Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.01.2015, 18:42   #1
tcg
 
Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Guten Abend,

Der befallene Rechner zeigte folgende Symptome:
Als ich gerufen wurde, war es nicht möglich Programme zu starten.
Es stand von AVast eine Meldung auf dem Bildschirm, dass verschiedene Programme in Quarantäne verschoben worden seien. Eingaben in AVAST waren jedoch möglich, ferner war zuvor ein Update der Virusdefinitionen durchgeführt. Allerdings war die Programmversion veraltet. Ein Update des AV Programmes war jedoch möglich. Nach dem Update liess sich der Rechner wieder starten.
Ein darauf folgender Scan des Systems ergab kein Ergebnis.
Jedoch war die Prozessorlast lt Taskmanager sehr hoch, der Hauptspeicher voll.
Beim Windowsstart öffnete sich ein Fenster - irgendwas wollte eine Meldung machen... wie das genau lautete, weiss ich allerdings nicht mehr.

Daher habe ich Spybot Search&Destroy ausgeführt, bei dem ein Problem gemeldet wurde, das ich versuchte automatisch lösen zu lassen.

Danach schien für's erste das Problem erledigt zu sein, bis beim Useranmeldescreen von Windows plötzlich eine Stimme ertönte, die aus einer Radiosendung zu stammen schien. Eine deutschsprachige Stimme, die etwas von Songcontest babbelte, nach einigen Sekunden war der Spuk erstmal wieder vorbei.

Bei manchem Neustart blieb die Prozessorlast unten, bei manchen Programmstart ging sie hoch.

Nach Aufruf von Programmen ging die Prozessorlast überproportional hoch, die ausgeführten Programme wurden sehr langsam ausgeführt und der Hauptspeicher wurde immer voller.

Ich habe versucht von AVAST ein Logfile zu finden und vermutete es in der APP-Data bei unser, der Inhalt ist aber so gut wie nix:
Code:
ATTFilter
[0113/141835:ERROR:ipc_channel_win.cc(132)] pipe error: 109
[0113/155221:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/162928:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/174410:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/180035:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/192725:ERROR:ipc_channel_win.cc(132)] pipe error: 109
         
die Datei wurde aber offensichtlich von AVAST überschrieben, denn es steht das aktuelle datum mit Uhrzeit als Dateidatum dabei.

Von Spybot habe ich keine Logdatei gefunden.


FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Dominik (administrator) on TROLLINGSARUMAN on 14-01-2015 18:06:53
Running from C:\Users\Dominik\Desktop
Loaded Profile: Dominik (Available profiles: Dominik & TogetherCrazyGaming)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\002\fpvoixdaog32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Holland - Verknüpfung.lnk
ShortcutTarget: Holland - Verknüpfung.lnk ->  (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files\Flowsurf\FlowSurf.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml
FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03]
FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31]
FF HKLM\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (FlowSurf) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-04-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 fpvoixdaog32; C:\Program Files\002\fpvoixdaog32.exe [541696 2014-04-19] () [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X]
S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 18:06 - 2015-01-14 18:09 - 00019702 _____ () C:\Users\Dominik\Desktop\FRST.txt
2015-01-14 18:06 - 2015-01-14 18:07 - 00000000 ____D () C:\FRST
2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log
2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable
2015-01-14 17:52 - 2015-01-14 17:52 - 01115648 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe
2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log
2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP
2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp
2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log
2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log
2015-01-13 12:57 - 2015-01-14 16:33 - 00000112 _____ () C:\ProgramData\q485uB3.dat
2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log
2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log
2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log
2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log
2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log
2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup
2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps
2015-01-11 12:12 - 2015-01-11 12:12 - 00039561 _____ () C:\Windows\wininit.ini
2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe
2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log
2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log
2015-01-10 13:37 - 2015-01-10 13:41 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Compatibility Verifier
2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log
2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log
2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 22:35 - 2015-01-09 22:49 - 00000000 ____D () C:\Users\Dominik\AppData\Local\FreeFixer
2015-01-09 22:35 - 2015-01-09 22:35 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\FreeFixer
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 22:25 - 2015-01-14 17:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 22:25 - 2015-01-14 17:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip
2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip
2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip
2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip
2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server
2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 15:44 - 2014-12-15 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 15:44 - 2014-12-15 15:44 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 18:06 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:06 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik
2015-01-14 17:56 - 2012-12-31 16:02 - 01947040 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 17:42 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 17:42 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi
2015-01-14 17:41 - 2009-07-14 05:39 - 00213554 _____ () C:\Windows\setupact.log
2015-01-14 17:40 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 17:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 17:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net
2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client
2015-01-14 16:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player
2015-01-11 12:17 - 2013-01-01 13:03 - 00412990 _____ () C:\Windows\PFRO.log
2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS
2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-09 22:36 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik
2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf
2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft
2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III
2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele
2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet
2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird
2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-15 08:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:
====================
C:\ProgramData\q485uB3.dat


Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\_is9C45.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-07 19:22

==================== End Of Log ============================
         
addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Dominik at 2015-01-14 18:11:17
Running from C:\Users\Dominik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANNO 1404 - Königsedition (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 2070 (HKLM\...\Steam App 48240) (Version:  - BlueByte)
Artweaver Free 3.1 (HKLM\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.1 - Boris Eyrich Software)
Assassin’s Creed Unity (HKLM\...\Steam App 289650) (Version:  - Ubisoft)
Assassin's Creed Brotherhood (HKLM\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations 1.03 (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Assassin's Creed(R) III v1.02 (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bastion (HKLM\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BurnAware Free 7.2 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
Cthulhu Saves the World  (HKLM\...\Steam App 107310) (Version:  - Zeboyd Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Deponia (HKLM\...\Steam App 214340) (Version:  - Daedalic Entertainment)
Diablo II (HKLM\...\Diablo II) (Version:  - Blizzard Entertainment)
Die Siedler 7 (HKLM\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler IV (HKLM\...\S4Uninst) (Version:  - )
Dungeon Defenders (HKLM\...\Steam App 65800) (Version:  - )
DVCCap v6.0.1.115 (HKLM\...\DVCCap_is1) (Version:  - Paul Yux & AMT STUDIO 717)
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Game Character Hub (HKLM\...\Steam App 292230) (Version:  - Sebastien Bini)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM\...\Steam App 251870) (Version:  - OVERDRIVE)
God Mode (HKLM\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version:  - Rockstar North)
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Newerth (HKLM\...\hon) (Version: 2.3.0 - S2 Games)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
King's Bounty: Armored Princess (HKLM\...\Steam App 3170) (Version:  - Katauri Interactive)
King's Bounty: The Legend (HKLM\...\Steam App 25900) (Version:  - 1C Company)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Long Live The Queen (Demo) 1.0 (HKLM\...\Long Live The Queen_is1) (Version:  - Hanako Games)
Magic 2014  (HKLM\...\Steam App 213850) (Version:  - Stainless Games)
Magical Diary Demo (HKLM\...\Steam App 212140) (Version:  - Hanako Games)
Magicka (HKLM\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Magicka: Wizard Wars (HKLM\...\Steam App 202090) (Version:  - Paradox North)
Magicka: Wizards of the Square Tablet (HKLM\...\Steam App 247580) (Version:  - Ludosity)
MAGIX Screenshare (HKLM\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{58503E1E-09E6-400C-A44C-3822D7559794}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe MX Premium Download-Version (HKLM\...\MAGIX_MSI_Videodeluxe18_premium) (Version: 11.0.1.4 - MAGIX AG)
MAGIX Video deluxe MX Premium Download-Version (Version: 11.0.1.4 - MAGIX AG) Hidden
Metro 2033 (HKLM\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 34.0 (x86 de) (HKLM\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Napster 5 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.65 - Rhapsody International, Inc)
Napster 5 Beta (Version: 1.0.65 - Rhapsody International, Inc) Hidden
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM\...\Overwolf) (Version: 0.82.103.0 - Overwolf Ltd.)
Pinball FX2 (HKLM\...\Steam App 226980) (Version:  - )
Pinnacle Systems USB-2 Device Drivers (HKLM\...\{9870C7AE-7C6A-478D-9A75-35827382220F}) (Version: 2.00.0014 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Retro City Rampage™ (HKLM\...\Steam App 204630) (Version:  - Vblank Entertainment, Inc.)
rFactor2 (HKLM\...\rFactor2) (Version:  - )
Rise of Nations: Extended Edition (HKLM\...\Steam App 287450) (Version:  - SkyBox Labs)
Risen (HKLM\...\Steam App 40300) (Version:  - Piranha – Bytes )
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
RPG Maker VX Ace (HKLM\...\Steam App 220700) (Version:  - Enterbrain)
RPG Tycoon (HKLM\...\Steam App 314240) (Version:  - Skatanic Studios)
Sacred Citadel (HKLM\...\Steam App 207930) (Version:  - Southend)
Saints Row IV (HKLM\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version:  - Volition)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skyborn (HKLM\...\Steam App 278460) (Version:  - Dancing Dragon Games)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Trek Online (HKLM\...\Steam App 9900) (Version:  - Cryptic Studios)
StarCraft II (HKLM\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - )
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls III: Morrowind (HKLM\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Mighty Quest For Epic Loot (HKLM\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Mighty Quest For Epic Loot Version 1.231911 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.231911 - )
Thief - Deadly Shadows Demo (HKLM\...\{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}) (Version: 1.0 - )
Thief (HKLM\...\Steam App 239160) (Version:  - Eidos-Montréal)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
To the Moon (HKLM\...\Steam App 206440) (Version:  - Freebird Games)
Tom Clancy's Splinter Cell Blacklist (HKLM\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)
Trine (HKLM\...\Steam App 35700) (Version:  - Frozenbyte)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity (HKLM\...\Unity) (Version: 4.6.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.8 - Ubisoft)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Visual Pinball (HKLM\...\{B36C4994-A563-4339-8754-CCCE51314A4C}) (Version: 0.0.4.1226 - Randy Davis)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Warcraft III (HKLM\...\Warcraft III) (Version:  - Blizzard Entertainment)
Winamp (HKLM\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Armageddon (HKLM\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version:  - Firaxis Games)
YTD Video Downloader 4.8.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.4 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\Dominik\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe N (the data entry has 6 more characters).

==================== Restore Points  =========================

31-12-2014 20:34:26 Windows Update
06-01-2015 13:43:35 Windows Update
09-01-2015 14:54:02 Windows Update
09-01-2015 22:26:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:05:32 avast! antivirus system restore point
09-01-2015 23:09:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 13:39:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 10:48:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 13:06:51 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 13:43:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 13:11:26 Windows Update
14-01-2015 17:18:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-11 12:54 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0768A1E0-41CE-4643-85AD-1897F77A120A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {08A72CAE-6D23-45FE-A3EC-BFA13BBC906F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software)
Task: {204987F5-B8E0-4E72-B84F-9643F258CA16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {56EE9C2F-1A20-4C42-A060-1831B86118F0} - System32\Tasks\{88C6F5F5-D66E-4456-B7C6-5EF147235624} => pcalua.exe -a "C:\Users\Dominik\Downloads\Stormblade Downloader.exe" -d C:\Users\Dominik\Downloads
Task: {5B1D0D1B-ECF4-4CCA-BA23-E6FA39C4124E} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: {8120F440-FB53-4E47-8369-E2EA6DDD563B} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8635CD0C-761A-49DE-A267-817A203A1F4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {A75CD619-D881-4C5E-AD61-1AE83CAEBF6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-12-29] (Overwolf LTD)
Task: {B30D3AC0-6A9A-4CF8-A15F-BDFD9FEEA06C} - System32\Tasks\{E64B25C8-2FFF-40AC-BCE4-043AEE38812E} => pcalua.exe -a c:\users\dominik\appdata\local\lollipop\lollipop_04192128.bat
Task: {B8A287EB-3876-4EDB-8526-2994F63AC4C1} - System32\Tasks\fsupdate => C:\Program <==== ATTENTION
Task: {D464CBEB-AF6F-4A87-A11B-EBFBB09E99F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {DA5663E5-7977-4356-AE17-01F32F8A7477} - System32\Tasks\{660B291F-42C2-49CA-AFEC-831BB43B7AB2} => pcalua.exe -a D:\setup.exe -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-14 16:27 - 2015-01-14 16:27 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011400\algo.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-04-19 04:09 - 2014-04-19 04:09 - 00541696 _____ () C:\Program Files\002\fpvoixdaog32.exe
2015-01-11 11:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-11 11:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-11 11:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-11 11:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-11 11:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-09 22:25 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2012-12-31 17:08 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2012-12-31 17:08 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2012-12-31 17:08 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2012-12-31 17:08 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2013-09-15 08:58 - 2014-05-20 01:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-28 19:34 - 2014-07-28 19:34 - 00719128 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:37 - 2014-07-28 19:37 - 00850712 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:34 - 2014-07-28 19:34 - 00049432 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:37 - 2014-07-28 19:37 - 00249112 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-02 09:40 - 2014-12-02 09:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-09 22:25 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-09 22:25 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Verifies and fixes application compatibility issues => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3362981809-2306697286-120240772-500 - Administrator - Disabled)
Dominik (S-1-5-21-3362981809-2306697286-120240772-1001 - Administrator - Enabled) => C:\Users\Dominik
Gast (S-1-5-21-3362981809-2306697286-120240772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3362981809-2306697286-120240772-1002 - Limited - Enabled)
TogetherCrazyGaming (S-1-5-21-3362981809-2306697286-120240772-1062 - Limited - Enabled) => C:\Users\TogetherCrazyGaming

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2015 05:23:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.


