern-CD) (CDROM) (Total:0.73 GB) (Free:0 GB) UDF
Drive e: (RECOVERY) (Fixed) (Total:10.98 GB) (Free:4.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=920.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 10.09.2014, 11:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.09.2014, 12:10   #5
marmeladelow
 
Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



Code:
ATTFilter
11:59:35.0758 0x091c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:59:40.0727 0x091c  ============================================================
11:59:40.0727 0x091c  Current date / time: 2014/09/17 11:59:40.0727
11:59:40.0727 0x091c  SystemInfo:
11:59:40.0727 0x091c  
11:59:40.0727 0x091c  OS Version: 6.1.7601 ServicePack: 1.0
11:59:40.0727 0x091c  Product type: Workstation
11:59:40.0728 0x091c  ComputerName: SEBASTIAN-PC
11:59:40.0728 0x091c  UserName: Sebastian
11:59:40.0728 0x091c  Windows directory: C:\Windows
11:59:40.0728 0x091c  System windows directory: C:\Windows
11:59:40.0728 0x091c  Running under WOW64
11:59:40.0728 0x091c  Processor architecture: Intel x64
11:59:40.0728 0x091c  Number of processors: 4
11:59:40.0728 0x091c  Page size: 0x1000
11:59:40.0728 0x091c  Boot type: Normal boot
11:59:40.0728 0x091c  ============================================================
11:59:42.0680 0x091c  KLMD registered as C:\Windows\system32\drivers\99288566.sys
11:59:45.0300 0x091c  System UUID: {B0ADBDD4-A938-659E-A212-FCCB93AAB822}
11:59:46.0926 0x091c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:59:46.0942 0x091c  ============================================================
11:59:46.0942 0x091c  \Device\Harddisk0\DR0:
11:59:46.0942 0x091c  MBR partitions:
11:59:46.0942 0x091c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x15F5000
11:59:46.0942 0x091c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x161C800, BlocksNum 0x730E9800
11:59:46.0942 0x091c  ============================================================
11:59:46.0979 0x091c  C: <-> \Device\Harddisk0\DR0\Partition2
11:59:47.0015 0x091c  E: <-> \Device\Harddisk0\DR0\Partition1
11:59:47.0015 0x091c  ============================================================
11:59:47.0015 0x091c  Initialize success
11:59:47.0015 0x091c  ============================================================
11:59:56.0813 0x0b18  ============================================================
11:59:56.0813 0x0b18  Scan started
11:59:56.0813 0x0b18  Mode: Manual; SigCheck; TDLFS; 
11:59:56.0813 0x0b18  ============================================================
11:59:56.0813 0x0b18  KSN ping started
12:00:17.0608 0x0b18  KSN ping finished: true
12:00:18.0696 0x0b18  ================ Scan system memory ========================
12:00:18.0696 0x0b18  System memory - ok
12:00:18.0697 0x0b18  ================ Scan services =============================
12:00:18.0886 0x0b18  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:00:18.0994 0x0b18  1394ohci - ok
12:00:19.0037 0x0b18  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:00:19.0058 0x0b18  ACPI - ok
12:00:19.0076 0x0b18  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:00:19.0142 0x0b18  AcpiPmi - ok
12:00:19.0226 0x0b18  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:00:19.0239 0x0b18  AdobeARMservice - ok
12:00:19.0363 0x0b18  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:00:19.0381 0x0b18  AdobeFlashPlayerUpdateSvc - ok
12:00:19.0428 0x0b18  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:00:19.0452 0x0b18  adp94xx - ok
12:00:19.0476 0x0b18  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:00:19.0496 0x0b18  adpahci - ok
12:00:19.0521 0x0b18  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:00:19.0537 0x0b18  adpu320 - ok
12:00:19.0575 0x0b18  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:00:19.0709 0x0b18  AeLookupSvc - ok
12:00:19.0761 0x0b18  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:00:19.0877 0x0b18  AFD - ok
12:00:19.0898 0x0b18  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:00:19.0917 0x0b18  agp440 - ok
12:00:19.0927 0x0b18  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:00:19.0999 0x0b18  ALG - ok
12:00:20.0029 0x0b18  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:00:20.0041 0x0b18  aliide - ok
12:00:20.0078 0x0b18  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:00:20.0154 0x0b18  AMD External Events Utility - ok
12:00:20.0170 0x0b18  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:00:20.0185 0x0b18  amdide - ok
12:00:20.0241 0x0b18  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:00:20.0290 0x0b18  AmdK8 - ok
12:00:20.0664 0x0b18  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:00:21.0170 0x0b18  amdkmdag - ok
12:00:21.0227 0x0b18  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:00:21.0272 0x0b18  amdkmdap - ok
12:00:21.0293 0x0b18  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:00:21.0323 0x0b18  AmdPPM - ok
12:00:21.0344 0x0b18  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:00:21.0359 0x0b18  amdsata - ok
12:00:21.0406 0x0b18  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:00:21.0422 0x0b18  amdsbs - ok
12:00:21.0439 0x0b18  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:00:21.0451 0x0b18  amdxata - ok
12:00:21.0547 0x0b18  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:00:21.0587 0x0b18  AntiVirSchedulerService - ok
12:00:21.0632 0x0b18  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:00:21.0655 0x0b18  AntiVirService - ok
12:00:21.0691 0x0b18  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:00:21.0813 0x0b18  AppID - ok
12:00:21.0844 0x0b18  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:00:21.0913 0x0b18  AppIDSvc - ok
12:00:21.0946 0x0b18  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:00:22.0013 0x0b18  Appinfo - ok
12:00:22.0051 0x0b18  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:00:22.0087 0x0b18  AppMgmt - ok
12:00:22.0109 0x0b18  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:00:22.0122 0x0b18  arc - ok
12:00:22.0141 0x0b18  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:00:22.0155 0x0b18  arcsas - ok
12:00:22.0274 0x0b18  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:00:22.0320 0x0b18  aspnet_state - ok
12:00:22.0337 0x0b18  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:00:22.0396 0x0b18  AsyncMac - ok
12:00:22.0429 0x0b18  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:00:22.0441 0x0b18  atapi - ok
12:00:22.0470 0x0b18  [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:00:22.0529 0x0b18  AtiHDAudioService - ok
12:00:22.0578 0x0b18  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:00:22.0664 0x0b18  AudioEndpointBuilder - ok
12:00:22.0683 0x0b18  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:00:22.0732 0x0b18  AudioSrv - ok
12:00:22.0770 0x0b18  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:00:22.0798 0x0b18  avgntflt - ok
12:00:22.0840 0x0b18  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:00:22.0853 0x0b18  avipbb - ok
12:00:22.0919 0x0b18  [ 05ABC09DC0DFA5DF79A0BB39F60636B7, FEDE900D991F1FB40BA0A44E05181A6A506DC8B5F365E78E523CB6DF2CDACC15 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
12:00:22.0936 0x0b18  Avira.OE.ServiceHost - ok
12:00:22.0967 0x0b18  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:00:22.0980 0x0b18  avkmgr - ok
12:00:23.0021 0x0b18  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:00:23.0109 0x0b18  AxInstSV - ok
12:00:23.0143 0x0b18  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:00:23.0210 0x0b18  b06bdrv - ok
12:00:23.0238 0x0b18  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:00:23.0274 0x0b18  b57nd60a - ok
12:00:23.0307 0x0b18  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:00:23.0348 0x0b18  BDESVC - ok
12:00:23.0352 0x0b18  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:00:23.0403 0x0b18  Beep - ok
12:00:23.0450 0x0b18  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:00:23.0495 0x0b18  BFE - ok
12:00:23.0535 0x0b18  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:00:23.0611 0x0b18  BITS - ok
12:00:23.0633 0x0b18  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:00:23.0677 0x0b18  blbdrive - ok
12:00:23.0704 0x0b18  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:00:23.0739 0x0b18  bowser - ok
12:00:23.0762 0x0b18  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:00:23.0812 0x0b18  BrFiltLo - ok
12:00:23.0817 0x0b18  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:00:23.0833 0x0b18  BrFiltUp - ok
