Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Maus wurde fremdgesteuert; Suche nach der Ursache

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.01.2015, 18:36   #1
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Hallo, liebe Experten.

Ich habe kürzlich bereits einen Thread im Bereich "Überwachung, Datenschutz und Spam" eröffnet und davon erzählt, dass am letzten Dienstag um ungefähr 21:45 Uhr, während ich gerade an einer Client-Server-Anwendung in Java gearbeitet habe (und der Server lief), plötzlich meine Maus fremdgesteuert wurde. Das Ganze sah stark nach Remote Desktop aus (kurzes Flackern des Bildschirms, Maus bewegt sich danach eher ruckelig als smooth, menschliche Bewegungen, gezieltes Öffnen von Programmen, wobei ich mir da ehrlich gesagt nicht sicher bin, weil ich in der Situation ziemlich panisch war). Die relevanten Informationen aus meinem anderen Post dazu:

Zitat:
Jetzt also erst einmal zur Schilderung der Situation: Wie gesagt, ich habe gerade an meinem Spiel gearbeitet (auf Windows 7, Administratorenkonto, mittlerweile weiß ich, dass das dumm ist). Dafür habe ich in Java mithilfe von ServerSockets einen Server aufgesetzt, auf localhost mit dem Port 9001. Der lief während des Tages immer mal wieder beim Testen, aber immer nur für 10-20 Sekunden. Exakt in dem Moment, in dem besagte Situation eingetreten ist, lief er auch wieder. Ich wollte gerade den Client starten, als mein Bildschirm plötzlich kurz flackerte, dann hatte ich keine Kontrolle mehr über meine Maus. Sie bewegte sich von selbst, steuerte auf die Tastkleiste zu und klickte auf ein paar Programmsymbole (Windows Snipping Tool und Skype). Ich bekam Panik, drückte auf Strg+Alt+Entf, der Bildschirm wurde kurz dunkel und der Bildschirm, in dem man den Task-Manager aufrufen kann, öffnete sich. Immer noch in Panik und deshalb nicht wirklich rational handelnd öffnete ich den Task-Manager, hatte dann aber natürlich wieder keine Kontrolle über die Maus, die das Startmenü öffnen wollte - und in dem Moment hab ich dann den PC ausgeschaltet (über den Power-Knopf). Mir ist leider nicht eingefallen, erstmal das LAN-Kabel zu ziehen, um zu überprüfen, ob die Geschichte dann aufhört.

Einen Hardware-Defekt kann ich so gut wie ausschließen. Das ist danach und davor nicht aufgetaucht, die Bewegungen waren sehr menschlich und die Maus hat ein wenig gelaggt, ist also nicht so smooth über den Bildschirm gewandert wie normalerweise - das Ganze sah exakt so aus wie Remote Desktop.

Eine halbe Stunde später habe ich den PC wieder gestartet, ohne Internet, da war dann natürlich nichts mehr. Ich habe dann erst einmal mein AV-Programm (avast) durchlaufen lassen, das erwartungsgemäß nichts gefunden hat. Danach habe ich Spybot, Malwarebytes Anti-Malware und die Malwarebytes Anti-Rootkit-Beta durchlaufen lassen, aber ohne irgendwelche Funde (abgesehen von zwei Logfiles von AZLyrics im Chrome-Ordner, das wird allerdings kaum in irgendeiner Art und Weise problematisch sein). Seitdem habe ich den PC nicht mehr angeschaltet und habe das wie gesagt eine ganze Weile lang auch nicht vor.
Ich habe jetzt auf Anraten einiger User hier doch einen Thread eröffnet und, gemäß der Anweisung von Warlord711, einen FRST-Scan gemacht, den ich gleich posten werde.

Ich möchte nicht zwangsläufig mein System bereinigen, weil ich es ohnehin neu aufsetzen werde. Allerdings ist es mir enorm wichtig, die Ursache für die besagte Übernahme herauszufinden. Wenn es dabei unumgänglich sein sollte, auch die üblichen Bereinigungsmaßnahmen durchzuführen, werde ich das tun. Ich komme momentan mit der Situation nicht gut klar und brauche deshalb Aufklärung.