Vorgang:
   Für die Sicherung initialisieren

Error: (01/14/2015 05:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x968
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/14/2015 04:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c40d
ID des fehlerhaften Prozesses: 0x1a84
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/14/2015 04:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x19c8
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/13/2015 04:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0xff4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/13/2015 04:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x158c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/13/2015 04:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0xda8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/13/2015 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x1844
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/13/2015 02:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x4f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/13/2015 02:24:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3


System errors:
=============
Error: (01/14/2015 05:49:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (01/14/2015 05:09:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 10:35:57 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000001 (0x8366e017, 0x00000000, 0x0000ffff, 0x00000000)C:\Windows\MEMORY.DMP011315-31875-01

Error: (01/13/2015 10:35:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎13.‎01.‎2015 um 22:34:14 unerwartet heruntergefahren.

Error: (01/13/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/13/2015 04:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 04:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/13/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (01/13/2015 03:51:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (01/14/2015 05:23:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, Der Computer wird heruntergefahren.


Vorgang:
   Für die Sicherung initialisieren

Error: (01/14/2015 05:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e496801d0300e8ea3d58cC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllb5569ba7-9c07-11e4-a0ef-0024211da932

Error: (01/14/2015 04:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124kernel32.dll6.1.7601.18409531599f5c00000050004c40d1a8401d030102c75d9feC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Windows\system32\kernel32.dll0ada249d-9c04-11e4-a0ef-0024211da932

Error: (01/14/2015 04:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c00000050000000019c801d030102322d5a3C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownfca5d00a-9c03-11e4-a0ef-0024211da932

Error: (01/13/2015 04:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4ff401d02f45abc56640C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll8e92db19-9b3b-11e4-9904-0024211da932

Error: (01/13/2015 04:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4158c01d02f41d62d226aC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllbdb2ae14-9b38-11e4-9904-0024211da932

Error: (01/13/2015 04:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4da801d02f405f9e196bC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlle6811482-9b34-11e4-9904-0024211da932

Error: (01/13/2015 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4184401d02f3652e5acfaC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll17b6e725-9b2e-11e4-af94-0024211da932

Error: (01/13/2015 02:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e44f401d02f348867c31dC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll4ca149e2-9b29-11e4-af94-0024211da932

Error: (01/13/2015 02:24:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e494801d02f331a7bc2e6C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll8134f4de-9b27-11e4-af94-0024211da932


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 82%
Total physical RAM: 3071.18 MB
Available physical RAM: 522.23 MB
Total Pagefile: 5117.47 MB
Available Pagefile: 2029.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:102.1 GB) NTFS
Drive s: (Volume) (Fixed) (Total:1862.89 GB) (Free:869.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 80E52B34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
gmer.log
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-14 18:43:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB
Running: rz1b2ley.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\fwryrkog.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwAddBootEntry [0x910B5AC4]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwAllocateVirtualMemory [0x911710BA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwAssignProcessToJobObject [0x910B65A2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateEvent [0x910C263C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateEventPair [0x910C2688]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateIoCompletion [0x910C2822]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateMutant [0x910C25AA]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwCreateSection [0x91171494]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateSemaphore [0x910C25F2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwCreateThread [0x91171724]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwCreateThreadEx [0x9117180E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateTimer [0x910C27DC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDebugActiveProcess [0x910B7390]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDeleteBootEntry [0x910B5B2A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDuplicateObject [0x910BAB86]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwLoadDriver [0x910B5716]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwMapViewOfSection [0x91171574]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwModifyBootEntry [0x910B5B90]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwNotifyChangeKey [0x910BAF7C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwNotifyChangeMultipleKeys [0x910B7E78]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenEvent [0x910C2666]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenEventPair [0x910C26AA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenIoCompletion [0x910C2846]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenMutant [0x910C25D0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenProcess [0x910BA47E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenSection [0x910C275A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenSemaphore [0x910C261A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenThread [0x910BA86A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenTimer [0x910C2800]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwProtectVirtualMemory [0x91171312]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwQueryObject [0x910B7CEC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwQueueApcThreadEx [0x910B79FA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetBootEntryOrder [0x910B5BF6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetBootOptions [0x910B5C5C]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwSetContextThread [0x91171670]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetSystemInformation [0x910B57B0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetSystemPowerState [0x910B5982]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwShutdownSystem [0x910B5910]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSuspendProcess [0x910B755A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSuspendThread [0x910B76BC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSystemDebugControl [0x910B5A0A]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwTerminateProcess [0x911713E0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwTerminateThread [0x910B71EA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwVdmControl [0x910B5CC2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwWriteVirtualMemory [0x91171244]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRequestWaitReplyPort + 14A5                                                         83483A15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             834BD372 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                834C45C0 4 Bytes  [C4, 5A, 0B, 91] {LES EBX, [EDX+0xb]; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                834C45E8 4 Bytes  [BA, 10, 17, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                834C4648 4 Bytes  [A2, 65, 0B, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                834C469C 8 Bytes  [3C, 26, 0C, 91, 88, 26, 0C, ...] {CMP AL, 0x26; OR AL, 0x91; MOV [ESI], AH; OR AL, 0x91}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                834C46A8 4 Bytes  [22, 28, 0C, 91] {AND CH, [EAX]; OR AL, 0x91}
.text  ...                                                                                                
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                        8367F553 4 Bytes  CALL 910B855F \SystemRoot\system32\drivers\aswSnx.sys
PAGE   ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                       836993BB 4 Bytes  CALL 910B8575 \SystemRoot\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\AVAST Software\Avast\avastui.exe[1020] kernel32.dll!SetUnhandledExceptionFilter   75DAF5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter  75DAF5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                 
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@9850F976        1000

---- EOF - GMER 2.1 ----
         

Alt 14.01.2015, 18:49   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    YTD Video Downloader 4.8.4


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 15.01.2015, 15:26   #3
tcg
 
Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Das erste Logfile von mbar :
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Dominik :: TROLLINGSARUMAN [administrator]

14.01.2015 20:32:04
mbar-log-2015-01-14 (20-32-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 360551
Time elapsed: 56 minute(s), 5 second(s)

Memory Processes Detected: 1
C:\Program Files\002\fpvoixdaog32.exe (Trojan.Agent.SVR) -> 1336 -> Delete on reboot. [054c49aedfaa122492d3563947ba8779]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fpvoixdaog32 (Trojan.Agent.SVR) -> Delete on reboot. [054c49aedfaa122492d3563947ba8779]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\002\fpvoixdaog32.exe (Trojan.Agent.SVR) -> Delete on reboot. [054c49aedfaa122492d3563947ba8779]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
zweites Log nach reboot und Neustart:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Dominik :: TROLLINGSARUMAN [administrator]

14.01.2015 21:38:17
mbar-log-2015-01-14 (21-38-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 360108
Time elapsed: 44 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
tdds-Killer liefert:

Code:
ATTFilter
16:11:29.0457 0x2b9c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
16:11:39.0427 0x2b9c  ============================================================
16:11:39.0427 0x2b9c  Current date / time: 2015/01/15 16:11:39.0427
16:11:39.0427 0x2b9c  SystemInfo:
16:11:39.0428 0x2b9c  
16:11:39.0428 0x2b9c  OS Version: 6.1.7601 ServicePack: 1.0
16:11:39.0428 0x2b9c  Product type: Workstation
16:11:39.0428 0x2b9c  ComputerName: TROLLINGSARUMAN
16:11:39.0428 0x2b9c  UserName: Dominik
16:11:39.0428 0x2b9c  Windows directory: C:\Windows
16:11:39.0428 0x2b9c  System windows directory: C:\Windows
16:11:39.0428 0x2b9c  Processor architecture: Intel x86
16:11:39.0428 0x2b9c  Number of processors: 2
16:11:39.0428 0x2b9c  Page size: 0x1000
16:11:39.0428 0x2b9c  Boot type: Normal boot
16:11:39.0428 0x2b9c  ============================================================
16:11:41.0112 0x2b9c  KLMD registered as C:\Windows\system32\drivers\21562139.sys
16:11:41.0479 0x2b9c  System UUID: {719F7C7D-2762-CE05-CA3C-FB3A43CD2285}
16:11:41.0919 0x2b9c  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:11:41.0940 0x2b9c  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:11:41.0979 0x2b9c  ============================================================
16:11:41.0979 0x2b9c  \Device\Harddisk1\DR1:
16:11:41.0984 0x2b9c  MBR partitions:
16:11:41.0984 0x2b9c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:11:41.0984 0x2b9c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
16:11:41.0984 0x2b9c  \Device\Harddisk0\DR0:
16:11:41.0990 0x2b9c  GPT partitions:
16:11:42.0000 0x2b9c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {2FE5A3E1-4BE2-4564-B71E-382C0F3E49CD}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
16:11:42.0000 0x2b9c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AB6A2DCC-B849-4C12-A585-43F078370A64}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
16:11:42.0000 0x2b9c  MBR partitions:
16:11:42.0000 0x2b9c  ============================================================
16:11:42.0037 0x2b9c  C: <-> \Device\Harddisk1\DR1\Partition2
16:11:42.0075 0x2b9c  S: <-> \Device\Harddisk0\DR0\Partition2
16:11:42.0089 0x2b9c  ============================================================
16:11:42.0089 0x2b9c  Initialize success
16:11:42.0089 0x2b9c  ============================================================
16:12:34.0280 0x2c60  ============================================================
16:12:34.0280 0x2c60  Scan started
16:12:34.0280 0x2c60  Mode: Manual; SigCheck; TDLFS; 
16:12:34.0280 0x2c60  ============================================================
16:12:34.0280 0x2c60  KSN ping started
16:12:48.0078 0x2c60  KSN ping finished: true
16:12:50.0018 0x2c60  ================ Scan system memory ========================
16:12:50.0018 0x2c60  System memory - ok
16:12:50.0020 0x2c60  ================ Scan services =============================
16:12:50.0164 0x2c60  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:12:50.0286 0x2c60  1394ohci - ok
16:12:50.0336 0x2c60  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:12:50.0354 0x2c60  ACPI - ok
16:12:50.0405 0x2c60  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:12:50.0452 0x2c60  AcpiPmi - ok
16:12:50.0601 0x2c60  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:12:50.0612 0x2c60  AdobeARMservice - ok
16:12:50.0657 0x2c60  [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:12:50.0668 0x2c60  AdobeFlashPlayerUpdateSvc - ok
16:12:50.0713 0x2c60  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:12:50.0741 0x2c60  adp94xx - ok
16:12:50.0763 0x2c60  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:12:50.0790 0x2c60  adpahci - ok
16:12:50.0808 0x2c60  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:12:50.0821 0x2c60  adpu320 - ok
16:12:50.0839 0x2c60  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:12:51.0022 0x2c60  AeLookupSvc - ok
16:12:51.0090 0x2c60  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
16:12:51.0173 0x2c60  AFD - ok
16:12:51.0216 0x2c60  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:12:51.0227 0x2c60  agp440 - ok
16:12:51.0264 0x2c60  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:12:51.0275 0x2c60  aic78xx - ok
16:12:51.0310 0x2c60  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
16:12:51.0349 0x2c60  ALG - ok
16:12:51.0395 0x2c60  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:12:51.0405 0x2c60  aliide - ok
16:12:51.0446 0x2c60  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:12:51.0456 0x2c60  amdagp - ok
16:12:51.0494 0x2c60  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:12:51.0502 0x2c60  amdide - ok
16:12:51.0523 0x2c60  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:12:51.0548 0x2c60  AmdK8 - ok
16:12:51.0573 0x2c60  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:12:51.0600 0x2c60  AmdPPM - ok
16:12:51.0646 0x2c60  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:12:51.0657 0x2c60  amdsata - ok
16:12:51.0672 0x2c60  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:12:51.0686 0x2c60  amdsbs - ok
16:12:51.0701 0x2c60  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:12:51.0710 0x2c60  amdxata - ok
16:12:51.0762 0x2c60  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
16:12:51.0788 0x2c60  AppID - ok
16:12:51.0812 0x2c60  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:12:51.0868 0x2c60  AppIDSvc - ok
16:12:51.0934 0x2c60  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
16:12:51.0969 0x2c60  Appinfo - ok
16:12:51.0993 0x2c60  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:12:52.0005 0x2c60  arc - ok
16:12:52.0031 0x2c60  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:12:52.0041 0x2c60  arcsas - ok
16:12:52.0148 0x2c60  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:12:52.0185 0x2c60  aspnet_state - ok
16:12:52.0236 0x2c60  [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
16:12:52.0263 0x2c60  aswHwid - ok
16:12:52.0291 0x2c60  [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:12:52.0301 0x2c60  aswMonFlt - ok
16:12:52.0325 0x2c60  [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
16:12:52.0334 0x2c60  aswRdr - ok
16:12:52.0372 0x2c60  [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
16:12:52.0381 0x2c60  aswRvrt - ok
16:12:52.0445 0x2c60  [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:12:52.0483 0x2c60  aswSnx - ok
16:12:52.0549 0x2c60  [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:12:52.0576 0x2c60  aswSP - ok
16:12:52.0649 0x2c60  [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
16:12:52.0659 0x2c60  aswStm - ok
16:12:52.0695 0x2c60  [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
16:12:52.0710 0x2c60  aswVmm - ok
16:12:52.0738 0x2c60  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:52.0826 0x2c60  AsyncMac - ok
16:12:52.0878 0x2c60  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:12:52.0887 0x2c60  atapi - ok
16:12:52.0964 0x2c60  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:12:53.0080 0x2c60  AudioEndpointBuilder - ok
16:12:53.0093 0x2c60  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:12:53.0118 0x2c60  Audiosrv - ok
16:12:53.0191 0x2c60  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:12:53.0200 0x2c60  avast! Antivirus - ok
16:12:53.0453 0x2c60  [ 496208E0276BFAA171696D7EB38CCC01, B1E0914A2421DA91F9E6442B8BCDD6650D45801A091BC17531312E88E6A46369 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
16:12:53.0532 0x2c60  AvastVBoxSvc - ok
16:12:53.0600 0x2c60  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:12:53.0648 0x2c60  AxInstSV - ok
16:12:53.0694 0x2c60  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:12:53.0751 0x2c60  b06bdrv - ok
16:12:53.0781 0x2c60  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:12:53.0805 0x2c60  b57nd60x - ok
16:12:53.0839 0x2c60  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
16:12:53.0912 0x2c60  BDESVC - ok
16:12:53.0921 0x2c60  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:12:53.0973 0x2c60  Beep - ok
16:12:54.0054 0x2c60  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
16:12:54.0136 0x2c60  BFE - ok
16:12:54.0190 0x2c60  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
16:12:54.0339 0x2c60  BITS - ok
16:12:54.0378 0x2c60  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:54.0402 0x2c60  blbdrive - ok
16:12:54.0451 0x2c60  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:12:54.0495 0x2c60  bowser - ok
16:12:54.0512 0x2c60  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:12:54.0538 0x2c60  BrFiltLo - ok
16:12:54.0552 0x2c60  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:12:54.0597 0x2c60  BrFiltUp - ok
16:12:54.0643 0x2c60  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
16:12:54.0710 0x2c60  Browser - ok
16:12:54.0734 0x2c60  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:12:54.0792 0x2c60  Brserid - ok
16:12:54.0806 0x2c60  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:54.0853 0x2c60  BrSerWdm - ok
16:12:54.0871 0x2c60  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:54.0920 0x2c60  BrUsbMdm - ok
16:12:54.0953 0x2c60  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:54.0976 0x2c60  BrUsbSer - ok
16:12:54.0987 0x2c60  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:12:55.0018 0x2c60  BTHMODEM - ok
16:12:55.0047 0x2c60  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
16:12:55.0085 0x2c60  bthserv - ok
16:12:55.0124 0x2c60  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:12:55.0148 0x2c60  cdfs - ok
16:12:55.0206 0x2c60  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:12:55.0226 0x2c60  cdrom - ok
16:12:55.0288 0x2c60  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:12:55.0313 0x2c60  CertPropSvc - ok
16:12:55.0332 0x2c60  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:12:55.0345 0x2c60  circlass - ok
16:12:55.0369 0x2c60  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
16:12:55.0386 0x2c60  CLFS - ok
16:12:55.0455 0x2c60  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:55.0465 0x2c60  clr_optimization_v2.0.50727_32 - ok
16:12:55.0523 0x2c60  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:55.0602 0x2c60  clr_optimization_v4.0.30319_32 - ok
16:12:55.0636 0x2c60  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:12:55.0659 0x2c60  CmBatt - ok
16:12:55.0703 0x2c60  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:12:55.0712 0x2c60  cmdide - ok
16:12:55.0775 0x2c60  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:12:55.0805 0x2c60  CNG - ok
16:12:55.0820 0x2c60  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:12:55.0830 0x2c60  Compbatt - ok
16:12:55.0854 0x2c60  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:12:55.0867 0x2c60  CompositeBus - ok
16:12:55.0878 0x2c60  COMSysApp - ok
16:12:55.0902 0x2c60  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:12:55.0913 0x2c60  crcdisk - ok
16:12:55.0971 0x2c60  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:12:56.0044 0x2c60  CryptSvc - ok
16:12:56.0106 0x2c60  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:12:56.0151 0x2c60  DcomLaunch - ok
16:12:56.0179 0x2c60  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
16:12:56.0212 0x2c60  defragsvc - ok
16:12:56.0257 0x2c60  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:12:56.0286 0x2c60  DfsC - ok
16:12:56.0345 0x2c60  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:12:56.0423 0x2c60  Dhcp - ok
16:12:56.0449 0x2c60  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
16:12:56.0481 0x2c60  discache - ok
16:12:56.0504 0x2c60  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:12:56.0514 0x2c60  Disk - ok
16:12:56.0564 0x2c60  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:12:56.0600 0x2c60  Dnscache - ok
16:12:56.0653 0x2c60  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:12:56.0683 0x2c60  dot3svc - ok
16:12:56.0746 0x2c60  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
16:12:56.0791 0x2c60  DPS - ok
16:12:56.0847 0x2c60  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:12:56.0921 0x2c60  drmkaud - ok
16:12:56.0984 0x2c60  [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:12:57.0001 0x2c60  dtsoftbus01 - ok
16:12:57.0046 0x2c60  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:12:57.0083 0x2c60  DXGKrnl - ok
16:12:57.0118 0x2c60  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
16:12:57.0171 0x2c60  EapHost - ok
16:12:57.0213 0x2c60  [ 8F7FC5B1366E345159EF4CA0D7C67DC8, 432AE32E0D934877A4D58B4107AE955BBC5EE82A33B583F641B60FE74E90DA34 ] EasyAntiCheat   C:\Windows\system32\EasyAntiCheat.exe
16:12:57.0225 0x2c60  EasyAntiCheat - ok
16:12:57.0333 0x2c60  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:12:57.0458 0x2c60  ebdrv - ok
16:12:57.0508 0x2c60  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
16:12:57.0561 0x2c60  EFS - ok
16:12:57.0639 0x2c60  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:12:57.0699 0x2c60  ehRecvr - ok
16:12:57.0722 0x2c60  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
16:12:57.0751 0x2c60  ehSched - ok
16:12:57.0811 0x2c60  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:12:57.0845 0x2c60  elxstor - ok
16:12:57.0888 0x2c60  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:12:57.0907 0x2c60  ErrDev - ok
16:12:57.0982 0x2c60  [ 6B93B103242C3C30F850F53DBE39ED88, 8ABE54244D947499D6F72434126568C5BC5149CFD764A09454FB6B811233DBA5 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
16:12:57.0992 0x2c60  EuMusDesignVirtualAudioCableWdm - ok
16:12:58.0028 0x2c60  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
16:12:58.0084 0x2c60  EventSystem - ok
16:12:58.0103 0x2c60  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:12:58.0131 0x2c60  exfat - ok
16:12:58.0180 0x2c60  Fabs - ok
16:12:58.0197 0x2c60  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:12:58.0231 0x2c60  fastfat - ok
16:12:58.0300 0x2c60  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
16:12:58.0362 0x2c60  Fax - ok
16:12:58.0377 0x2c60  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:12:58.0389 0x2c60  fdc - ok
16:12:58.0407 0x2c60  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
16:12:58.0436 0x2c60  fdPHost - ok
16:12:58.0453 0x2c60  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:12:58.0490 0x2c60  FDResPub - ok