12:00:23.0861 0x0b18  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:00:23.0914 0x0b18  Browser - ok
12:00:23.0939 0x0b18  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:00:24.0015 0x0b18  Brserid - ok
12:00:24.0036 0x0b18  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:00:24.0066 0x0b18  BrSerWdm - ok
12:00:24.0071 0x0b18  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:00:24.0108 0x0b18  BrUsbMdm - ok
12:00:24.0112 0x0b18  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:00:24.0143 0x0b18  BrUsbSer - ok
12:00:24.0149 0x0b18  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:00:24.0183 0x0b18  BTHMODEM - ok
12:00:24.0206 0x0b18  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:00:24.0249 0x0b18  bthserv - ok
12:00:24.0268 0x0b18  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:00:24.0316 0x0b18  cdfs - ok
12:00:24.0339 0x0b18  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:00:24.0375 0x0b18  cdrom - ok
12:00:24.0413 0x0b18  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:00:24.0472 0x0b18  CertPropSvc - ok
12:00:24.0493 0x0b18  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:00:24.0522 0x0b18  circlass - ok
12:00:24.0563 0x0b18  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:00:24.0583 0x0b18  CLFS - ok
12:00:24.0658 0x0b18  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:00:24.0674 0x0b18  clr_optimization_v2.0.50727_32 - ok
12:00:24.0731 0x0b18  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:00:24.0745 0x0b18  clr_optimization_v2.0.50727_64 - ok
12:00:24.0847 0x0b18  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:00:24.0921 0x0b18  clr_optimization_v4.0.30319_32 - ok
12:00:24.0944 0x0b18  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:00:24.0966 0x0b18  clr_optimization_v4.0.30319_64 - ok
12:00:25.0001 0x0b18  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:00:25.0092 0x0b18  CmBatt - ok
12:00:25.0120 0x0b18  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:00:25.0132 0x0b18  cmdide - ok
12:00:25.0179 0x0b18  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:00:25.0226 0x0b18  CNG - ok
12:00:25.0232 0x0b18  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:00:25.0244 0x0b18  Compbatt - ok
12:00:25.0278 0x0b18  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:00:25.0313 0x0b18  CompositeBus - ok
12:00:25.0318 0x0b18  COMSysApp - ok
12:00:25.0324 0x0b18  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:00:25.0339 0x0b18  crcdisk - ok
12:00:25.0366 0x0b18  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:00:25.0421 0x0b18  CryptSvc - ok
12:00:25.0459 0x0b18  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:00:25.0544 0x0b18  CSC - ok
12:00:25.0600 0x0b18  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:00:25.0652 0x0b18  CscService - ok
12:00:25.0720 0x0b18  [ 80861969541971176E005D2C09DAE851, F82A054DE0425ACB758A3792D902A38D01BE0ADEE933B5878C8F8017C148063A ] DAUpdaterSvc    C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:00:25.0730 0x0b18  DAUpdaterSvc - ok
12:00:25.0782 0x0b18  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:00:25.0844 0x0b18  DcomLaunch - ok
12:00:25.0883 0x0b18  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:00:25.0945 0x0b18  defragsvc - ok
12:00:25.0982 0x0b18  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:00:26.0038 0x0b18  DfsC - ok
12:00:26.0073 0x0b18  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:00:26.0139 0x0b18  Dhcp - ok
12:00:26.0158 0x0b18  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:00:26.0215 0x0b18  discache - ok
12:00:26.0262 0x0b18  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:00:26.0280 0x0b18  Disk - ok
12:00:26.0306 0x0b18  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:00:26.0335 0x0b18  Dnscache - ok
12:00:26.0378 0x0b18  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:00:26.0436 0x0b18  dot3svc - ok
12:00:26.0477 0x0b18  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:00:26.0528 0x0b18  DPS - ok
12:00:26.0564 0x0b18  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:00:26.0599 0x0b18  drmkaud - ok
12:00:26.0627 0x0b18  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:00:26.0647 0x0b18  dtsoftbus01 - ok
12:00:26.0710 0x0b18  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:00:26.0765 0x0b18  DXGKrnl - ok
12:00:26.0772 0x0b18  EagleX64 - ok
12:00:26.0808 0x0b18  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:00:26.0849 0x0b18  EapHost - ok
12:00:26.0956 0x0b18  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:00:27.0106 0x0b18  ebdrv - ok
12:00:27.0144 0x0b18  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
12:00:27.0174 0x0b18  EFS - ok
12:00:27.0230 0x0b18  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:00:27.0316 0x0b18  ehRecvr - ok
12:00:27.0350 0x0b18  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:00:27.0402 0x0b18  ehSched - ok
12:00:27.0449 0x0b18  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:00:27.0480 0x0b18  elxstor - ok
12:00:27.0507 0x0b18  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:00:27.0561 0x0b18  ErrDev - ok
12:00:27.0590 0x0b18  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:00:27.0653 0x0b18  EventSystem - ok
12:00:27.0679 0x0b18  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:00:27.0723 0x0b18  exfat - ok
12:00:27.0762 0x0b18  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:00:27.0817 0x0b18  fastfat - ok
12:00:27.0884 0x0b18  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:00:27.0964 0x0b18  Fax - ok
12:00:27.0979 0x0b18  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:00:28.0006 0x0b18  fdc - ok
12:00:28.0011 0x0b18  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:00:28.0064 0x0b18  fdPHost - ok
12:00:28.0085 0x0b18  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:00:28.0135 0x0b18  FDResPub - ok
12:00:28.0154 0x0b18  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:00:28.0173 0x0b18  FileInfo - ok
12:00:28.0182 0x0b18  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:00:28.0232 0x0b18  Filetrace - ok
12:00:28.0248 0x0b18  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:00:28.0262 0x0b18  flpydisk - ok
12:00:28.0305 0x0b18  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:00:28.0332 0x0b18  FltMgr - ok
12:00:28.0405 0x0b18  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:00:28.0480 0x0b18  FontCache - ok
12:00:28.0539 0x0b18  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:00:28.0553 0x0b18  FontCache3.0.0.0 - ok
12:00:28.0570 0x0b18  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:00:28.0591 0x0b18  FsDepends - ok
12:00:28.0610 0x0b18  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:00:28.0626 0x0b18  Fs_Rec - ok
12:00:28.0650 0x0b18  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:00:28.0680 0x0b18  fvevol - ok
12:00:28.0692 0x0b18  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:00:28.0705 0x0b18  gagp30kx - ok
12:00:28.0755 0x0b18  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:00:28.0838 0x0b18  gpsvc - ok
12:00:28.0904 0x0b18  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:00:28.0914 0x0b18  hamachi - ok
12:00:29.0021 0x0b18  [ CD926C6DE583ADBE1A3A9A62C310FDE2, 9E5E2D9F3342ACBAD6E0F6A1DEFC369A30E5CB6743EF2178A886A95263E5B7EF ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:00:29.0111 0x0b18  Hamachi2Svc - ok
12:00:29.0137 0x0b18  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:00:29.0206 0x0b18  hcw85cir - ok
12:00:29.0275 0x0b18  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:00:29.0330 0x0b18  HdAudAddService - ok
12:00:29.0382 0x0b18  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:00:29.0419 0x0b18  HDAudBus - ok
12:00:29.0444 0x0b18  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:00:29.0491 0x0b18  HidBatt - ok
12:00:29.0515 0x0b18  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:00:29.0553 0x0b18  HidBth - ok
12:00:29.0601 0x0b18  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:00:29.0618 0x0b18  HidIr - ok
12:00:29.0673 0x0b18  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:00:29.0728 0x0b18  hidserv - ok
12:00:29.0809 0x0b18  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:00:29.0869 0x0b18  HidUsb - ok
12:00:29.0917 0x0b18  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:00:30.0126 0x0b18  hkmsvc - ok
12:00:30.0281 0x0b18  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:00:30.0449 0x0b18  HomeGroupListener - ok