Sollten sich Anzeichen von illegaler Software auf meinem Rechner befinden, teilt mir das bitte mit. Ich habe vor einiger Zeit beschlossen, mit so etwas aufzuhören, es sollten sich deshalb auch keine Cracks oder Keygens auf meinem Rechner befinden, wenn trotzdem etwas auffallen sollte, werde ich die entsprechenden Sachen gern von meinem PC löschen und die Logs neu erstellen, falls nötig.

Ich habe meine persönlichen Informationen (Benutzer- und PC-Namen) unkenntlich gemacht, ansonsten ist alles unverändert.

FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by [mein Name] (administrator) on [mein PC-Name]SPC on 26-01-2015 19:16:38
Running from C:\Users\[mein Name]\Desktop
Loaded Profiles: [mein Name] (Available profiles: [mein Name])
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies) F:\Kommunikation\Skype\Updater\Updater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Chicony) C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\Ttsystray3.exe
(Chicony) C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\tTOSD2k1001.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) F:\Office\Evernote\EvernoteClipper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-08] (AVAST Software)
HKLM-x32\...\Run: [ChallengerUlti[mein Name]] => C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\Ttsystray3.exe [1254912 2010-08-05] (Chicony)
HKLM-x32\...\Run: [ChallengerUlti[mein Name]OSD] => C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\tTOSD2k1001.exe [634880 2010-08-05] (Chicony)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] ()
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [DAEMON Tools Lite] => F:\Tools\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\[mein Name]\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\MountPoints2: {7364f857-0ce3-11e4-befb-806e6f6e6963} - G:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> F:\Office\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mausarm.lnk
ShortcutTarget: Mausarm.lnk -> F:\Tools\Mausarm\Mausarm.exe (hxxp://www.repetitive-strain-injury.de)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
ShortcutTarget: Omnimo.lnk -> E:\Dokumente\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Office\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Office\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\[mein Name]\AppData\Roaming\Mozilla\Firefox\Profiles\wzabaujr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\Office\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> F:\Multimedia\VLC Media Player\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-911010182-206266418-2943002704-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\[mein Name]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-25]
StartMenuInternet: FIREFOX.EXE - F:\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> chrome://apps/
CHR Profile: C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-07-16]
CHR Extension: (Google Docs) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Do Not Track) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2014-10-08]
CHR Extension: (Google-Suche) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Clear Cache) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2014-10-08]
CHR Extension: (AdBlock) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-16]
CHR Extension: (Avast Online Security) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Evernote Web Clipper) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-10-08]
CHR Extension: (Google Mail) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
S3 DAUpdaterSvc; G:\Dragon Age - Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SkypeUpdate; F:\Kommunikation\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-16] (Disc Soft Ltd)
U5 UnlockerDriver5; F:\Tools\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:16 - 2015-01-26 19:16 - 00019799 _____ () C:\Users\[mein Name]\Desktop\FRST.txt
2015-01-26 19:16 - 2015-01-26 19:16 - 00000000 ____D () C:\FRST
2015-01-26 19:16 - 2015-01-26 19:13 - 02129920 _____ (Farbar) C:\Users\[mein Name]\Desktop\FRST64.exe
2015-01-26 19:15 - 2015-01-26 19:15 - 00000376 _____ () C:\Windows\PFRO.log
2015-01-21 00:50 - 2015-01-21 00:50 - 00012471 _____ () C:\Users\[mein Name]\Desktop\hijackthis.log
2015-01-21 00:44 - 2015-01-21 00:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 00:43 - 2015-01-21 00:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\[mein Name]\Desktop\HijackThis.exe
2015-01-21 00:42 - 2015-01-21 00:26 - 16466552 _____ (Malwarebytes Corp.) C:\Users\[mein Name]\Desktop\mbar-1.08.3.1004.exe