16:12:58.0511 0x2c60  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:12:58.0522 0x2c60  FileInfo - ok
16:12:58.0534 0x2c60  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:12:58.0575 0x2c60  Filetrace - ok
16:12:58.0666 0x2c60  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:12:58.0780 0x2c60  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
16:13:01.0236 0x2c60  Detect skipped due to KSN trusted
16:13:01.0237 0x2c60  FirebirdServerMAGIXInstance - ok
16:13:01.0256 0x2c60  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:01.0281 0x2c60  flpydisk - ok
16:13:01.0312 0x2c60  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:13:01.0326 0x2c60  FltMgr - ok
16:13:01.0401 0x2c60  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
16:13:01.0483 0x2c60  FontCache - ok
16:13:01.0524 0x2c60  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:13:01.0535 0x2c60  FontCache3.0.0.0 - ok
16:13:01.0625 0x2c60  [ 7DFF82ACDAB23414ABC2A95FEF8982F8, 9B2ACC7AA63085B4A571D084406FE48FE184243A1AF80C2492038CFF3737FEE5 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
16:13:01.0657 0x2c60  ForceWare Intelligent Application Manager (IAM) - ok
16:13:01.0677 0x2c60  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:13:01.0688 0x2c60  FsDepends - ok
16:13:01.0736 0x2c60  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:13:01.0746 0x2c60  Fs_Rec - ok
16:13:01.0797 0x2c60  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:13:01.0814 0x2c60  fvevol - ok
16:13:01.0833 0x2c60  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:01.0845 0x2c60  gagp30kx - ok
16:13:01.0907 0x2c60  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:13:01.0958 0x2c60  gpsvc - ok
16:13:02.0064 0x2c60  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:13:02.0073 0x2c60  gupdate - ok
16:13:02.0078 0x2c60  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:13:02.0085 0x2c60  gupdatem - ok
16:13:02.0139 0x2c60  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
16:13:02.0148 0x2c60  hamachi - ok
16:13:02.0263 0x2c60  [ FF3A98BBD9E5BC7F54C1E44B2CE2C0EA, 70FE64535E254AE22A9E0BFC7D0817FBD8161FB8CD7E15C6E54B3093A6BB0FB8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:13:02.0321 0x2c60  Hamachi2Svc - ok
16:13:02.0346 0x2c60  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:13:02.0392 0x2c60  hcw85cir - ok
16:13:02.0451 0x2c60  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:13:02.0501 0x2c60  HdAudAddService - ok
16:13:02.0539 0x2c60  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:13:02.0572 0x2c60  HDAudBus - ok
16:13:02.0603 0x2c60  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:02.0636 0x2c60  HidBatt - ok
16:13:02.0658 0x2c60  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:13:02.0678 0x2c60  HidBth - ok
16:13:02.0702 0x2c60  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:13:02.0730 0x2c60  HidIr - ok
16:13:02.0761 0x2c60  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
16:13:02.0784 0x2c60  hidserv - ok
16:13:02.0833 0x2c60  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:13:02.0915 0x2c60  HidUsb - ok
16:13:02.0964 0x2c60  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:13:02.0996 0x2c60  hkmsvc - ok
16:13:03.0013 0x2c60  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:13:03.0099 0x2c60  HomeGroupListener - ok
16:13:03.0141 0x2c60  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:13:03.0171 0x2c60  HomeGroupProvider - ok
16:13:03.0225 0x2c60  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:13:03.0236 0x2c60  HpSAMD - ok
16:13:03.0295 0x2c60  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:13:03.0331 0x2c60  HTTP - ok
16:13:03.0370 0x2c60  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:13:03.0380 0x2c60  hwpolicy - ok
16:13:03.0427 0x2c60  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:13:03.0439 0x2c60  i8042prt - ok
16:13:03.0458 0x2c60  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:13:03.0484 0x2c60  iaStorV - ok
16:13:03.0550 0x2c60  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:13:03.0602 0x2c60  idsvc - ok
16:13:03.0635 0x2c60  IEEtwCollectorService - ok
16:13:03.0654 0x2c60  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:13:03.0664 0x2c60  iirsp - ok
16:13:03.0722 0x2c60  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:13:03.0775 0x2c60  IKEEXT - ok
16:13:03.0918 0x2c60  [ 61A1FA7FCE7BC9B7B7D72AB5F59D7264, 362AC2D76A2FDE0AF519CA2994402951DD37AAF5C83E9DF35D884DE05BBE8915 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:13:04.0051 0x2c60  IntcAzAudAddService - ok
16:13:04.0103 0x2c60  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:13:04.0112 0x2c60  intelide - ok
16:13:04.0139 0x2c60  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:13:04.0164 0x2c60  intelppm - ok
16:13:04.0197 0x2c60  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:13:04.0238 0x2c60  IPBusEnum - ok
16:13:04.0257 0x2c60  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:04.0292 0x2c60  IpFilterDriver - ok
16:13:04.0368 0x2c60  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:13:04.0410 0x2c60  iphlpsvc - ok
16:13:04.0456 0x2c60  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:13:04.0488 0x2c60  IPMIDRV - ok
16:13:04.0521 0x2c60  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:13:04.0566 0x2c60  IPNAT - ok
16:13:04.0591 0x2c60  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:13:04.0604 0x2c60  IRENUM - ok
16:13:04.0644 0x2c60  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:13:04.0654 0x2c60  isapnp - ok
16:13:04.0705 0x2c60  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:13:04.0731 0x2c60  iScsiPrt - ok
16:13:04.0790 0x2c60  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:04.0802 0x2c60  kbdclass - ok
16:13:04.0819 0x2c60  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:04.0839 0x2c60  kbdhid - ok
16:13:04.0850 0x2c60  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
16:13:04.0863 0x2c60  KeyIso - ok
16:13:04.0907 0x2c60  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:13:04.0917 0x2c60  KSecDD - ok
16:13:04.0980 0x2c60  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:13:04.0996 0x2c60  KSecPkg - ok
16:13:05.0022 0x2c60  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:13:05.0090 0x2c60  KtmRm - ok
16:13:05.0122 0x2c60  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:13:05.0190 0x2c60  LanmanServer - ok
16:13:05.0240 0x2c60  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:13:05.0274 0x2c60  LanmanWorkstation - ok
16:13:05.0323 0x2c60  [ 170E7093A77AD586F3A012A3DB651D94, 43A7C3BFBEC8FB255AB2B77C2A9705777EF6607F6BF0E8F2664766116EAAD536 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
16:13:05.0331 0x2c60  LGBusEnum - ok
16:13:05.0398 0x2c60  [ 441669A8B37CF858AA91B0A5DFA4B721, 71301D4401984BFD479E304BF87E840991061AD1F752D627F064645CB243854C ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:13:05.0407 0x2c60  LGSHidFilt - ok
16:13:05.0427 0x2c60  [ D2DD04D1C8DF65EECD1F2C7FB947D43E, 980FCE188FCB57C8F210A4905D345D2D6D32545EFE673BE51B3D3AE18084243B ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:13:05.0435 0x2c60  LGVirHid - ok
16:13:05.0473 0x2c60  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:13:05.0494 0x2c60  lltdio - ok
16:13:05.0529 0x2c60  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:13:05.0571 0x2c60  lltdsvc - ok
16:13:05.0583 0x2c60  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:13:05.0613 0x2c60  lmhosts - ok
16:13:05.0691 0x2c60  [ 95D5EDEEB8E98D2996C9ADBFB4EA1ABC, A6EE56B600C6E796390402C80F335475E9F2A36541BA4C1C33D00023DCEE9B3D ] LMIGuardianSvc  C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
16:13:05.0705 0x2c60  LMIGuardianSvc - ok
16:13:05.0735 0x2c60  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:05.0747 0x2c60  LSI_FC - ok
16:13:05.0776 0x2c60  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:05.0787 0x2c60  LSI_SAS - ok
16:13:05.0804 0x2c60  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:05.0814 0x2c60  LSI_SAS2 - ok
16:13:05.0831 0x2c60  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:05.0841 0x2c60  LSI_SCSI - ok
16:13:05.0855 0x2c60  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:13:05.0879 0x2c60  luafv - ok
16:13:05.0957 0x2c60  [ A3E700D78EEC390F1208098CDCA5C6B6, 37D92D4AF24C43B4C468974CBBD55B6DF3AB92780560285039A0B078E566985A ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus.sys
16:13:05.0987 0x2c60  MarvinBus - ok
16:13:06.0026 0x2c60  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:13:06.0040 0x2c60  Mcx2Svc - ok
16:13:06.0048 0x2c60  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:13:06.0059 0x2c60  megasas - ok
16:13:06.0093 0x2c60  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:06.0116 0x2c60  MegaSR - ok
16:13:06.0138 0x2c60  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
16:13:06.0165 0x2c60  MMCSS - ok
16:13:06.0177 0x2c60  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
16:13:06.0214 0x2c60  Modem - ok
16:13:06.0247 0x2c60  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:13:06.0314 0x2c60  monitor - ok
16:13:06.0373 0x2c60  [ A77205D70D14D153342D357DE5A4E770, 21919DE8FB86CDBF2C33F2CAD9F502A724E5B31F3A70333A651F4FB935ACF427 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
16:13:06.0445 0x2c60  MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
16:13:10.0347 0x2c60  Detect skipped due to KSN trusted
16:13:10.0347 0x2c60  MotioninJoyXFilter - ok
16:13:10.0393 0x2c60  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:13:10.0404 0x2c60  mouclass - ok
16:13:10.0422 0x2c60  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:13:10.0456 0x2c60  mouhid - ok
16:13:10.0486 0x2c60  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:13:10.0498 0x2c60  mountmgr - ok
16:13:10.0542 0x2c60  [ D1CB0BC1CBA61639FE7162C5476A22C0, 80469683BD18CE0B6E9D9BD3613A63896F3D50A783EFDC15CEA28560C151C6B9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:13:10.0554 0x2c60  MozillaMaintenance - ok
16:13:10.0587 0x2c60  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:13:10.0599 0x2c60  mpio - ok
16:13:10.0621 0x2c60  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:13:10.0648 0x2c60  mpsdrv - ok
16:13:10.0706 0x2c60  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:13:10.0775 0x2c60  MpsSvc - ok
16:13:10.0813 0x2c60  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:13:10.0868 0x2c60  MRxDAV - ok
16:13:10.0917 0x2c60  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:10.0985 0x2c60  mrxsmb - ok
16:13:11.0002 0x2c60  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:11.0028 0x2c60  mrxsmb10 - ok
16:13:11.0076 0x2c60  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:11.0094 0x2c60  mrxsmb20 - ok
16:13:11.0131 0x2c60  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:13:11.0141 0x2c60  msahci - ok
16:13:11.0159 0x2c60  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:13:11.0170 0x2c60  msdsm - ok
16:13:11.0204 0x2c60  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
16:13:11.0229 0x2c60  MSDTC - ok
16:13:11.0252 0x2c60  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:13:11.0276 0x2c60  Msfs - ok
16:13:11.0283 0x2c60  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:13:11.0303 0x2c60  mshidkmdf - ok
16:13:11.0352 0x2c60  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:13:11.0362 0x2c60  msisadrv - ok
16:13:11.0392 0x2c60  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:13:11.0424 0x2c60  MSiSCSI - ok
16:13:11.0427 0x2c60  msiserver - ok
16:13:11.0450 0x2c60  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:13:11.0477 0x2c60  MSKSSRV - ok
16:13:11.0489 0x2c60  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:11.0528 0x2c60  MSPCLOCK - ok
16:13:11.0548 0x2c60  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:13:11.0580 0x2c60  MSPQM - ok
16:13:11.0590 0x2c60  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:13:11.0603 0x2c60  MsRPC - ok
16:13:11.0648 0x2c60  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:13:11.0658 0x2c60  mssmbios - ok
16:13:11.0673 0x2c60  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:13:11.0693 0x2c60  MSTEE - ok
16:13:11.0706 0x2c60  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:11.0726 0x2c60  MTConfig - ok
16:13:11.0740 0x2c60  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:13:11.0750 0x2c60  Mup - ok
16:13:11.0856 0x2c60  musbehco - ok
16:13:11.0910 0x2c60  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
16:13:11.0973 0x2c60  napagent - ok
16:13:12.0018 0x2c60  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:13:12.0048 0x2c60  NativeWifiP - ok
16:13:12.0113 0x2c60  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:13:12.0150 0x2c60  NDIS - ok
16:13:12.0177 0x2c60  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:12.0209 0x2c60  NdisCap - ok
16:13:12.0222 0x2c60  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:12.0260 0x2c60  NdisTapi - ok
16:13:12.0286 0x2c60  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:12.0305 0x2c60  Ndisuio - ok
16:13:12.0351 0x2c60  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:12.0379 0x2c60  NdisWan - ok
16:13:12.0416 0x2c60  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:13:12.0446 0x2c60  NDProxy - ok
16:13:12.0457 0x2c60  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:13:12.0484 0x2c60  NetBIOS - ok
16:13:12.0537 0x2c60  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:13:12.0576 0x2c60  NetBT - ok
16:13:12.0607 0x2c60  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
16:13:12.0620 0x2c60  Netlogon - ok
16:13:12.0650 0x2c60  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
16:13:12.0697 0x2c60  Netman - ok
16:13:12.0806 0x2c60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:12.0851 0x2c60  NetMsmqActivator - ok
16:13:12.0856 0x2c60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:12.0869 0x2c60  NetPipeActivator - ok
16:13:12.0908 0x2c60  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
16:13:12.0966 0x2c60  netprofm - ok
16:13:12.0973 0x2c60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:12.0985 0x2c60  NetTcpActivator - ok
16:13:12.0993 0x2c60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:13.0005 0x2c60  NetTcpPortSharing - ok