12:00:30.0640 0x0b18  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:00:30.0766 0x0b18  HomeGroupProvider - ok
12:00:30.0908 0x0b18  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:00:30.0922 0x0b18  HpSAMD - ok
12:00:31.0258 0x0b18  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:00:31.0508 0x0b18  HTTP - ok
12:00:31.0612 0x0b18  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:00:31.0713 0x0b18  hwpolicy - ok
12:00:31.0765 0x0b18  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:00:31.0790 0x0b18  i8042prt - ok
12:00:31.0937 0x0b18  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:00:31.0958 0x0b18  iaStorV - ok
12:00:32.0227 0x0b18  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:00:32.0263 0x0b18  idsvc - ok
12:00:32.0289 0x0b18  IEEtwCollectorService - ok
12:00:32.0324 0x0b18  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:00:32.0337 0x0b18  iirsp - ok
12:00:32.0408 0x0b18  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:00:32.0460 0x0b18  IKEEXT - ok
12:00:32.0495 0x0b18  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:00:32.0507 0x0b18  intelide - ok
12:00:32.0522 0x0b18  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:00:32.0558 0x0b18  intelppm - ok
12:00:32.0605 0x0b18  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:00:32.0685 0x0b18  IPBusEnum - ok
12:00:32.0729 0x0b18  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:00:32.0794 0x0b18  IpFilterDriver - ok
12:00:32.0881 0x0b18  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:00:32.0937 0x0b18  iphlpsvc - ok
12:00:32.0964 0x0b18  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:00:32.0996 0x0b18  IPMIDRV - ok
12:00:33.0023 0x0b18  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:00:33.0087 0x0b18  IPNAT - ok
12:00:33.0125 0x0b18  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:00:33.0369 0x0b18  IRENUM - ok
12:00:33.0379 0x0b18  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:00:33.0394 0x0b18  isapnp - ok
12:00:33.0419 0x0b18  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:00:33.0445 0x0b18  iScsiPrt - ok
12:00:33.0461 0x0b18  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:00:33.0479 0x0b18  kbdclass - ok
12:00:33.0501 0x0b18  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:00:33.0518 0x0b18  kbdhid - ok
12:00:33.0528 0x0b18  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:00:33.0542 0x0b18  KeyIso - ok
12:00:33.0645 0x0b18  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:00:33.0683 0x0b18  KSecDD - ok
12:00:33.0789 0x0b18  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:00:33.0816 0x0b18  KSecPkg - ok
12:00:33.0828 0x0b18  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:00:33.0884 0x0b18  ksthunk - ok
12:00:33.0923 0x0b18  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:00:33.0990 0x0b18  KtmRm - ok
12:00:34.0025 0x0b18  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:00:34.0079 0x0b18  LanmanServer - ok
12:00:34.0119 0x0b18  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:00:34.0168 0x0b18  LanmanWorkstation - ok
12:00:34.0205 0x0b18  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:00:34.0255 0x0b18  lltdio - ok
12:00:34.0292 0x0b18  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:00:34.0360 0x0b18  lltdsvc - ok
12:00:34.0374 0x0b18  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:00:34.0412 0x0b18  lmhosts - ok
12:00:34.0435 0x0b18  [ 367B044CC3A056242D85F4D26975E6C3, EA989217E91377535A8AECF2C0C23F1A183493CAD1EDE9B19541A93FD9AE290A ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
12:00:34.0451 0x0b18  LMIGuardianSvc - ok
12:00:34.0482 0x0b18  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:00:34.0496 0x0b18  LSI_FC - ok
12:00:34.0503 0x0b18  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:00:34.0516 0x0b18  LSI_SAS - ok
12:00:34.0521 0x0b18  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:00:34.0535 0x0b18  LSI_SAS2 - ok
12:00:34.0541 0x0b18  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:00:34.0555 0x0b18  LSI_SCSI - ok
12:00:34.0584 0x0b18  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:00:34.0637 0x0b18  luafv - ok
12:00:34.0672 0x0b18  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:00:34.0714 0x0b18  Mcx2Svc - ok
12:00:34.0734 0x0b18  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:00:34.0746 0x0b18  megasas - ok
12:00:34.0757 0x0b18  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:00:34.0775 0x0b18  MegaSR - ok
12:00:34.0810 0x0b18  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:00:34.0863 0x0b18  MMCSS - ok
12:00:34.0945 0x0b18  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:00:35.0088 0x0b18  Modem - ok
12:00:35.0181 0x0b18  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:00:35.0212 0x0b18  monitor - ok
12:00:35.0244 0x0b18  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:00:35.0259 0x0b18  mouclass - ok
12:00:35.0275 0x0b18  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:00:35.0322 0x0b18  mouhid - ok
12:00:35.0353 0x0b18  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:00:35.0368 0x0b18  mountmgr - ok
12:00:35.0415 0x0b18  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:00:35.0446 0x0b18  MozillaMaintenance - ok
12:00:35.0466 0x0b18  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:00:35.0489 0x0b18  mpio - ok
12:00:35.0516 0x0b18  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:00:35.0555 0x0b18  mpsdrv - ok
12:00:35.0605 0x0b18  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:00:35.0678 0x0b18  MpsSvc - ok
12:00:35.0718 0x0b18  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:00:35.0762 0x0b18  MRxDAV - ok
12:00:35.0787 0x0b18  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:00:35.0841 0x0b18  mrxsmb - ok
12:00:35.0865 0x0b18  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:00:35.0907 0x0b18  mrxsmb10 - ok
12:00:35.0915 0x0b18  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:00:35.0937 0x0b18  mrxsmb20 - ok
12:00:35.0958 0x0b18  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:00:35.0970 0x0b18  msahci - ok
12:00:36.0004 0x0b18  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:00:36.0026 0x0b18  msdsm - ok
12:00:36.0051 0x0b18  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:00:36.0077 0x0b18  MSDTC - ok
12:00:36.0098 0x0b18  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:00:36.0134 0x0b18  Msfs - ok
12:00:36.0146 0x0b18  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:00:36.0198 0x0b18  mshidkmdf - ok
12:00:36.0227 0x0b18  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:00:36.0242 0x0b18  msisadrv - ok
12:00:36.0283 0x0b18  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:00:36.0329 0x0b18  MSiSCSI - ok
12:00:36.0332 0x0b18  msiserver - ok
12:00:36.0366 0x0b18  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:00:36.0402 0x0b18  MSKSSRV - ok
12:00:36.0426 0x0b18  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:00:36.0484 0x0b18  MSPCLOCK - ok
12:00:36.0488 0x0b18  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:00:36.0542 0x0b18  MSPQM - ok
12:00:36.0566 0x0b18  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:00:36.0593 0x0b18  MsRPC - ok
12:00:36.0618 0x0b18  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:00:36.0631 0x0b18  mssmbios - ok
12:00:36.0646 0x0b18  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:00:36.0684 0x0b18  MSTEE - ok
12:00:36.0699 0x0b18  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:00:36.0715 0x0b18  MTConfig - ok
12:00:36.0730 0x0b18  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:00:36.0746 0x0b18  Mup - ok
12:00:36.0777 0x0b18  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:00:36.0840 0x0b18  napagent - ok
12:00:36.0871 0x0b18  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:00:36.0902 0x0b18  NativeWifiP - ok
12:00:36.0964 0x0b18  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:00:37.0011 0x0b18  NDIS - ok
12:00:37.0027 0x0b18  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:00:37.0089 0x0b18  NdisCap - ok
12:00:37.0105 0x0b18  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:00:37.0136 0x0b18  NdisTapi - ok
12:00:37.0183 0x0b18  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:00:37.0221 0x0b18  Ndisuio - ok
12:00:37.0256 0x0b18  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:00:37.0312 0x0b18  NdisWan - ok
12:00:37.0344 0x0b18  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:00:37.0381 0x0b18  NDProxy - ok
12:00:37.0392 0x0b18  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:00:37.0448 0x0b18  NetBIOS - ok
12:00:37.0478 0x0b18  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:00:37.0543 0x0b18  NetBT - ok
12:00:37.0561 0x0b18  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:00:37.0574 0x0b18  Netlogon - ok
12:00:37.0617 0x0b18  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:00:37.0714 0x0b18  Netman - ok
12:00:37.0771 0x0b18  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0799 0x0b18  NetMsmqActivator - ok
12:00:37.0805 0x0b18  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0821 0x0b18  NetPipeActivator - ok
12:00:37.0856 0x0b18  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:00:37.0917 0x0b18  netprofm - ok
12:00:37.0924 0x0b18  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0940 0x0b18  NetTcpActivator - ok
12:00:37.0945 0x0b18  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:37.0961 0x0b18  NetTcpPortSharing - ok
12:00:37.0991 0x0b18  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:00:38.0021 0x0b18  nfrd960 - ok
12:00:38.0044 0x0b18  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:00:38.0084 0x0b18  NlaSvc - ok
12:00:38.0089 0x0b18  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:00:38.0140 0x0b18  Npfs - ok
12:00:38.0166 0x0b18  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:00:38.0212 0x0b18  nsi - ok
12:00:38.0229 0x0b18  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:00:38.0282 0x0b18  nsiproxy - ok
12:00:38.0351 0x0b18  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:00:38.0457 0x0b18  Ntfs - ok
12:00:38.0469 0x0b18  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:00:38.0539 0x0b18  Null - ok
12:00:38.0587 0x0b18  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:00:38.0601 0x0b18  nvraid - ok
12:00:38.0633 0x0b18  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:00:38.0648 0x0b18  nvstor - ok
12:00:38.0662 0x0b18  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:00:38.0676 0x0b18  nv_agp - ok
12:00:38.0695 0x0b18  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:00:38.0714 0x0b18  ohci1394 - ok
12:00:38.0754 0x0b18  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:00:38.0810 0x0b18  p2pimsvc - ok
12:00:38.0839 0x0b18  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:00:38.0890 0x0b18  p2psvc - ok
12:00:38.0917 0x0b18  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:00:38.0932 0x0b18  Parport - ok
12:00:38.0968 0x0b18  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:00:39.0041 0x0b18  partmgr - ok
12:00:39.0087 0x0b18  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:00:39.0128 0x0b18  PcaSvc - ok
12:00:39.0152 0x0b18  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:00:39.0168 0x0b18  pci - ok
12:00:39.0187 0x0b18  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:00:39.0202 0x0b18  pciide - ok
12:00:39.0227 0x0b18  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:00:39.0243 0x0b18  pcmcia - ok
12:00:39.0261 0x0b18  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:00:39.0278 0x0b18  pcw - ok
12:00:39.0305 0x0b18  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:00:39.0399 0x0b18  PEAUTH - ok
12:00:39.0473 0x0b18  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:00:39.0627 0x0b18  PeerDistSvc - ok
12:00:39.0720 0x0b18  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:00:39.0760 0x0b18  PerfHost - ok
12:00:39.0832 0x0b18  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:00:39.0961 0x0b18  pla - ok
12:00:40.0016 0x0b18  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:00:40.0080 0x0b18  PlugPlay - ok
12:00:40.0099 0x0b18  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:00:40.0129 0x0b18  PNRPAutoReg - ok
12:00:40.0152 0x0b18  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:00:40.0168 0x0b18  PNRPsvc - ok
12:00:40.0271 0x0b18  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:00:40.0349 0x0b18  PolicyAgent - ok
12:00:40.0390 0x0b18  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:00:40.0441 0x0b18  Power - ok
12:00:40.0493 0x0b18  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:00:40.0568 0x0b18  PptpMiniport - ok
12:00:40.0595 0x0b18  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:00:40.0626 0x0b18  Processor - ok
12:00:40.0693 0x0b18  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:00:40.0740 0x0b18  ProfSvc - ok
12:00:40.0752 0x0b18  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:00:40.0768 0x0b18  ProtectedStorage - ok
12:00:40.0802 0x0b18  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:00:40.0855 0x0b18  Psched - ok
12:00:40.0917 0x0b18  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:00:41.0016 0x0b18  ql2300 - ok
12:00:41.0044 0x0b18  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:00:41.0058 0x0b18  ql40xx - ok
12:00:41.0095 0x0b18  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:00:41.0128 0x0b18  QWAVE - ok
12:00:41.0138 0x0b18  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:00:41.0182 0x0b18  QWAVEdrv - ok
12:00:41.0201 0x0b18  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:00:41.0247 0x0b18  RasAcd - ok
12:00:41.0285 0x0b18  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:00:41.0323 0x0b18  RasAgileVpn - ok
12:00:41.0342 0x0b18  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:00:41.0402 0x0b18  RasAuto - ok
12:00:41.0435 0x0b18  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:00:41.0490 0x0b18  Rasl2tp - ok
12:00:41.0526 0x0b18  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:00:41.0577 0x0b18  RasMan - ok
12:00:41.0587 0x0b18  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:00:41.0640 0x0b18  RasPppoe - ok
12:00:41.0666 0x0b18  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:00:41.0721 0x0b18  RasSstp - ok
12:00:41.0751 0x0b18  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:00:41.0814 0x0b18  rdbss - ok
12:00:41.0831 0x0b18  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:00:41.0849 0x0b18  rdpbus - ok
12:00:41.0854 0x0b18  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:00:41.0906 0x0b18  RDPCDD - ok
12:00:41.0951 0x0b18  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:00:42.0005 0x0b18  RDPDR - ok
12:00:42.0014 0x0b18  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:00:42.0069 0x0b18  RDPENCDD - ok
12:00:42.0095 0x0b18  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:00:42.0131 0x0b18  RDPREFMP - ok
12:00:42.0153 0x0b18  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:00:42.0208 0x0b18  RDPWD - ok
12:00:42.0244 0x0b18  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:00:42.0267 0x0b18  rdyboost - ok
12:00:42.0301 0x0b18  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:00:42.0352 0x0b18  RemoteAccess - ok
12:00:42.0360 0x0b18  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:00:42.0419 0x0b18  RemoteRegistry - ok
12:00:42.0444 0x0b18  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:00:42.0486 0x0b18  RpcEptMapper - ok
12:00:42.0518 0x0b18  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:00:42.0552 0x0b18  RpcLocator - ok
12:00:42.0599 0x0b18  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:00:42.0648 0x0b18  RpcSs - ok
12:00:42.0664 0x0b18  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:00:42.0720 0x0b18  rspndr - ok
12:00:42.0775 0x0b18  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:00:42.0796 0x0b18  RTL8167 - ok
12:00:42.0833 0x0b18  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:00:42.0858 0x0b18  s3cap - ok
12:00:42.0869 0x0b18  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
12:00:42.0882 0x0b18  SamSs - ok
12:00:42.0907 0x0b18  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:00:42.0937 0x0b18  sbp2port - ok
12:00:42.0970 0x0b18  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:00:43.0040 0x0b18  SCardSvr - ok
12:00:43.0076 0x0b18  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:00:43.0122 0x0b18  scfilter - ok
12:00:43.0189 0x0b18  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:00:43.0329 0x0b18  Schedule - ok
12:00:43.0371 0x0b18  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:00:43.0409 0x0b18  SCPolicySvc - ok
12:00:43.0440 0x0b18  [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus         C:\Windows\system32\DRIVERS\ScpVBus.sys
12:00:43.0451 0x0b18  ScpVBus - ok
12:00:43.0493 0x0b18  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:00:43.0552 0x0b18  SDRSVC - ok