16:13:13.0032 0x2c60  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:13.0042 0x2c60  nfrd960 - ok
16:13:13.0093 0x2c60  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:13:13.0172 0x2c60  NlaSvc - ok
16:13:13.0189 0x2c60  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:13:13.0209 0x2c60  Npfs - ok
16:13:13.0237 0x2c60  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
16:13:13.0260 0x2c60  nsi - ok
16:13:13.0271 0x2c60  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:13:13.0300 0x2c60  nsiproxy - ok
16:13:13.0416 0x2c60  [ 198FF60A42802C319FBA58FDB13EEE49, 80F098727BE1452BD570F5A1A7F4883BB38B3B4F7F4797D6F276A6E9FFE3B7C1 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
16:13:13.0427 0x2c60  nSvcIp - ok
16:13:13.0499 0x2c60  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:13:13.0545 0x2c60  Ntfs - ok
16:13:13.0571 0x2c60  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
16:13:13.0610 0x2c60  Null - ok
16:13:13.0666 0x2c60  [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
16:13:13.0706 0x2c60  NVENETFD - ok
16:13:14.0031 0x2c60  [ 2995ADDEE2335B0DDDE8AF7F200248AF, 99954E127BDB5164EB3928C60F5830582A44A9D2D38660DE19E36192C6F3CF7A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:14.0342 0x2c60  nvlddmkm - ok
16:13:14.0387 0x2c60  [ 0219B05730635FCAB3A9925D3374C464, FD5ED0FAFA1DB8229B3963C29D7AC98684C5F75772AAE05A79D4452237CF7C1D ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
16:13:14.0413 0x2c60  NVNET - ok
16:13:14.0473 0x2c60  [ C22ADABFABBC2B7AC189C87D87B1ABD6, 20886F806C1C02FA8BAA8B76AFCC32C40FA51921ED8D97F592DF9F92BFA933EE ] NvNetworkService C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
16:13:14.0512 0x2c60  NvNetworkService - ok
16:13:14.0573 0x2c60  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:13:14.0584 0x2c60  nvraid - ok
16:13:14.0610 0x2c60  [ 02A9F366BCB94B286E34825B2094CB38, 1F525EA1C9530FC5361745D0761C8E3AF9BF7CD80087A4791BB8DB8D5DF00115 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
16:13:14.0636 0x2c60  nvsmu - ok
16:13:14.0650 0x2c60  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:13:14.0675 0x2c60  nvstor - ok
16:13:14.0743 0x2c60  [ 048B39EAAAE3A5FDCD7F3B35868298A0, 11C54A465E85B49D085F47C0210B7FF9298A00C3330339350A240CE6C7E5B4B0 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:13:14.0751 0x2c60  NvStreamKms - ok
16:13:15.0326 0x2c60  [ CE4EF54DD0B8074AA23F863A720904C6, CFE5B5CA8A523D0CE8678C25ACECE804907E56794311C5C769C16087820BC97F ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:13:15.0857 0x2c60  NvStreamSvc - ok
16:13:16.0043 0x2c60  [ FAE39454D10CC50212BC96D182F82C33, 819D225313565BC454045FB622B2C05EB1398133162905FB1E0D89D0D4DDBD8E ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:13:16.0067 0x2c60  nvsvc - ok
16:13:16.0116 0x2c60  [ FA3B7E6BD974251CE1160A471B497072, 0ABB83CAECAF9F8E9AD8D3FDD2F2F33419B7317B42D3C0AA62C414A6D887AB38 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
16:13:16.0125 0x2c60  nvvad_WaveExtensible - ok
16:13:16.0167 0x2c60  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:13:16.0180 0x2c60  nv_agp - ok
16:13:16.0224 0x2c60  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:13:16.0248 0x2c60  ohci1394 - ok
16:13:16.0400 0x2c60  [ 5BD397324640379EF6FC22BB0D8CD774, 457CE1D4BBE10904A818084959B5A25EA70DAA77F67488284389628FA0448779 ] OverwolfUpdater C:\Program Files\Overwolf\OverwolfUpdater.exe
16:13:16.0429 0x2c60  OverwolfUpdater - ok
16:13:16.0476 0x2c60  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:13:16.0552 0x2c60  p2pimsvc - ok
16:13:16.0582 0x2c60  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:13:16.0627 0x2c60  p2psvc - ok
16:13:16.0647 0x2c60  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:13:16.0682 0x2c60  Parport - ok
16:13:16.0722 0x2c60  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:13:16.0733 0x2c60  partmgr - ok
16:13:16.0744 0x2c60  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:13:16.0768 0x2c60  Parvdm - ok
16:13:16.0786 0x2c60  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:13:16.0805 0x2c60  PcaSvc - ok
16:13:16.0846 0x2c60  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
16:13:16.0859 0x2c60  pci - ok
16:13:16.0893 0x2c60  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:13:16.0902 0x2c60  pciide - ok
16:13:16.0917 0x2c60  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:16.0931 0x2c60  pcmcia - ok
16:13:16.0946 0x2c60  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:13:16.0957 0x2c60  pcw - ok
16:13:16.0983 0x2c60  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:13:17.0053 0x2c60  PEAUTH - ok
16:13:17.0124 0x2c60  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
16:13:17.0217 0x2c60  pla - ok
16:13:17.0257 0x2c60  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:13:17.0329 0x2c60  PlugPlay - ok
16:13:17.0460 0x2c60  pmem - ok
16:13:17.0491 0x2c60  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:13:17.0504 0x2c60  PNRPAutoReg - ok
16:13:17.0518 0x2c60  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:13:17.0537 0x2c60  PNRPsvc - ok
16:13:17.0590 0x2c60  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:13:17.0631 0x2c60  PolicyAgent - ok
16:13:17.0683 0x2c60  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
16:13:17.0708 0x2c60  Power - ok
16:13:17.0726 0x2c60  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:13:17.0762 0x2c60  PptpMiniport - ok
16:13:17.0791 0x2c60  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:13:17.0809 0x2c60  Processor - ok
16:13:17.0867 0x2c60  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:13:17.0917 0x2c60  ProfSvc - ok
16:13:17.0965 0x2c60  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:13:17.0977 0x2c60  ProtectedStorage - ok
16:13:18.0000 0x2c60  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:13:18.0030 0x2c60  Psched - ok
16:13:18.0078 0x2c60  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:13:18.0125 0x2c60  ql2300 - ok
16:13:18.0142 0x2c60  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:13:18.0154 0x2c60  ql40xx - ok
16:13:18.0179 0x2c60  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
16:13:18.0210 0x2c60  QWAVE - ok
16:13:18.0217 0x2c60  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:13:18.0239 0x2c60  QWAVEdrv - ok
16:13:18.0251 0x2c60  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:13:18.0280 0x2c60  RasAcd - ok
16:13:18.0298 0x2c60  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:18.0338 0x2c60  RasAgileVpn - ok
16:13:18.0368 0x2c60  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:13:18.0393 0x2c60  RasAuto - ok
16:13:18.0406 0x2c60  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:18.0451 0x2c60  Rasl2tp - ok
16:13:18.0498 0x2c60  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
16:13:18.0540 0x2c60  RasMan - ok
16:13:18.0549 0x2c60  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:18.0571 0x2c60  RasPppoe - ok
16:13:18.0597 0x2c60  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:13:18.0630 0x2c60  RasSstp - ok
16:13:18.0684 0x2c60  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:13:18.0720 0x2c60  rdbss - ok
16:13:18.0730 0x2c60  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:13:18.0749 0x2c60  rdpbus - ok
16:13:18.0789 0x2c60  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:18.0815 0x2c60  RDPCDD - ok
16:13:18.0838 0x2c60  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:13:18.0868 0x2c60  RDPENCDD - ok
16:13:18.0873 0x2c60  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:13:18.0913 0x2c60  RDPREFMP - ok
16:13:18.0954 0x2c60  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:13:19.0001 0x2c60  RDPWD - ok
16:13:19.0056 0x2c60  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:13:19.0069 0x2c60  rdyboost - ok
16:13:19.0089 0x2c60  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:13:19.0120 0x2c60  RemoteAccess - ok
16:13:19.0136 0x2c60  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:13:19.0171 0x2c60  RemoteRegistry - ok
16:13:19.0193 0x2c60  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:13:19.0240 0x2c60  RpcEptMapper - ok
16:13:19.0274 0x2c60  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
16:13:19.0291 0x2c60  RpcLocator - ok
16:13:19.0346 0x2c60  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
16:13:19.0375 0x2c60  RpcSs - ok
16:13:19.0408 0x2c60  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:13:19.0432 0x2c60  rspndr - ok
16:13:19.0440 0x2c60  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
16:13:19.0453 0x2c60  SamSs - ok
16:13:19.0509 0x2c60  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:13:19.0520 0x2c60  sbp2port - ok
16:13:19.0546 0x2c60  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:13:19.0593 0x2c60  SCardSvr - ok
16:13:19.0627 0x2c60  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:13:19.0661 0x2c60  scfilter - ok
16:13:19.0734 0x2c60  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
16:13:19.0798 0x2c60  Schedule - ok
16:13:19.0845 0x2c60  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:13:19.0866 0x2c60  SCPolicySvc - ok
16:13:19.0914 0x2c60  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:13:19.0995 0x2c60  SDRSVC - ok
16:13:20.0203 0x2c60  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
16:13:20.0241 0x2c60  SDScannerService - ok
16:13:20.0333 0x2c60  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:13:20.0378 0x2c60  SDUpdateService - ok
16:13:20.0407 0x2c60  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:13:20.0444 0x2c60  SDWSCService - ok
16:13:20.0470 0x2c60  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:13:20.0499 0x2c60  secdrv - ok
16:13:20.0518 0x2c60  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
16:13:20.0553 0x2c60  seclogon - ok
16:13:20.0563 0x2c60  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
16:13:20.0599 0x2c60  SENS - ok
16:13:20.0630 0x2c60  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:13:20.0669 0x2c60  SensrSvc - ok
16:13:20.0696 0x2c60  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:13:20.0710 0x2c60  Serenum - ok
16:13:20.0734 0x2c60  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:13:20.0758 0x2c60  Serial - ok
16:13:20.0798 0x2c60  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:13:20.0829 0x2c60  sermouse - ok
16:13:20.0897 0x2c60  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:13:20.0939 0x2c60  SessionEnv - ok
16:13:20.0970 0x2c60  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:13:20.0982 0x2c60  sffdisk - ok
16:13:21.0008 0x2c60  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:13:21.0041 0x2c60  sffp_mmc - ok
16:13:21.0060 0x2c60  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:13:21.0079 0x2c60  sffp_sd - ok
16:13:21.0097 0x2c60  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:13:21.0109 0x2c60  sfloppy - ok
16:13:21.0140 0x2c60  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:13:21.0192 0x2c60  SharedAccess - ok
16:13:21.0229 0x2c60  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:13:21.0287 0x2c60  ShellHWDetection - ok
16:13:21.0306 0x2c60  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:13:21.0316 0x2c60  sisagp - ok
16:13:21.0345 0x2c60  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:13:21.0356 0x2c60  SiSRaid2 - ok
16:13:21.0368 0x2c60  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:13:21.0378 0x2c60  SiSRaid4 - ok
16:13:21.0397 0x2c60  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:13:21.0432 0x2c60  Smb - ok
16:13:21.0458 0x2c60  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:13:21.0472 0x2c60  SNMPTRAP - ok
16:13:21.0802 0x2c60  [ 11BB0E11D42CC3A43D741D9B30839BE1, FDC35289D966A7CB318C5BD646148E1E2BCC0AB9F9FD4243C82FC567D72DDAE9 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
16:13:22.0186 0x2c60  SNPSTD3 - ok
16:13:22.0237 0x2c60  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:13:22.0247 0x2c60  spldr - ok
16:13:22.0291 0x2c60  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
16:13:22.0337 0x2c60  Spooler - ok
16:13:22.0471 0x2c60  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
16:13:22.0600 0x2c60  sppsvc - ok
16:13:22.0648 0x2c60  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:13:22.0671 0x2c60  sppuinotify - ok
16:13:22.0715 0x2c60  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:13:22.0784 0x2c60  srv - ok
16:13:22.0801 0x2c60  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:13:22.0832 0x2c60  srv2 - ok
16:13:22.0868 0x2c60  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:13:22.0880 0x2c60  srvnet - ok
16:13:22.0915 0x2c60  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:13:22.0954 0x2c60  SSDPSRV - ok
16:13:22.0970 0x2c60  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:13:23.0007 0x2c60  SstpSvc - ok
16:13:23.0089 0x2c60  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
16:13:23.0124 0x2c60  Steam Client Service - ok
16:13:23.0208 0x2c60  [ BAD1F0D57B842D3C461B02609A7E7396, 737A17B22945BD04AA6AEF121F2561CC8231480796A7564722A3A08AB70F8F67 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:13:23.0232 0x2c60  Stereo Service - ok
16:13:23.0250 0x2c60  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:13:23.0260 0x2c60  stexstor - ok
16:13:23.0322 0x2c60  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:13:23.0370 0x2c60  StiSvc - ok
16:13:23.0405 0x2c60  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:13:23.0415 0x2c60  swenum - ok
16:13:23.0448 0x2c60  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
16:13:23.0491 0x2c60  swprv - ok
16:13:23.0565 0x2c60  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
16:13:23.0628 0x2c60  SysMain - ok
16:13:23.0681 0x2c60  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
16:13:23.0708 0x2c60  TabletInputService - ok
16:13:23.0754 0x2c60  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:13:23.0793 0x2c60  TapiSrv - ok
16:13:23.0812 0x2c60  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
16:13:23.0845 0x2c60  TBS - ok
16:13:23.0918 0x2c60  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:13:24.0000 0x2c60  Tcpip - ok
16:13:24.0055 0x2c60  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:13:24.0087 0x2c60  TCPIP6 - ok
16:13:24.0136 0x2c60  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:13:24.0159 0x2c60  tcpipreg - ok
16:13:24.0178 0x2c60  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:13:24.0212 0x2c60  TDPIPE - ok
16:13:24.0228 0x2c60  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:13:24.0253 0x2c60  TDTCP - ok
16:13:24.0291 0x2c60  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:13:24.0338 0x2c60  tdx - ok
16:13:24.0379 0x2c60  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:13:24.0389 0x2c60  TermDD - ok
16:13:24.0444 0x2c60  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
16:13:24.0509 0x2c60  TermService - ok
16:13:24.0533 0x2c60  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
16:13:24.0565 0x2c60  Themes - ok
16:13:24.0595 0x2c60  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:13:24.0618 0x2c60  THREADORDER - ok
16:13:24.0637 0x2c60  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
16:13:24.0676 0x2c60  TrkWks - ok
16:13:24.0748 0x2c60  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:13:24.0781 0x2c60  TrustedInstaller - ok
16:13:24.0823 0x2c60  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:24.0842 0x2c60  tssecsrv - ok
16:13:24.0896 0x2c60  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:13:24.0940 0x2c60  TsUsbFlt - ok
16:13:24.0998 0x2c60  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:13:25.0035 0x2c60  tunnel - ok
16:13:25.0055 0x2c60  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:13:25.0065 0x2c60  uagp35 - ok
16:13:25.0108 0x2c60  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:13:25.0139 0x2c60  udfs - ok
16:13:25.0170 0x2c60  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:13:25.0192 0x2c60  UI0Detect - ok
16:13:25.0237 0x2c60  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:13:25.0248 0x2c60  uliagpkx - ok
16:13:25.0303 0x2c60  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:13:25.0315 0x2c60  umbus - ok
16:13:25.0333 0x2c60  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:13:25.0345 0x2c60  UmPass - ok
16:13:25.0361 0x2c60  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
16:13:25.0398 0x2c60  upnphost - ok
16:13:25.0460 0x2c60  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:13:25.0536 0x2c60  usbaudio - ok
16:13:25.0583 0x2c60  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:25.0616 0x2c60  usbccgp - ok
16:13:25.0660 0x2c60  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:13:25.0686 0x2c60  usbcir - ok
16:13:25.0729 0x2c60  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:13:25.0747 0x2c60  usbehci - ok
16:13:25.0802 0x2c60  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:13:25.0827 0x2c60  usbhub - ok
16:13:25.0871 0x2c60  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:13:25.0881 0x2c60  usbohci - ok
16:13:25.0916 0x2c60  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:13:25.0941 0x2c60  usbprint - ok
16:13:25.0980 0x2c60  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:26.0057 0x2c60  USBSTOR - ok
16:13:26.0109 0x2c60  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:13:26.0126 0x2c60  usbuhci - ok
16:13:26.0153 0x2c60  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
16:13:26.0185 0x2c60  UxSms - ok
16:13:26.0215 0x2c60  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
16:13:26.0228 0x2c60  VaultSvc - ok
16:13:26.0436 0x2c60  [ 534C6B89EAC808A6C0B98591D37CDF67, 5458E8B3CA2BED60CFD2AD2F2640A6C94C6D1D9B3D9B1A8CA9BE9F1B861B1AB1 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
16:13:26.0450 0x2c60  VBoxAswDrv - ok
16:13:26.0497 0x2c60  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:13:26.0508 0x2c60  vdrvroot - ok
16:13:26.0552 0x2c60  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
16:13:26.0594 0x2c60  vds - ok
16:13:26.0683 0x2c60  [ A9FBDE8CC35011F816132C5486B91964, 1C9229ED493F6985413D543BE5E7FB3BD38EB9672245ADEEAF94F08AEA95A859 ] Verifies and fixes application compatibility issues C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
16:13:26.0690 0x2c60  Verifies and fixes application compatibility issues - ok
16:13:26.0715 0x2c60  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:26.0739 0x2c60  vga - ok
16:13:26.0754 0x2c60  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:13:26.0786 0x2c60  VgaSave - ok
16:13:26.0822 0x2c60  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:13:26.0834 0x2c60  vhdmp - ok
16:13:26.0899 0x2c60  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:13:26.0910 0x2c60  viaagp - ok
16:13:26.0920 0x2c60  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:13:26.0946 0x2c60  ViaC7 - ok
16:13:26.0981 0x2c60  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:13:26.0991 0x2c60  viaide - ok
16:13:27.0033 0x2c60  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:13:27.0043 0x2c60  volmgr - ok
16:13:27.0059 0x2c60  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:13:27.0076 0x2c60  volmgrx - ok
16:13:27.0094 0x2c60  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:13:27.0110 0x2c60  volsnap - ok
16:13:27.0138 0x2c60  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:13:27.0150 0x2c60  vsmraid - ok
16:13:27.0223 0x2c60  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
16:13:27.0288 0x2c60  VSS - ok
16:13:27.0300 0x2c60  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:13:27.0323 0x2c60  vwifibus - ok
16:13:27.0345 0x2c60  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
16:13:27.0383 0x2c60  W32Time - ok
16:13:27.0410 0x2c60  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:13:27.0432 0x2c60  WacomPen - ok
16:13:27.0486 0x2c60  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:13:27.0514 0x2c60  WANARP - ok
16:13:27.0517 0x2c60  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:13:27.0538 0x2c60  Wanarpv6 - ok
16:13:27.0629 0x2c60  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:13:27.0687 0x2c60  WatAdminSvc - ok
16:13:27.0767 0x2c60  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
16:13:27.0866 0x2c60  wbengine - ok
16:13:27.0895 0x2c60  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:13:27.0925 0x2c60  WbioSrvc - ok
16:13:27.0983 0x2c60  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:13:28.0041 0x2c60  wcncsvc - ok
16:13:28.0059 0x2c60  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:13:28.0085 0x2c60  WcsPlugInService - ok
16:13:28.0106 0x2c60  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:13:28.0116 0x2c60  Wd - ok
16:13:28.0173 0x2c60  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:13:28.0202 0x2c60  Wdf01000 - ok
16:13:28.0215 0x2c60  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:13:28.0306 0x2c60  WdiServiceHost - ok
16:13:28.0312 0x2c60  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:13:28.0329 0x2c60  WdiSystemHost - ok
16:13:28.0376 0x2c60  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
16:13:28.0433 0x2c60  WebClient - ok
16:13:28.0461 0x2c60  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:13:28.0499 0x2c60  Wecsvc - ok
16:13:28.0511 0x2c60  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:13:28.0550 0x2c60  wercplsupport - ok
16:13:28.0586 0x2c60  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
16:13:28.0616 0x2c60  WerSvc - ok
16:13:28.0633 0x2c60  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:28.0655 0x2c60  WfpLwf - ok
16:13:28.0668 0x2c60  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:13:28.0678 0x2c60  WIMMount - ok
16:13:28.0745 0x2c60  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:13:28.0806 0x2c60  WinDefend - ok
16:13:28.0827 0x2c60  WinHttpAutoProxySvc - ok
16:13:28.0861 0x2c60  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:13:28.0900 0x2c60  Winmgmt - ok
16:13:28.0976 0x2c60  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:13:29.0043 0x2c60  WinRM - ok
16:13:29.0078 0x2c60  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:13:29.0095 0x2c60  WinUsb - ok
16:13:29.0149 0x2c60  [ E14FDC8F4FABBD55CAC6F35192232371, FEC0BEA54AF06151593370A98FF1F8F910B7735082DE02967EA54A3A8EF1BDD4 ] WISTechVIDCAP   C:\Windows\system32\drivers\wisgostrm.sys
16:13:29.0203 0x2c60  WISTechVIDCAP - ok
16:13:29.0245 0x2c60  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:13:29.0313 0x2c60  Wlansvc - ok
16:13:29.0344 0x2c60  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:13:29.0365 0x2c60  WmiAcpi - ok
16:13:29.0389 0x2c60  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:13:29.0412 0x2c60  wmiApSrv - ok
16:13:29.0500 0x2c60  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:13:29.0592 0x2c60  WMPNetworkSvc - ok
16:13:29.0617 0x2c60  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:13:29.0653 0x2c60  WPCSvc - ok
16:13:29.0697 0x2c60  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:13:29.0759 0x2c60  WPDBusEnum - ok
16:13:29.0780 0x2c60  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:13:29.0805 0x2c60  ws2ifsl - ok
16:13:29.0821 0x2c60  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:13:29.0845 0x2c60  wscsvc - ok
16:13:29.0848 0x2c60  WSearch - ok
16:13:29.0940 0x2c60  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
16:13:30.0051 0x2c60  wuauserv - ok
16:13:30.0103 0x2c60  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:13:30.0239 0x2c60  WudfPf - ok
16:13:30.0267 0x2c60  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:30.0290 0x2c60  WUDFRd - ok
16:13:30.0353 0x2c60  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:13:30.0376 0x2c60  wudfsvc - ok
16:13:30.0434 0x2c60  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:13:30.0571 0x2c60  WwanSvc - ok
16:13:30.0634 0x2c60  [ EE9144207EE0211EB5656BA6808AC4A0, 8C4EEC5D22C8FA43CAEF1A7C098198BE3DE8804FAFFFF9ADBCC4A9C6157FCD85 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:13:30.0644 0x2c60  xusb21 - ok
16:13:30.0655 0x2c60  ================ Scan global ===============================
16:13:30.0706 0x2c60  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
16:13:30.0757 0x2c60  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:13:30.0783 0x2c60  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:13:30.0812 0x2c60  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
16:13:30.0841 0x2c60  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
16:13:30.0858 0x2c60  [ Global ] - ok
16:13:30.0861 0x2c60  ================ Scan MBR ==================================
16:13:30.0867 0x2c60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:13:31.0125 0x2c60  \Device\Harddisk1\DR1 - ok
16:13:31.0143 0x2c60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:13:31.0212 0x2c60  \Device\Harddisk0\DR0 - ok
16:13:31.0215 0x2c60  ================ Scan VBR ==================================
16:13:31.0217 0x2c60  [ 83065ED21CC6E1EEE3C677CF36DF47D8 ] \Device\Harddisk1\DR1\Partition1
16:13:31.0218 0x2c60  \Device\Harddisk1\DR1\Partition1 - ok
16:13:31.0222 0x2c60  [ D72AD7ACF565025DD9CF25599C57A6A6 ] \Device\Harddisk1\DR1\Partition2
16:13:31.0223 0x2c60  \Device\Harddisk1\DR1\Partition2 - ok
16:13:31.0227 0x2c60  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
16:13:31.0227 0x2c60  \Device\Harddisk0\DR0\Partition1 - ok
16:13:31.0250 0x2c60  [ 8E02A6412756201AE14256ED352D314D ] \Device\Harddisk0\DR0\Partition2
16:13:31.0300 0x2c60  \Device\Harddisk0\DR0\Partition2 - ok
16:13:31.0302 0x2c60  ================ Scan generic autorun ======================
16:13:31.0629 0x2c60  [ 972A8C10BC3C1AB1F0448D0D2846403E, 7CC857D6B52D26EEF92BAB1AEEFD17F4891F5E02B1D293791CFB000C5038B0E5 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
16:13:31.0863 0x2c60  RTHDVCPL - ok
16:13:31.0914 0x2c60  Nvtmru - ok
16:13:31.0948 0x2c60  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
16:13:31.0968 0x2c60  Logitech Download Assistant - ok
16:13:32.0044 0x2c60  [ 44FE94FCDF97E574B6986C5A81758628, D950CF92623CA2AD053F7DCC44B483176D02E721C716255957DA90A083D0F1B9 ] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
16:13:32.0094 0x2c60  NvBackend - ok
16:13:32.0104 0x2c60  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
16:13:32.0119 0x2c60  ShadowPlay - ok
16:13:32.0383 0x2c60  [ 2B3C122729AD4C6B86B31310030B61AF, 143F34C3C82FFDD1F7727A4E12FE4458826D57AEA475AAEC5F47995BD53C0002 ] C:\Program Files\Logitech Gaming Software\LCore.exe
16:13:32.0542 0x2c60  Launch LCore - ok
16:13:32.0760 0x2c60  [ 63ACD413A25E65C3BF08790C16BA97C2, 8A14C623BB79A0964E4D9F220BE77360171123B59B2AAFD1DBD9D9080586E082 ] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
16:13:32.0840 0x2c60  LogMeIn Hamachi Ui - ok
16:13:33.0041 0x2c60  [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:13:33.0154 0x2c60  AvastUI.exe - ok
16:13:33.0308 0x2c60  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
16:13:33.0387 0x2c60  SDTray - ok
16:13:33.0481 0x2c60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:13:33.0576 0x2c60  Sidebar - ok
16:13:33.0596 0x2c60  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:13:33.0613 0x2c60  mctadmin - ok
16:13:33.0654 0x2c60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:13:33.0706 0x2c60  Sidebar - ok
16:13:33.0712 0x2c60  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:13:33.0728 0x2c60  mctadmin - ok
16:13:33.0987 0x2c60  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
16:13:34.0085 0x2c60  Akamai NetSession Interface - ok
16:13:34.0131 0x2c60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
16:13:34.0166 0x2c60  Sidebar - ok
16:13:34.0323 0x2c60  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
16:13:34.0457 0x2c60  Spybot-S&D Cleaning - ok
16:13:34.0510 0x2c60  [ 2F0EAAF91FC7A5C70D1F4BE9B18A1CF5, 6075E8ADD4136AC6497C1FE9CC937E6652FAD5024AED1CF901CE107078955C4F ] C:\Windows\System32\StikyNot.exe
16:13:34.0572 0x2c60  RESTART_STICKY_NOTES - ok
16:13:34.0573 0x2c60  Waiting for KSN requests completion. In queue: 256
16:13:35.0573 0x2c60  Waiting for KSN requests completion. In queue: 256
16:13:36.0573 0x2c60  Waiting for KSN requests completion. In queue: 256
16:13:37.0606 0x2c60  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x40000 ( disabled : updated )
16:13:37.0635 0x2c60  Win FW state via NFP2: enabled
16:13:40.0069 0x2c60  ============================================================
16:13:40.0069 0x2c60  Scan finished
16:13:40.0069 0x2c60  ============================================================
16:13:40.0076 0x24a4  Detected object count: 0
16:13:40.0076 0x24a4  Actual detected object count: 0
         