12:00:43.0576 0x0b18  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:00:43.0622 0x0b18  secdrv - ok
12:00:43.0658 0x0b18  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:00:43.0717 0x0b18  seclogon - ok
12:00:43.0749 0x0b18  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:00:43.0793 0x0b18  SENS - ok
12:00:43.0809 0x0b18  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:00:43.0848 0x0b18  SensrSvc - ok
12:00:43.0868 0x0b18  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:00:43.0885 0x0b18  Serenum - ok
12:00:43.0918 0x0b18  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:00:43.0933 0x0b18  Serial - ok
12:00:43.0943 0x0b18  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:00:43.0982 0x0b18  sermouse - ok
12:00:44.0026 0x0b18  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:00:44.0082 0x0b18  SessionEnv - ok
12:00:44.0119 0x0b18  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:00:44.0156 0x0b18  sffdisk - ok
12:00:44.0179 0x0b18  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:00:44.0198 0x0b18  sffp_mmc - ok
12:00:44.0226 0x0b18  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:00:44.0275 0x0b18  sffp_sd - ok
12:00:44.0280 0x0b18  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:00:44.0295 0x0b18  sfloppy - ok
12:00:44.0345 0x0b18  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:00:44.0416 0x0b18  SharedAccess - ok
12:00:44.0458 0x0b18  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:00:44.0500 0x0b18  ShellHWDetection - ok
12:00:44.0526 0x0b18  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:00:44.0538 0x0b18  SiSRaid2 - ok
12:00:44.0544 0x0b18  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:00:44.0557 0x0b18  SiSRaid4 - ok
12:00:44.0604 0x0b18  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:00:44.0625 0x0b18  SkypeUpdate - ok
12:00:44.0642 0x0b18  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:00:44.0696 0x0b18  Smb - ok
12:00:44.0705 0x0b18  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:00:44.0723 0x0b18  SNMPTRAP - ok
12:00:44.0742 0x0b18  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:00:44.0758 0x0b18  spldr - ok
12:00:44.0796 0x0b18  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:00:44.0846 0x0b18  Spooler - ok
12:00:44.0975 0x0b18  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:00:45.0168 0x0b18  sppsvc - ok
12:00:45.0207 0x0b18  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:00:45.0275 0x0b18  sppuinotify - ok
12:00:45.0306 0x0b18  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:00:45.0386 0x0b18  srv - ok
12:00:45.0411 0x0b18  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:00:45.0486 0x0b18  srv2 - ok
12:00:45.0508 0x0b18  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:00:45.0531 0x0b18  srvnet - ok
12:00:45.0544 0x0b18  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:00:45.0584 0x0b18  SSDPSRV - ok
12:00:45.0596 0x0b18  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:00:45.0637 0x0b18  SstpSvc - ok
12:00:45.0696 0x0b18  [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:00:45.0731 0x0b18  Steam Client Service - ok
12:00:45.0750 0x0b18  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:00:45.0763 0x0b18  stexstor - ok
12:00:45.0829 0x0b18  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:00:45.0892 0x0b18  stisvc - ok
12:00:45.0913 0x0b18  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:00:45.0925 0x0b18  storflt - ok
12:00:45.0958 0x0b18  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
12:00:45.0995 0x0b18  StorSvc - ok
12:00:46.0010 0x0b18  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:00:46.0022 0x0b18  storvsc - ok
12:00:46.0027 0x0b18  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:00:46.0039 0x0b18  swenum - ok
12:00:46.0061 0x0b18  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:00:46.0139 0x0b18  swprv - ok
12:00:46.0223 0x0b18  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:00:46.0308 0x0b18  SysMain - ok
12:00:46.0344 0x0b18  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:00:46.0388 0x0b18  TabletInputService - ok
12:00:46.0431 0x0b18  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:00:46.0505 0x0b18  TapiSrv - ok
12:00:46.0547 0x0b18  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:00:46.0587 0x0b18  TBS - ok
12:00:46.0675 0x0b18  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:00:46.0798 0x0b18  Tcpip - ok
12:00:46.0883 0x0b18  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:00:46.0936 0x0b18  TCPIP6 - ok
12:00:46.0986 0x0b18  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:00:47.0018 0x0b18  tcpipreg - ok
12:00:47.0052 0x0b18  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:00:47.0091 0x0b18  TDPIPE - ok
12:00:47.0122 0x0b18  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:00:47.0138 0x0b18  TDTCP - ok
12:00:47.0166 0x0b18  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:00:47.0211 0x0b18  tdx - ok
12:00:47.0232 0x0b18  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:00:47.0250 0x0b18  TermDD - ok
12:00:47.0322 0x0b18  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
12:00:47.0394 0x0b18  TermService - ok
12:00:47.0416 0x0b18  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:00:47.0454 0x0b18  Themes - ok
12:00:47.0493 0x0b18  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:00:47.0527 0x0b18  THREADORDER - ok
12:00:47.0548 0x0b18  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:00:47.0601 0x0b18  TrkWks - ok
12:00:47.0704 0x0b18  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:00:47.0747 0x0b18  TrustedInstaller - ok
12:00:47.0791 0x0b18  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:00:47.0825 0x0b18  tssecsrv - ok
12:00:47.0875 0x0b18  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:00:47.0916 0x0b18  TsUsbFlt - ok
12:00:47.0975 0x0b18  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:00:48.0029 0x0b18  tunnel - ok
12:00:48.0036 0x0b18  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:00:48.0049 0x0b18  uagp35 - ok
12:00:48.0097 0x0b18  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:00:48.0376 0x0b18  udfs - ok
12:00:48.0399 0x0b18  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:00:48.0437 0x0b18  UI0Detect - ok
12:00:48.0454 0x0b18  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:00:48.0473 0x0b18  uliagpkx - ok
12:00:48.0489 0x0b18  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
12:00:48.0522 0x0b18  umbus - ok
12:00:48.0532 0x0b18  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:00:48.0549 0x0b18  UmPass - ok
12:00:48.0571 0x0b18  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:00:48.0597 0x0b18  UmRdpService - ok
12:00:48.0637 0x0b18  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:00:48.0693 0x0b18  upnphost - ok
12:00:48.0740 0x0b18  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:00:49.0130 0x0b18  usbccgp - ok
12:00:49.0213 0x0b18  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:00:49.0257 0x0b18  usbcir - ok
12:00:49.0262 0x0b18  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:00:49.0296 0x0b18  usbehci - ok
12:00:49.0318 0x0b18  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:00:49.0371 0x0b18  usbhub - ok
12:00:49.0391 0x0b18  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:00:49.0411 0x0b18  usbohci - ok
12:00:49.0433 0x0b18  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:00:49.0458 0x0b18  usbprint - ok
12:00:49.0478 0x0b18  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:00:49.0512 0x0b18  USBSTOR - ok
12:00:49.0516 0x0b18  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:00:49.0535 0x0b18  usbuhci - ok
12:00:49.0551 0x0b18  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:00:49.0604 0x0b18  UxSms - ok
12:00:49.0619 0x0b18  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
12:00:49.0633 0x0b18  VaultSvc - ok
12:00:49.0637 0x0b18  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:00:49.0654 0x0b18  vdrvroot - ok
12:00:49.0699 0x0b18  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:00:49.0758 0x0b18  vds - ok
12:00:49.0778 0x0b18  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:00:49.0797 0x0b18  vga - ok
12:00:49.0814 0x0b18  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:00:49.0851 0x0b18  VgaSave - ok
12:00:49.0875 0x0b18  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:00:49.0900 0x0b18  vhdmp - ok