__________________

Alt 15.01.2015, 16:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.01.2015, 17:16   #5
tcg
 
Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



combofix zeigte die Meldung, dass spybot S&D noch im System sei.
Ich hatte vor dem Start einen Neustart des Systems durchgeführt, und zuvor Spybot aus dem Autostart herausgenommen, weder wurde mir ein aktiver Dienst, noch das Benachrichtigungssymbol in der Benachrichtigungsleiste angezeigt. daher habe ich die Meldung als "das kannst Du dann ignorieren" interpretiert.

Code:
ATTFilter
ComboFix 15-01-08.01 - Dominik 15.01.2015  17:48:10.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1090 [GMT 1:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominik\AppData\Roaming\InetStat\inetstat.exe
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-15 bis 2015-01-15  ))))))))))))))))))))))))))))))
.
.
2015-01-15 17:04 . 2015-01-15 17:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-15 17:04 . 2015-01-15 17:04	--------	d-----w-	c:\users\TogetherCrazyGaming\AppData\Local\temp
2015-01-14 19:32 . 2015-01-14 19:32	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-14 19:31 . 2015-01-15 16:25	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-14 19:31 . 2015-01-14 20:38	119000	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 19:29 . 2015-01-14 20:37	79576	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-14 19:03 . 2015-01-14 19:03	--------	d-----w-	c:\program files\VS Revo Group
2015-01-14 17:06 . 2015-01-14 17:13	--------	d-----w-	C:\FRST
2015-01-14 15:58 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-01-14 15:58 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 15:57 . 2014-12-11 17:47	46592	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-01-14 15:57 . 2014-12-19 02:43	164864	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 15:57 . 2014-12-06 03:50	242688	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 15:57 . 2014-12-19 01:34	116224	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 15:55 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA0BC39A-1225-42CB-B4E4-957D71F5A240}\mpengine.dll
2015-01-11 10:28 . 2013-09-20 09:49	18968	----a-w-	c:\windows\system32\sdnclean.exe
2015-01-11 10:28 . 2015-01-11 11:24	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-01-11 10:28 . 2015-01-11 10:30	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2015-01-10 12:37 . 2015-01-10 12:41	--------	d-----w-	c:\users\Dominik\AppData\Roaming\Compatibility Verifier
2015-01-09 22:18 . 2015-01-09 22:18	--------	d-----w-	c:\windows\system32\vbox
2015-01-09 22:14 . 2015-01-09 22:14	--------	d-----w-	c:\users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 22:08 . 2015-01-09 22:08	91496	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-01-09 22:08 . 2015-01-09 22:08	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-09 22:08 . 2015-01-09 22:08	291352	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-09 22:08 . 2015-01-09 22:08	43152	----a-w-	c:\windows\avastSS.scr
2015-01-09 21:35 . 2015-01-09 21:49	--------	d-----w-	c:\users\Dominik\AppData\Local\FreeFixer
2015-01-09 21:35 . 2015-01-09 21:35	--------	d-----w-	c:\users\Dominik\AppData\Roaming\FreeFixer
2015-01-09 21:25 . 2015-01-15 16:35	--------	d-----w-	c:\users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 21:25 . 2015-01-09 21:25	--------	d-----w-	c:\users\Default\AppData\Local\Programs
2014-12-18 18:27 . 2014-12-19 11:59	--------	d-----w-	c:\program files\Mozilla Thunderbird
2014-12-18 14:50 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 21:19 . 2012-12-31 21:24	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 21:19 . 2012-12-31 21:24	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-09 22:39 . 2012-12-31 21:22	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-09 22:39 . 2012-12-31 21:22	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-01-09 22:08 . 2013-06-03 07:43	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-09 22:08 . 2013-06-03 07:43	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-09 22:08 . 2012-12-31 21:22	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-09 22:08 . 2012-12-31 21:22	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-01-08 08:55 . 2012-12-31 15:17	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-04 04:38 . 2014-12-11 13:54	337920	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-11 13:54	610304	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-11 13:54	315392	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-11 13:54	728576	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-11 13:54	159744	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-11 13:54	202752	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-11 13:54	873984	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 13:54	1160872	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-22 02:20 . 2014-12-11 13:54	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-11 13:54	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-11 13:54	501248	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-11 13:54	62464	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-11 13:54	47616	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 13:54	64000	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-11 13:54	102912	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-11 13:54	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-11 13:54	667648	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-11 13:54	60416	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 13:54	4299264	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-11 13:54	2052096	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 13:54	1155072	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-11 13:54	1888256	----a-w-	c:\windows\system32\wininet.dll
2014-11-11 20:01 . 2014-11-11 20:01	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2014-11-11 20:01 . 2014-11-11 20:01	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2014-11-11 02:44 . 2014-12-11 13:54	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 14:42	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 14:42	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-11 13:54	74752	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-11 13:53	2048	----a-w-	c:\windows\system32\tzres.dll
2014-10-30 01:45 . 2014-12-11 13:53	155136	----a-w-	c:\windows\system32\charmap.exe
2014-10-28 14:33 . 2014-08-30 14:12	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-10-25 01:32 . 2014-11-13 01:14	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 01:52	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 23:27	3209728	----a-w-	c:\windows\system32\mf.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-09 22:08	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dominik\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-11-19 11733648]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-30 1081112]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-28 8187160]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23	3672640	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-12-13 16:01	3838800	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
2014-12-29 17:14	40176	----a-w-	c:\program files\Overwolf\Overwolf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 09:42	4101576	----a-w-	c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07	827392	----a-w-	c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2014-06-24 09:41	4566952	----a-w-	c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-11-18 20:23	1940160	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-11 00:39	256896	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 16:18	90112	----a-w-	c:\program files\MAGIX\Video_deluxe_MX_Premium_Download-Version\Trayserver_DE.exe
.
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe [2014-06-16 93048]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 musbehco;musbehco;c:\users\Dominik\AppData\Local\Temp\musbehco.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\Overwolf\OverwolfUpdater.exe [2014-12-29 998640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-03 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-01-09 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-01-09 423784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-04 242240]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-01-09 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-01-09 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-01-09 91496]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-12-13 1895760]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-12-02 411920]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-30 1617696]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-30 19702048]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-01-09 218192]
S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [2015-01-08 87208]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-01-09 3192344]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2013-06-25 50728]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 39960]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-04-30 17240]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 10:41	1087816	----a-w-	c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31 21:19]
.
2015-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-26 20:50]
.
2015-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-26 20:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>;<local>
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Nvtmru - c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
c:\users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Holland - Verknüpfung.lnk - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-StarCraft II - c:\program files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3362981809-2306697286-120240772-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b6,50,25,75,93,61,1c,f7,36,35,94,dd,60,a5,c4,80,4a,06,f6,72,f1,74,1b,
   be,3f,f9,f1,1b,ad,57,40,45,99,7f,1e,e6,5a,f0,a6,43,0f,f2,1c,55,00,e4,fd,56,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-3362981809-2306697286-120240772-1001\Software\SecuROM\License information*]
"datasecu"=hex:d3,b9,f0,80,78,f7,3e,65,ba,7d,1e,df,97,00,2b,df,55,3e,dd,27,60,
   8a,18,d5,de,d2,ad,40,aa,79,4a,c4,6b,26,a6,86,d2,64,67,70,44,4f,b8,f4,2c,2b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-15  18:07:53
ComboFix-quarantined-files.txt  2015-01-15 17:07
.
Vor Suchlauf: 16 Verzeichnis(se), 108.551.188.480 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 108.802.748.416 Bytes frei
.
- - End Of File - - 6E1E89475160F6BE4FEB0703AFF393F2
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 15.01.2015, 17:46   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast

Alt 16.01.2015, 18:09   #7
tcg
 
Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Hallo,

Nach dem letzten Neustart meldete sich AVAST (obwohl ich auf deaktivieren gedrückt hatte und die Sicherheitsabfrage kam, und in der notification bar den Hinweis erhielt, dass AVAST nicht aktiv sein) eine Meldung, dass es beim Start von Firefox die Erweiterung flowsurf gefunden hätte - die eine schlechte reputation hätte. Hier habe ich keine Aktion durchführen lassen.

Die Logs:

mbam

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.01.2015
Suchlauf-Zeit: 19:09:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.15.10
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Dominik

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 370016
Verstrichene Zeit: 36 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 9
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1536, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 540, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1248, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5960, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1092, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4104, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3076, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3752, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 3276, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42]

Module: 10
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 

Registrierungsschlüssel: 10
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [288e62958306dc5ace2ba34905fddf21], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [cbebe611fb8e79bde7b77975d62c1ae6], 
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [a01646b199f05cda58c897fae51e60a0], 
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [4472cd2a19709e988130b4eda75c56aa], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [fbbb48afb1d8b086547510665da656aa], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, In Quarantäne, [189e32c5a9e0d85e4a64dd07eb19b050], 

Registrierungswerte: 3
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|jid1-tofUlNEIFlkUIA@jetpack, C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, In Quarantäne, [3b7bbb3cc3c6082e63d99610b54e4ab6]
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [189e32c5a9e0d85e4a64dd07eb19b050]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [eec8a6516c1d5dd99283b8db7b880bf5]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 15
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [179f9d5a36535dd90017db5fc340be42], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [179f9d5a36535dd90017db5fc340be42], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, In Quarantäne, [30866790464310269e21ec569d66c838], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, In Quarantäne, [30866790464310269e21ec569d66c838], 

Dateien: 74
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, In Quarantäne, [3d7929cebbce71c5077bc0b87b86a759], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], 
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], 
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], 
PUP.Optional.AdPeak.A, C:\temp\output.txt, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], 
PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], 
PUP.Optional.QuickStart.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, In Quarantäne, [d2e4b93e70192016d42006e2a262d729], 
PUP.Optional.QuickStart.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, In Quarantäne, [22947b7c2f5a79bd8f65e6024bb907f9], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [179f9d5a36535dd90017db5fc340be42], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\background.html, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json.bak, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf-drop.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf.css, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\jquery-1.7.2.min.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js.bak, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\manifest.json, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\readme.txt, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\button.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon100.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon128.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon16.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon256.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon32.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon48.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon64.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_init.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_kango.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\invoke_async_module.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\message_target_module.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\userscript_client.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\backgroundscript_engine.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\browser.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\console.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\i18n.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\initialize.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\io.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\kango.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\lang.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\messaging.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\storage.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\userscript_engine.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\xhr.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\browser_button.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\kango_api.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\options.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\remote_popup_host.html, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 
PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\ui.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Adwcleaner:

Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 20:13:20
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Dominik - TROLLINGSARUMAN
# Gestartet von : C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\Dominik\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\foxydeal.sqlite

***** [ Tasks ] *****

Task Gelöscht : fsupdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8018C54-B702-4D52-9ACC-8CA78911E633}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C6A846C5-D67F-48B4-8552-C22354E56966}
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\usyndication.com
Schlüssel Gelöscht : HKCU\Software\USyndication

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0 (x86 de)

[51dpc675.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[51dpc675.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [14338 octets] - [30/04/2014 19:24:18]
AdwCleaner[R1].txt - [1315 octets] - [30/04/2014 19:50:07]
AdwCleaner[R2].txt - [1363 octets] - [02/05/2014 00:59:57]
AdwCleaner[R3].txt - [1484 octets] - [06/06/2014 23:22:50]
AdwCleaner[R4].txt - [2842 octets] - [15/01/2015 20:04:20]
AdwCleaner[S0].txt - [12962 octets] - [30/04/2014 19:25:39]
AdwCleaner[S1].txt - [1376 octets] - [30/04/2014 19:51:00]
AdwCleaner[S2].txt - [1545 octets] - [06/06/2014 23:25:39]
AdwCleaner[S3].txt - [2719 octets] - [15/01/2015 20:13:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2779 octets] ##########
         
und
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Dominik on 16.01.2015 at 17:33:57,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\RegistryDr_Popup
Successfully deleted: [File] C:\Windows\System32\Tasks\RegistryDr_Start
Successfully deleted: [File] "C:\Users\Dominik\favorites\links\startfenster.lnk"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\51dpc675.default\minidumps [484 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 17:35:47,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Da war doch noch was - das FRST Log....


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by Dominik (administrator) on TROLLINGSARUMAN on 16-01-2015 19:06:54
Running from C:\Users\Dominik\Desktop
Loaded Profiles: Dominik (Available profiles: Dominik & TogetherCrazyGaming)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml
FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03]
FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Dominik\AppData\Local\Temp\catchme.sys [X]
S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X]
S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Dominik\Desktop\FRST-OlderVersion
2015-01-16 17:49 - 2015-01-16 17:49 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-49-56.066-AvastVBoxSVC.exe-3504.log
2015-01-16 17:45 - 2015-01-16 17:45 - 00000286 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (3).txt
2015-01-16 17:35 - 2015-01-16 17:35 - 00000992 _____ () C:\Users\Dominik\Desktop\JRT.txt
2015-01-16 17:33 - 2015-01-16 17:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 17:32 - 2015-01-16 17:32 - 01707939 _____ (Thisisu) C:\Users\Dominik\Desktop\JRT.exe
2015-01-16 17:26 - 2015-01-16 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-26-02.025-AvastVBoxSVC.exe-3908.log
2015-01-16 17:21 - 2015-01-16 17:21 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-21-57.030-AvastVBoxSVC.exe-2964.log
2015-01-16 17:10 - 2015-01-16 17:10 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-10-20.087-AvastVBoxSVC.exe-4084.log
2015-01-16 17:00 - 2015-01-16 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-00-02.052-AvastVBoxSVC.exe-3696.log
2015-01-16 14:45 - 2015-01-16 14:45 - 00000197 _____ () C:\Windows\system32\2015-01-16-13-45-27.090-AvastVBoxSVC.exe-3408.log
2015-01-15 20:17 - 2015-01-15 20:17 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-17-41.019-AvastVBoxSVC.exe-3828.log
2015-01-15 20:12 - 2015-01-15 20:13 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-59.029-aswFe.exe-4604.log
2015-01-15 20:08 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-08-04.058-aswFe.exe-5008.log
2015-01-15 20:02 - 2015-01-15 20:03 - 02191360 _____ () C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe
2015-01-15 19:59 - 2015-01-15 19:59 - 00023039 _____ () C:\Users\Dominik\Desktop\mbam.txt
2015-01-15 19:06 - 2015-01-15 19:06 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-15 19:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 19:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 18:59 - 2015-01-15 19:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-15 18:56 - 2015-01-15 18:56 - 00000197 _____ () C:\Windows\system32\2015-01-15-17-56-39.075-AvastVBoxSVC.exe-2692.log
2015-01-15 18:07 - 2015-01-15 18:07 - 00017812 _____ () C:\ComboFix.txt
2015-01-15 17:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-15 17:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-15 17:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-15 17:35 - 2015-01-15 18:07 - 00000000 ____D () C:\Qoobox
2015-01-15 17:34 - 2015-01-15 18:05 - 00000000 ____D () C:\Windows\erdnt
2015-01-15 17:32 - 2015-01-15 17:32 - 05609736 ____R (Swearware) C:\Users\Dominik\Desktop\ComboFix.exe
2015-01-15 17:28 - 2015-01-15 17:28 - 00000197 _____ () C:\Windows\system32\2015-01-15-16-28-45.010-AvastVBoxSVC.exe-3576.log
2015-01-15 16:16 - 2015-01-15 16:19 - 00102593 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (2).txt
2015-01-15 16:09 - 2015-01-15 16:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Dominik\Desktop\tdsskiller.exe
2015-01-14 21:36 - 2015-01-14 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-14-20-36-18.044-AvastVBoxSVC.exe-3592.log
2015-01-14 21:17 - 2015-01-14 21:17 - 00000000 ____H () C:\Users\Dominik\Documents\Default.rdp
2015-01-14 20:32 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 20:31 - 2015-01-16 18:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 20:31 - 2015-01-15 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 20:29 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 20:28 - 2015-01-15 16:11 - 00000000 ____D () C:\Users\Dominik\Desktop\mbar
2015-01-14 20:26 - 2015-01-14 20:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dominik\Desktop\mbar-1.08.2.1001.exe
2015-01-14 20:21 - 2015-01-14 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-19-21-53.063-AvastVBoxSVC.exe-3692.log
2015-01-14 20:03 - 2015-01-14 20:03 - 00001222 _____ () C:\Users\Dominik\Desktop\Revo Uninstaller.lnk
2015-01-14 20:03 - 2015-01-14 20:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-14 20:00 - 2015-01-14 20:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dominik\Desktop\revosetup95.exe
2015-01-14 19:54 - 2015-01-14 19:54 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-54-07.069-AvastVBoxSVC.exe-3156.log
2015-01-14 19:19 - 2015-01-14 19:19 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-19-08.073-AvastVBoxSVC.exe-3128.log
2015-01-14 18:43 - 2015-01-14 18:43 - 00008989 _____ () C:\Users\Dominik\Desktop\gmer.log
2015-01-14 18:11 - 2015-01-14 18:13 - 00039072 _____ () C:\Users\Dominik\Desktop\Addition.txt
2015-01-14 18:06 - 2015-01-16 19:06 - 00018761 _____ () C:\Users\Dominik\Desktop\FRST.txt
2015-01-14 18:06 - 2015-01-16 19:06 - 00000000 ____D () C:\FRST
2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log
2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable
2015-01-14 17:52 - 2015-01-16 19:06 - 01116672 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe
2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log
2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP
2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp
2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log
2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log
2015-01-13 12:57 - 2015-01-15 18:20 - 00000112 _____ () C:\ProgramData\q485uB3.dat
2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log
2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log
2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log
2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log
2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log
2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup
2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps
2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe
2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log
2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log
2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log
2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log
2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip
2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip
2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip
2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip
2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server
2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 18:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:48 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:48 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi
2015-01-16 17:47 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 17:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 17:47 - 2009-07-14 05:39 - 00216466 _____ () C:\Windows\setupact.log
2015-01-16 17:46 - 2012-12-31 16:02 - 01103008 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 20:14 - 2013-01-01 13:03 - 00446222 _____ () C:\Windows\PFRO.log
2015-01-15 20:13 - 2014-04-30 19:24 - 00000000 ____D () C:\AdwCleaner
2015-01-15 19:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-15 18:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 21:33 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik
2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net
2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client
2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player
2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS
2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-09 22:36 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik
2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf
2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft
2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III
2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele
2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet
2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird
2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\q485uB3.dat


Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe
C:\Users\Dominik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-07 19:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 16.01.2015, 18:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2015, 21:31   #9
tcg
 
Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Das macht einen recht guten Eindruck !
Der Prozessor kommt auch mal zur Ruhe, und der Speicherplatz sieht auch wieder gut aus....

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dc64219fb533ba44800fa0dff88e83be
# engine=22007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-16 09:03:21
# local_time=2015-01-16 10:03:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 552414 185862691 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 182737 173073392 0 0
# scanned=347510
# found=12
# cleaned=0
# scan_time=7171
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dominik\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=5E58D4E3CFCA4E841BE1C67B12F70AFEAEB4CF32 ft=1 fh=6f29d94a2c3a0ff5 vn="Variante von Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Dominik\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=6C6912B7110EBB294CBE5194695C43FA5EA623B3 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1527ad1b-1e440d02"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 65  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	16.0.0.257  
 Adobe Reader XI  
 Mozilla Firefox (34.0) 
 Mozilla Thunderbird (31.3.0) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by Dominik (administrator) on TROLLINGSARUMAN on 16-01-2015 22:22:17
Running from C:\Users\Dominik\Desktop
Loaded Profiles: Dominik (Available profiles: Dominik & TogetherCrazyGaming)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml
FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03]
FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Dominik\AppData\Local\Temp\catchme.sys [X]
S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X]
S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 22:15 - 2015-01-16 22:15 - 00001079 _____ () C:\Users\Dominik\Desktop\checkup.txt
2015-01-16 22:09 - 2015-01-16 22:09 - 00852504 _____ () C:\Users\Dominik\Desktop\SecurityCheck.exe
2015-01-16 19:54 - 2015-01-16 19:54 - 02347384 _____ (ESET) C:\Users\Dominik\Desktop\esetsmartinstaller_deu.exe
2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Dominik\Desktop\FRST-OlderVersion
2015-01-16 17:49 - 2015-01-16 17:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-49-56.066-AvastVBoxSVC.exe-3504.log
2015-01-16 17:45 - 2015-01-16 17:45 - 00000286 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (3).txt
2015-01-16 17:35 - 2015-01-16 17:35 - 00000992 _____ () C:\Users\Dominik\Desktop\JRT.txt
2015-01-16 17:33 - 2015-01-16 17:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 17:32 - 2015-01-16 17:32 - 01707939 _____ (Thisisu) C:\Users\Dominik\Desktop\JRT.exe
2015-01-16 17:26 - 2015-01-16 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-26-02.025-AvastVBoxSVC.exe-3908.log
2015-01-16 17:21 - 2015-01-16 17:21 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-21-57.030-AvastVBoxSVC.exe-2964.log
2015-01-16 17:10 - 2015-01-16 17:10 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-10-20.087-AvastVBoxSVC.exe-4084.log
2015-01-16 17:00 - 2015-01-16 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-00-02.052-AvastVBoxSVC.exe-3696.log
2015-01-16 14:45 - 2015-01-16 14:45 - 00000197 _____ () C:\Windows\system32\2015-01-16-13-45-27.090-AvastVBoxSVC.exe-3408.log
2015-01-15 20:17 - 2015-01-15 20:17 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-17-41.019-AvastVBoxSVC.exe-3828.log
2015-01-15 20:12 - 2015-01-15 20:13 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-59.029-aswFe.exe-4604.log
2015-01-15 20:08 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-08-04.058-aswFe.exe-5008.log
2015-01-15 20:02 - 2015-01-15 20:03 - 02191360 _____ () C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe
2015-01-15 19:59 - 2015-01-15 19:59 - 00023039 _____ () C:\Users\Dominik\Desktop\mbam.txt
2015-01-15 19:06 - 2015-01-15 19:06 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-15 19:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 19:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 18:59 - 2015-01-15 19:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-15 18:56 - 2015-01-15 18:56 - 00000197 _____ () C:\Windows\system32\2015-01-15-17-56-39.075-AvastVBoxSVC.exe-2692.log
2015-01-15 18:07 - 2015-01-15 18:07 - 00017812 _____ () C:\ComboFix.txt
2015-01-15 17:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-15 17:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-15 17:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-15 17:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-15 17:35 - 2015-01-15 18:07 - 00000000 ____D () C:\Qoobox
2015-01-15 17:34 - 2015-01-15 18:05 - 00000000 ____D () C:\Windows\erdnt
2015-01-15 17:32 - 2015-01-15 17:32 - 05609736 ____R (Swearware) C:\Users\Dominik\Desktop\ComboFix.exe
2015-01-15 17:28 - 2015-01-15 17:28 - 00000197 _____ () C:\Windows\system32\2015-01-15-16-28-45.010-AvastVBoxSVC.exe-3576.log
2015-01-15 16:16 - 2015-01-15 16:19 - 00102593 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (2).txt
2015-01-15 16:09 - 2015-01-15 16:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Dominik\Desktop\tdsskiller.exe
2015-01-14 21:36 - 2015-01-14 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-14-20-36-18.044-AvastVBoxSVC.exe-3592.log
2015-01-14 21:17 - 2015-01-14 21:17 - 00000000 ____H () C:\Users\Dominik\Documents\Default.rdp
2015-01-14 20:32 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 20:31 - 2015-01-16 22:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 20:31 - 2015-01-15 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 20:29 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 20:28 - 2015-01-15 16:11 - 00000000 ____D () C:\Users\Dominik\Desktop\mbar
2015-01-14 20:26 - 2015-01-14 20:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dominik\Desktop\mbar-1.08.2.1001.exe
2015-01-14 20:21 - 2015-01-14 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-19-21-53.063-AvastVBoxSVC.exe-3692.log
2015-01-14 20:03 - 2015-01-14 20:03 - 00001222 _____ () C:\Users\Dominik\Desktop\Revo Uninstaller.lnk
2015-01-14 20:03 - 2015-01-14 20:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-14 20:00 - 2015-01-14 20:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dominik\Desktop\revosetup95.exe
2015-01-14 19:54 - 2015-01-14 19:54 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-54-07.069-AvastVBoxSVC.exe-3156.log
2015-01-14 19:19 - 2015-01-14 19:19 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-19-08.073-AvastVBoxSVC.exe-3128.log
2015-01-14 18:43 - 2015-01-14 18:43 - 00008989 _____ () C:\Users\Dominik\Desktop\gmer.log
2015-01-14 18:11 - 2015-01-14 18:13 - 00039072 _____ () C:\Users\Dominik\Desktop\Addition.txt
2015-01-14 18:06 - 2015-01-16 22:22 - 00018621 _____ () C:\Users\Dominik\Desktop\FRST.txt
2015-01-14 18:06 - 2015-01-16 22:22 - 00000000 ____D () C:\FRST
2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log
2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable
2015-01-14 17:52 - 2015-01-16 19:06 - 01116672 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe
2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log
2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP
2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp
2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log
2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log
2015-01-13 12:57 - 2015-01-15 18:20 - 00000112 _____ () C:\ProgramData\q485uB3.dat
2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log
2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log
2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log
2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log
2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log
2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup
2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps
2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe
2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log
2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log
2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log
2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log
2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip
2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip
2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip
2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip
2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server
2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 22:20 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi
2015-01-16 22:19 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 22:19 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 22:19 - 2013-01-01 13:03 - 00447020 _____ () C:\Windows\PFRO.log
2015-01-16 22:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 22:19 - 2009-07-14 05:39 - 00216634 _____ () C:\Windows\setupact.log
2015-01-16 22:18 - 2012-12-31 16:02 - 01109904 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 21:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 21:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 19:59 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:13 - 2014-04-30 19:24 - 00000000 ____D () C:\AdwCleaner
2015-01-15 19:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-15 18:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 21:33 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik
2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net
2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client
2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player
2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS
2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik
2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf
2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft
2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III
2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele
2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet
2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird
2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\q485uB3.dat


Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe
C:\Users\Dominik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 19:46

==================== End Of Log ============================
         
--- --- ---

Alt 17.01.2015, 11:35   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Java updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.01.2015, 12:38   #11
tcg
 
Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Alles gemacht - fix fertig. Super!

Fixlog.txt hätte ich jetzt gerne gepostet - jedoch, Ausschnitt aus Delfix:
Code:
ATTFilter
Gelöscht : C:\Users\Dominik\Desktop\Fixlog.txt
         
....Nrrrrg.... is weg.... ich hätte es erst posten müssen.....

Da ich keine weiteren Fragen habe, kann ich nur abschließen mit:

Ausgezeichnete Arbeit. Wow. Ja, dann kannst Du das Abo von diesem Thread gerne löschen. Vielen, vielen Dank!

Alt 17.01.2015, 17:14   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Standard

Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast
akamai, bildschirm, browser, computer, dllhost.exe, downloader, error, failed, firefox, flash player, helper, home, homepage, langsam, launch, logfile, popup, problem, prozessor, realtek, refresh, safer networking, scan, security, sekunden, software, svchost.exe, tablet, taskmanager, teredo, windows



Ähnliche Themen: Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast


  1. Windows7, Bootjingle blärrt, can not create shell notification, Firefox (keine Rückmeldung), danach geht nix mehr
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (9)
  2. Herunterfahren nicht möglich, Versuch über "ausführen" legt alles lahm, nun keine Aktionen mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (13)
  3. Nach Adware Cleaner Meldung: "Keine Internetverbindung". Keine Updates, kein Skype u.ä. mehr möglich!
    Antiviren-, Firewall- und andere Schutzprogramme - 08.01.2015 (15)
  4. Keine Downloads mehr möglich! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (3)
  5. VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?
    Log-Analyse und Auswertung - 03.01.2014 (10)
  6. Keine Internetverbindung mehr nach BKA-Trojaner (glaub ich) Windows7
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (1)
  7. (dsgsdgdsgdsgw.js) Keine symptome mehr, was jetzt?
    Log-Analyse und Auswertung - 03.03.2013 (1)
  8. (2x) BKA Trojaner ; Trojan.Java.Mail.Send.B keine Keine Zugriffe in Windows XP 32 Bit mehr möglich
    Mülltonne - 29.05.2012 (1)
  9. Bundespolizei - infizierte Dateien gelöscht und jetzt keine Anmeldung mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (18)
  10. Erst abnow.com jetzt keine Internetverbindung mehr
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (7)
  11. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  12. Zunächst Vista Antispyware auf dem Rechner, dann nach Neustart keine Programme mehr zu öffnen
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (27)
  13. Festplatte C sind keine Daten mehr sichtbar - Windows7 läuft aber?
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (18)
  14. Keine Updates mehr möglich
    Log-Analyse und Auswertung - 22.12.2010 (3)
  15. keine updates mehr möglich
    Log-Analyse und Auswertung - 14.12.2008 (1)
  16. erst vertikale Striche auf Monitor, jetzt kein hochfahren mehr möglich
    Netzwerk und Hardware - 05.10.2008 (1)
  17. neues MB bekommen, jetzt keine Soundkarte mehr?
    Netzwerk und Hardware - 21.05.2005 (2)

Zum Thema Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast - Guten Abend, Der befallene Rechner zeigte folgende Symptome: Als ich gerufen wurde, war es nicht möglich Programme zu starten. Es stand von AVast eine Meldung auf dem Bildschirm, dass verschiedene - Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast...
Archiv
Du betrachtest: Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.