12:00:49.0912 0x0b18  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:00:49.0923 0x0b18  viaide - ok
12:00:49.0943 0x0b18  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:00:49.0959 0x0b18  vmbus - ok
12:00:49.0969 0x0b18  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:00:49.0992 0x0b18  VMBusHID - ok
12:00:50.0008 0x0b18  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:00:50.0026 0x0b18  volmgr - ok
12:00:50.0064 0x0b18  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:00:50.0093 0x0b18  volmgrx - ok
12:00:50.0130 0x0b18  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:00:50.0148 0x0b18  volsnap - ok
12:00:50.0177 0x0b18  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:00:50.0192 0x0b18  vsmraid - ok
12:00:50.0271 0x0b18  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:00:50.0382 0x0b18  VSS - ok
12:00:50.0403 0x0b18  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:00:50.0444 0x0b18  vwifibus - ok
12:00:50.0466 0x0b18  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:00:50.0510 0x0b18  W32Time - ok
12:00:50.0517 0x0b18  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:00:50.0530 0x0b18  WacomPen - ok
12:00:50.0571 0x0b18  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:00:50.0634 0x0b18  WANARP - ok
12:00:50.0638 0x0b18  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:00:50.0673 0x0b18  Wanarpv6 - ok
12:00:50.0749 0x0b18  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:00:50.0860 0x0b18  wbengine - ok
12:00:50.0880 0x0b18  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:00:50.0912 0x0b18  WbioSrvc - ok
12:00:50.0956 0x0b18  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:00:51.0011 0x0b18  wcncsvc - ok
12:00:51.0031 0x0b18  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:00:51.0063 0x0b18  WcsPlugInService - ok
12:00:51.0068 0x0b18  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:00:51.0080 0x0b18  Wd - ok
12:00:51.0132 0x0b18  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:00:51.0181 0x0b18  Wdf01000 - ok
12:00:51.0201 0x0b18  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:00:51.0274 0x0b18  WdiServiceHost - ok
12:00:51.0279 0x0b18  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:00:51.0301 0x0b18  WdiSystemHost - ok
12:00:51.0334 0x0b18  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:00:51.0362 0x0b18  WebClient - ok
12:00:51.0375 0x0b18  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:00:51.0432 0x0b18  Wecsvc - ok
12:00:51.0449 0x0b18  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:00:51.0497 0x0b18  wercplsupport - ok
12:00:51.0541 0x0b18  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:00:51.0585 0x0b18  WerSvc - ok
12:00:51.0589 0x0b18  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:00:51.0625 0x0b18  WfpLwf - ok
12:00:51.0629 0x0b18  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:00:51.0645 0x0b18  WIMMount - ok
12:00:51.0679 0x0b18  WinDefend - ok
12:00:51.0694 0x0b18  WinHttpAutoProxySvc - ok
12:00:51.0745 0x0b18  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:00:51.0784 0x0b18  Winmgmt - ok
12:00:51.0877 0x0b18  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:00:52.0058 0x0b18  WinRM - ok
12:00:52.0102 0x0b18  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:00:52.0123 0x0b18  WinUsb - ok
12:00:52.0175 0x0b18  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:00:52.0252 0x0b18  Wlansvc - ok
12:00:52.0406 0x0b18  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:00:52.0487 0x0b18  wlidsvc - ok
12:00:52.0504 0x0b18  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:00:52.0520 0x0b18  WmiAcpi - ok
12:00:52.0538 0x0b18  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:00:52.0581 0x0b18  wmiApSrv - ok
12:00:52.0601 0x0b18  WMPNetworkSvc - ok
12:00:52.0609 0x0b18  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:00:52.0633 0x0b18  WPCSvc - ok
12:00:52.0674 0x0b18  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:00:52.0702 0x0b18  WPDBusEnum - ok
12:00:52.0722 0x0b18  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:00:52.0775 0x0b18  ws2ifsl - ok
12:00:52.0800 0x0b18  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:00:52.0832 0x0b18  wscsvc - ok
12:00:52.0835 0x0b18  WSearch - ok
12:00:52.0934 0x0b18  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:00:53.0031 0x0b18  wuauserv - ok
12:00:53.0062 0x0b18  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:00:53.0096 0x0b18  WudfPf - ok
12:00:53.0129 0x0b18  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:00:53.0165 0x0b18  WUDFRd - ok
12:00:53.0193 0x0b18  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:00:53.0227 0x0b18  wudfsvc - ok
12:00:53.0270 0x0b18  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:00:53.0323 0x0b18  WwanSvc - ok
12:00:53.0372 0x0b18  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:00:53.0385 0x0b18  xusb21 - ok
12:00:53.0390 0x0b18  ================ Scan global ===============================
12:00:53.0425 0x0b18  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:00:53.0465 0x0b18  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:00:53.0479 0x0b18  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:00:53.0514 0x0b18  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:00:53.0560 0x0b18  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:00:53.0569 0x0b18  [ Global ] - ok
12:00:53.0569 0x0b18  ================ Scan MBR ==================================
12:00:53.0583 0x0b18  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:00:53.0856 0x0b18  \Device\Harddisk0\DR0 - ok
12:00:53.0857 0x0b18  ================ Scan VBR ==================================
12:00:53.0860 0x0b18  [ D72C9E1D116660CC510C58D8D2A8C288 ] \Device\Harddisk0\DR0\Partition1
12:00:53.0896 0x0b18  \Device\Harddisk0\DR0\Partition1 - ok
12:00:53.0899 0x0b18  [ 6A4C240675737A1D5AA76703E7C4FE57 ] \Device\Harddisk0\DR0\Partition2
12:00:53.0923 0x0b18  \Device\Harddisk0\DR0\Partition2 - ok
12:00:53.0923 0x0b18  ================ Scan generic autorun ======================
12:00:54.0024 0x0b18  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
12:00:54.0046 0x0b18  avgnt - ok
12:00:54.0164 0x0b18  [ 8BD1E47690E0A8185F95D564F005C337, F48684B087634E4CB228309706B76CDE41910AAD15E04EC78FE2CD639F2B7F0E ] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
12:00:54.0279 0x0b18  LogMeIn Hamachi Ui - ok
12:00:54.0328 0x0b18  [ 845EB283583BD3C89F09636A10114EF3, BCB3002B867052FB381B1E44D31E381200751E1AD3F991EB4233B73E3E034A0E ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
12:00:54.0341 0x0b18  Avira Systray - ok
12:00:54.0432 0x0b18  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:00:54.0540 0x0b18  Sidebar - ok
12:00:54.0579 0x0b18  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:00:54.0605 0x0b18  mctadmin - ok
12:00:54.0634 0x0b18  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:00:54.0689 0x0b18  Sidebar - ok
12:00:54.0696 0x0b18  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:00:54.0715 0x0b18  mctadmin - ok
12:00:54.0916 0x0b18  [ F31ED493F4569FEE116BAD1179D14C8F, DCF859C6B424EE829A4347EB82FAB3F70957BB2C80DD26A17FEB93724131B1AB ] C:\Users\Sebastian\AppData\Roaming\InetStat\inetstat.exe
12:00:54.0968 0x0b18  InetStat - ok
12:00:54.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:00:55.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:00:56.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:00:57.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:00:58.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:00:59.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:01:00.0971 0x0b18  Waiting for KSN requests completion. In queue: 211
12:01:01.0972 0x0b18  Waiting for KSN requests completion. In queue: 211
12:01:02.0972 0x0b18  Waiting for KSN requests completion. In queue: 211
12:01:03.0972 0x0b18  Waiting for KSN requests completion. In queue: 211
12:01:04.0972 0x0b18  Waiting for KSN requests completion. In queue: 107
12:01:05.0972 0x0b18  Waiting for KSN requests completion. In queue: 107
12:01:06.0993 0x0b18  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x41000 ( enabled : updated )
12:01:07.0006 0x0b18  Win FW state via NFP2: enabled
12:01:27.0006 0x0b18  ============================================================
12:01:27.0006 0x0b18  Scan finished
12:01:27.0006 0x0b18  ============================================================
12:01:27.0017 0x0e14  Detected object count: 0
12:01:27.0017 0x0e14  Actual detected object count: 0
         


Alt 17.09.2014, 21:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Unsichtbares Internetexplorerfenster

Alt 20.09.2014, 12:19   #7
marmeladelow
 
Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



hey,
ich habe ein Problem mit Antivir.

Gerade habe ich Combofix gestartet und Antivir hat, obwohl Echtzeitscan deaktiviert, genörgelt das ein Eintrag in die Registry verweigert wurde.

Ich kann den Echtzeitscan und meine Firewall zwar über Antivir beenden, aber Antivir als
Prozess im Taskmanager nicht (Der Vorgang konnte nicht beendet werden. Zugriff verweigert.).

Soll ich es deinstallieren, um dir komplizierte erklärungen zu ersparen?

Alt 20.09.2014, 18:45   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



Ja, wir installieren es nachher wieder (oder gleich was anständiges )
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2014, 19:13   #9
marmeladelow
 
Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



AV ist runtergeschmissen und hier das Log.

Code:
ATTFilter
ComboFix 14-09-18.01 - Sebastian 20.09.2014  18:58:29.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8191.6987 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WINDOWS.SYS
E:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-20 bis 2014-09-20  ))))))))))))))))))))))))))))))
.
.
2014-09-20 17:06 . 2014-09-20 17:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-20 17:06 . 2014-09-20 17:06	--------	d-----w-	c:\users\Conni\AppData\Local\temp
2014-09-20 09:22 . 2014-09-09 02:05	11578928	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA2DF7CF-E228-4318-8CB5-B009B3BF6C4D}\mpengine.dll
2014-09-13 18:16 . 2014-09-13 18:16	3231696	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-11 21:49 . 2014-09-11 21:49	--------	d-----w-	c:\program files (x86)\Origin Games
2014-09-11 21:49 . 2014-09-11 21:49	--------	d-----w-	c:\users\Sebastian\AppData\Roaming\Origin
2014-09-11 21:49 . 2014-09-11 21:49	--------	d-----w-	c:\users\Sebastian\AppData\Local\Origin
2014-09-11 21:47 . 2014-09-11 21:50	--------	d-----w-	c:\programdata\Origin
2014-09-11 21:47 . 2014-09-11 21:47	--------	d-----w-	c:\programdata\Electronic Arts
2014-09-11 21:47 . 2014-09-11 21:49	--------	d-----w-	c:\program files (x86)\Origin
2014-09-11 08:32 . 2014-09-11 08:32	--------	d-----w-	c:\users\Conni\AppData\Roaming\Thunderbird
2014-09-11 08:32 . 2014-09-11 08:32	--------	d-----w-	c:\users\Conni\AppData\Local\Thunderbird
2014-09-10 12:18 . 2014-08-18 22:29	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-09-10 12:18 . 2014-08-18 22:06	222720	----a-w-	c:\program files\Internet Explorer\ielowutil.exe
2014-09-10 12:18 . 2014-08-18 22:05	596480	----a-w-	c:\windows\system32\ieui.dll
2014-09-10 12:18 . 2014-08-18 21:38	222720	----a-w-	c:\program files (x86)\Internet Explorer\ielowutil.exe
2014-09-10 12:18 . 2014-08-18 21:38	483328	----a-w-	c:\program files\Internet Explorer\ieinstal.exe
2014-09-10 12:18 . 2014-08-18 21:17	470016	----a-w-	c:\program files (x86)\Internet Explorer\ieinstal.exe
2014-09-10 12:18 . 2014-08-18 20:45	360448	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2014-09-10 12:18 . 2014-08-18 20:41	259584	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2014-09-10 12:12 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-10 12:12 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 08:39 . 2014-08-01 11:53	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-10 08:39 . 2014-08-01 11:35	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 08:38 . 2014-06-24 03:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-10 08:38 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-09-10 08:38 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-10 08:38 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-10 08:38 . 2014-07-07 01:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-09-10 08:38 . 2014-07-07 01:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-09-10 08:38 . 2014-07-07 01:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-09-10 08:37 . 2014-09-05 02:10	578048	----a-w-	c:\windows\system32\aepdu.dll
2014-09-10 08:37 . 2014-09-05 02:05	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-09-09 14:07 . 2014-09-09 14:08	--------	d-----w-	C:\FRST
2014-09-08 13:09 . 2014-09-08 13:09	--------	d-----w-	c:\users\Conni\AppData\Roaming\java
2014-09-08 13:08 . 2014-09-10 20:02	--------	d-----w-	c:\users\Conni\AppData\Roaming\.minecraft
2014-09-08 13:00 . 2014-09-08 13:00	--------	d-----w-	c:\users\Conni\AppData\Local\Skype
2014-09-08 13:00 . 2014-09-11 00:06	--------	d-----w-	c:\users\Conni\AppData\Roaming\Skype
2014-09-07 09:04 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-09-07 09:04 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-09-07 09:04 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-09-07 08:54 . 2014-09-07 08:54	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-08-24 22:06 . 2014-08-24 22:06	--------	d-----w-	C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-24 22:05 . 2014-08-24 22:05	--------	d-----w-	c:\windows\CheckSur
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 12:12 . 2014-04-04 14:21	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-09-09 14:16 . 2014-08-14 08:16	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 04:53 . 2014-03-20 17:22	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 08:43	2048	----a-w-	c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 08:43	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-14 08:41	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 08:41	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-07-09 16:22 . 2014-07-09 16:22	313256	----a-w-	c:\windows\system32\javaws.exe
2014-07-09 16:22 . 2014-07-09 16:22	191400	----a-w-	c:\windows\system32\javaw.exe
2014-07-09 16:22 . 2014-07-09 16:22	190888	----a-w-	c:\windows\system32\java.exe
2014-07-09 16:22 . 2014-07-09 16:22	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-09 09:17 . 2014-04-23 16:10	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:17 . 2014-04-23 16:10	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 09:17 . 2014-07-09 09:17	11204096	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-09 02:03 . 2014-08-14 08:47	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-14 08:47	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-14 08:47	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-14 08:47	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-14 08:47	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-14 08:47	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-14 08:47	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-14 12:17	8856	----a-w-	c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-14 12:17	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 08:57	14175744	----a-w-	c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 19:29	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InetStat"="c:\users\Sebastian\AppData\Roaming\InetStat\inetstat.exe" [2014-07-15 1325536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-23 09:17]
.
2014-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20 18:11]
.
2014-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job
- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-20 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 17:08	357432	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1 - c:\program files (x86)\LucasArts\Star Wars Battlefront II\GameData\ADDON\BFX\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2532947452-1858761559-3390100972-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,fa,14,61,01,48,79,4e,fa,9a,f5,00,17,7e,b8,0c,73,c0,ae,b5,2b,
   49,12,ef,29,3b,20,49,dd,60,e0,7f,b4,37,31,a2,70,dc,49,d7,a2,22,98,11,36,63,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-20  19:09:51
ComboFix-quarantined-files.txt  2014-09-20 17:09
.
Vor Suchlauf: 27 Verzeichnis(se), 715.515.711.488 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 716.888.367.104 Bytes frei
.
- - End Of File - - 497BF6C59AAA415373593965628FF491
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 21.09.2014, 10:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.09.2014, 12:47   #11
marmeladelow
 
Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.09.2014
Suchlauf-Zeit: 12:09:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.21.02
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sebastian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357066
Verstrichene Zeit: 8 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2532947452-1858761559-3390100972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [e660846c89f2ef47bb4a887dfa09cc34], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 12:27:14
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Sebastian - SEBASTIAN-PC
# Gestartet von : C:\Users\Sebastian\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Security System 2
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\isec@securitascout.com
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\Conni\AppData\Roaming\Mozilla\Firefox\Profiles\vgl2nc4q.default\prefs.js ]


[ Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3200 octets] - [21/09/2014 12:22:28]
AdwCleaner[S0].txt - [3016 octets] - [21/09/2014 12:27:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3076 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Professional x64
Ran by Sebastian on 21.09.2014 at 12:30:04,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3BDAE2A-737D-4D9A-92D9-B51ADC242E32}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\faqgy46y.default\minidumps [100 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 12:40:48,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 21-09-2014 12:41:46
Running from C:\Users\Sebastian\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3172B1316744CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\amazon-icon@giga.de [2014-04-20]
FF Extension: Adblock Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\faqgy46y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-27]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google Search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-21] (Disc Soft Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 12:41 - 2014-09-21 12:41 - 00007319 _____ () C:\Users\Sebastian\Desktop\FRST.txt
2014-09-21 12:41 - 2014-09-21 12:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\FRST-OlderVersion
2014-09-21 12:40 - 2014-09-21 12:40 - 00000913 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-09-21 12:30 - 2014-09-21 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 12:26 - 2014-09-21 12:29 - 00003166 _____ () C:\Users\Sebastian\Desktop\AdwCleaner.txt
2014-09-21 12:21 - 2014-09-21 12:27 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:20 - 2014-09-21 12:20 - 00001375 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\Sebastian\Desktop\AdwCleaner_3.310.exe
2014-09-21 12:10 - 2014-09-21 12:10 - 01027006 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-09-20 19:09 - 2014-09-20 19:09 - 00012796 _____ () C:\ComboFix.txt
2014-09-20 12:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-20 12:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-20 12:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-20 12:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-20 12:03 - 2014-09-20 12:03 - 00001427 _____ () C:\Users\Sebastian\Desktop\ComboFix - Verknüpfung.lnk
2014-09-20 12:02 - 2014-09-20 19:09 - 00000000 ____D () C:\Qoobox
2014-09-20 12:01 - 2014-09-20 19:08 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 12:00 - 2014-09-20 12:01 - 05578824 ____R (Swearware) C:\Users\Sebastian\Downloads\ComboFix.exe
2014-09-15 11:55 - 2014-09-15 11:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Downloads\tdsskiller.exe
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-11 23:47 - 2014-09-11 23:50 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 23:47 - 2014-09-11 23:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-11 23:46 - 2014-09-11 23:46 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Sebastian\Downloads\OriginThinSetup.exe
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Thunderbird
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Local\Thunderbird
2014-09-11 09:52 - 2014-09-11 09:52 - 00001291 _____ () C:\Users\Conni\Desktop\Battle.net.lnk
2014-09-10 14:18 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 14:18 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 14:18 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 14:17 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 14:17 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 14:17 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 14:17 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 14:17 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 14:17 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 14:17 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 14:17 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 14:17 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 14:17 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 14:17 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 14:17 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 14:17 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 14:17 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 14:17 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 14:17 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 14:17 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 14:17 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 14:17 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 14:17 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 14:17 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 14:17 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 14:17 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 14:17 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 14:17 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 14:17 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 14:17 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 14:17 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 14:17 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 14:17 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 14:17 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 14:17 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 14:17 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 14:17 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 14:17 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 14:17 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 14:17 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 14:17 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 14:17 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 14:17 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 14:17 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 14:17 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 14:17 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 14:17 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 14:17 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 14:17 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 14:17 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 14:17 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 14:17 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 14:17 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 14:17 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 14:17 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 14:17 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 14:12 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 14:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 10:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 10:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:38 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 10:38 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 10:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 10:38 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 10:38 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 10:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 10:37 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 10:37 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 21:22 - 2014-09-09 21:23 - 105139071 _____ () C:\Users\Conni\Desktop\Sphax PureBDcraft 512x MC18.zip
2014-09-09 16:07 - 2014-09-21 12:41 - 00000000 ____D () C:\FRST
2014-09-09 16:07 - 2014-09-09 16:08 - 00035793 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-09-09 16:07 - 2014-09-09 16:08 - 00035516 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-09-09 16:06 - 2014-09-21 12:41 - 02105856 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java
2014-09-08 15:08 - 2014-09-10 22:02 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft
2014-09-08 15:00 - 2014-09-11 02:06 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype
2014-09-08 14:47 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy
2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk
2014-09-07 11:04 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-07 11:04 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-07 11:04 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur
2014-08-23 18:59 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 18:59 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 18:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 18:59 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 18:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 18:59 - 2014-05-14 18:17 - 00000000 _____ () C:\Windows\SysWOW64\wudriver.dll
2014-08-23 18:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 18:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 18:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 18:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 12:42 - 2014-09-21 12:41 - 00007319 _____ () C:\Users\Sebastian\Desktop\FRST.txt
2014-09-21 12:42 - 2014-04-23 18:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 12:42 - 2014-03-20 20:15 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000UA.job
2014-09-21 12:41 - 2014-09-21 12:41 - 00000000 ____D () C:\Users\Sebastian\Desktop\FRST-OlderVersion
2014-09-21 12:41 - 2014-09-09 16:07 - 00000000 ____D () C:\FRST
2014-09-21 12:41 - 2014-09-09 16:06 - 02105856 _____ (Farbar) C:\Users\Sebastian\Desktop\FRST64.exe
2014-09-21 12:40 - 2014-09-21 12:40 - 00000913 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-09-21 12:35 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 12:35 - 2009-07-14 06:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 12:30 - 2014-09-21 12:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 12:29 - 2014-09-21 12:26 - 00003166 _____ () C:\Users\Sebastian\Desktop\AdwCleaner.txt
2014-09-21 12:28 - 2014-03-20 22:15 - 00188874 _____ () C:\Windows\PFRO.log
2014-09-21 12:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 12:28 - 2009-07-14 06:51 - 00084410 _____ () C:\Windows\setupact.log
2014-09-21 12:27 - 2014-09-21 12:21 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:27 - 2014-03-20 19:07 - 01350749 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 12:21 - 2014-06-07 16:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\LogMeIn Hamachi
2014-09-21 12:20 - 2014-09-21 12:20 - 00001375 _____ () C:\Users\Sebastian\Desktop\mbam.txt
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\Sebastian\Desktop\AdwCleaner_3.310.exe
2014-09-21 12:10 - 2014-09-21 12:10 - 01027006 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-09-21 12:09 - 2014-08-14 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 02:10 - 2014-03-20 21:00 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-09-20 19:09 - 2014-09-20 19:09 - 00012796 _____ () C:\ComboFix.txt
2014-09-20 19:09 - 2014-09-20 12:02 - 00000000 ____D () C:\Qoobox
2014-09-20 19:08 - 2014-09-20 12:01 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 19:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-20 19:03 - 2014-03-21 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-20 18:52 - 2014-03-20 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-20 14:54 - 2014-03-20 21:32 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-09-20 13:45 - 2014-04-16 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 12:06 - 2014-05-27 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-20 12:03 - 2014-09-20 12:03 - 00001427 _____ () C:\Users\Sebastian\Desktop\ComboFix - Verknüpfung.lnk
2014-09-20 12:01 - 2014-09-20 12:00 - 05578824 ____R (Swearware) C:\Users\Sebastian\Downloads\ComboFix.exe
2014-09-20 11:42 - 2014-03-20 20:14 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532947452-1858761559-3390100972-1000Core.job
2014-09-19 13:24 - 2014-07-30 21:12 - 00000000 ____D () C:\Users\Conni\AppData\Local\LogMeIn Hamachi
2014-09-18 23:12 - 2014-03-20 21:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 20:33 - 2014-07-22 11:06 - 00000000 ____D () C:\Users\Conni\AppData\Local\Battle.net
2014-09-17 20:19 - 2014-07-22 20:45 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\TS3Client
2014-09-17 17:05 - 2014-05-27 23:58 - 00000010 _____ () C:\Users\Sebastian\Desktop\hundred waters.txt
2014-09-17 15:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 11:55 - 2014-09-15 11:55 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sebastian\Downloads\tdsskiller.exe
2014-09-13 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 20:26 - 2014-03-20 21:31 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-12 18:41 - 2014-07-20 11:00 - 00000000 ____D () C:\Users\Conni
2014-09-11 23:50 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Origin
2014-09-11 23:49 - 2014-09-11 23:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-11 23:49 - 2014-09-11 23:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-11 23:47 - 2014-09-11 23:47 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-11 23:46 - 2014-09-11 23:46 - 17088592 _____ (Electronic Arts, Inc.) C:\Users\Sebastian\Downloads\OriginThinSetup.exe
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Thunderbird
2014-09-11 10:32 - 2014-09-11 10:32 - 00000000 ____D () C:\Users\Conni\AppData\Local\Thunderbird
2014-09-11 09:52 - 2014-09-11 09:52 - 00001291 _____ () C:\Users\Conni\Desktop\Battle.net.lnk
2014-09-11 02:06 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\Skype
2014-09-10 22:02 - 2014-09-08 15:08 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\.minecraft
2014-09-10 14:17 - 2014-03-21 04:01 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-10 14:17 - 2014-03-21 04:01 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-10 14:17 - 2014-03-20 20:38 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 14:16 - 2014-04-04 16:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 14:16 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 14:12 - 2014-04-04 16:21 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:11 - 2014-05-06 13:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 21:27 - 2014-03-20 20:06 - 00000000 ____D () C:\Program Files (x86)\Diablo 3
2014-09-09 21:23 - 2014-09-09 21:22 - 105139071 _____ () C:\Users\Conni\Desktop\Sphax PureBDcraft 512x MC18.zip
2014-09-09 21:16 - 2014-05-02 15:22 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft
2014-09-09 20:44 - 2014-04-28 15:47 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-09-09 16:08 - 2014-09-09 16:07 - 00035793 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-09-09 16:08 - 2014-09-09 16:07 - 00035516 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-09-08 22:10 - 2014-04-15 12:44 - 00000000 ____D () C:\Program Files (x86)\League of Legends
2014-09-08 15:09 - 2014-09-08 15:09 - 00000000 ____D () C:\Users\Conni\AppData\Roaming\java
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Users\Conni\AppData\Local\Skype
2014-09-08 14:51 - 2014-09-08 14:47 - 00000000 ____D () C:\Users\Conni\Desktop\conni handy
2014-09-08 12:40 - 2014-09-08 12:40 - 00002141 _____ () C:\Users\Conni\Desktop\Skype.lnk
2014-09-08 12:39 - 2009-07-14 06:45 - 00315352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-07 10:54 - 2014-09-07 10:54 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-05 04:10 - 2014-09-10 10:37 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 10:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-26 20:20 - 2014-07-19 20:09 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-25 18:56 - 2014-05-04 15:11 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-25 06:53 - 2014-03-20 19:22 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-25 00:06 - 2014-08-25 00:06 - 00000000 ____D () C:\8d6dfd61e5fb00d79b8a15c27a11
2014-08-25 00:05 - 2014-08-25 00:05 - 00000000 ____D () C:\Windows\CheckSur
2014-08-23 04:07 - 2014-09-07 11:04 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-07 11:04 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-07 11:04 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 22:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Kannst du mir noch ein gutes Antivirenprogramm empfehlen.
Möglichst kostenlos, da ich Student bin und nicht so viel Kohle hab.

Alt 22.09.2014, 08:42   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Unsichtbares Internetexplorerfenster - Standard

Unsichtbares Internetexplorerfenster



Wenn es unbedingt kostenlos sein muss, Avast oder MSE. Ich empfehle immer Emsisoft.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Unsichtbares Internetexplorerfenster
compu, computer, einfach, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode 0xe0434352, hintergrund, inter, interne, kurzem, nicht mehr, pup.optional.dvdvideosofttb.a, virus, virus?, überhaupt, öffnet




Zum Thema Unsichtbares Internetexplorerfenster - Hey, seit kurzem öffnet sich im Hintergrund ein Iexplorerfenster im Hintergrund, das ich sehen kann wenn ich den Computer herunterfahre. Anfangs hat dieses Fenster noch mit mir geredet und nur - Unsichtbares Internetexplorerfenster...
Archiv
Du betrachtest: Unsichtbares Internetexplorerfenster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.