2015-01-21 00:40 - 2015-01-21 00:40 - 02651496 _____ () C:\Users\[mein Name]\Desktop\OTL.Txt
2015-01-21 00:36 - 2015-01-21 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\[mein Name]\Desktop\otl.exe
2015-01-20 23:52 - 2015-01-21 00:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 23:52 - 2015-01-21 00:43 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-20 23:52 - 2015-01-20 23:52 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-20 23:52 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-20 23:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-20 23:43 - 2015-01-20 23:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 23:43 - 2015-01-20 23:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 23:43 - 2015-01-20 23:43 - 00001398 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-20 23:43 - 2015-01-20 23:43 - 00001386 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-20 23:43 - 2015-01-20 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-20 23:43 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-18 21:48 - 2015-01-18 21:48 - 00271640 _____ () C:\Windows\Minidump\011815-10124-01.dmp
2015-01-16 10:47 - 2015-01-16 10:47 - 00275936 _____ () C:\Windows\Minidump\011615-13353-01.dmp
2015-01-16 10:43 - 2015-01-16 10:43 - 00271640 _____ () C:\Windows\Minidump\011615-10296-01.dmp
2015-01-16 10:35 - 2015-01-18 21:48 - 317814034 _____ () C:\Windows\MEMORY.DMP
2015-01-16 10:35 - 2015-01-16 10:35 - 00275936 _____ () C:\Windows\Minidump\011615-13244-01.dmp
2015-01-14 12:22 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:22 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:22 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:22 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:22 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:22 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:22 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:22 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:22 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:22 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:22 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:08 - 2015-01-13 13:08 - 00001567 _____ () C:\Users\[mein Name]\Desktop\Player.txt
2015-01-13 13:07 - 2015-01-13 13:07 - 00001054 _____ () C:\Users\[mein Name]\Desktop\Server.txt
2015-01-13 13:06 - 2015-01-13 13:06 - 00001822 _____ () C:\Users\[mein Name]\Desktop\Client.txt
2015-01-12 23:42 - 2015-01-26 19:15 - 00002016 _____ () C:\Windows\setupact.log
2015-01-12 23:42 - 2015-01-12 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 13:46 - 2015-01-20 22:05 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for [mein PC-Name]sPC-[mein Name] [mein PC-Name]sPC
2015-01-11 22:40 - 2015-01-11 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-11 22:40 - 2015-01-11 22:40 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\Program Files\Apache Software Foundation
2015-01-07 20:24 - 2015-01-07 20:24 - 00000890 _____ () C:\Users\Public\Desktop\NetBeans IDE 8.0.2.lnk
2015-01-07 20:24 - 2015-01-07 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2015-01-06 22:39 - 2015-01-07 21:45 - 00005210 _____ () C:\Users\[mein Name]\Desktop\Schmutzosophie.txt
2015-01-06 20:09 - 2015-01-06 20:09 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Macromedia
2015-01-06 20:08 - 2015-01-06 20:08 - 00000765 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-06 20:08 - 2015-01-06 20:08 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Mozilla
2015-01-06 14:23 - 2015-01-06 14:23 - 00058826 _____ () C:\Windows\SysWOW64\CCCInstall_201501061423450181.log
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\ProgramData\ATI
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:16 - 2014-07-16 17:02 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-01-26 19:15 - 2014-08-25 16:27 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Adobe
2015-01-26 19:15 - 2014-07-16 15:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 19:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 01:29 - 2014-07-16 13:26 - 01097077 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 01:27 - 2014-07-21 12:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 01:15 - 2014-07-16 15:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 01:00 - 2014-07-16 17:07 - 00000000 _____ () C:\Windows\Path.idx
2015-01-20 22:15 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 22:15 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 22:01 - 2011-04-12 08:43 - 01746440 _____ () C:\Windows\system32\perfh007.dat
2015-01-20 22:01 - 2011-04-12 08:43 - 00474852 _____ () C:\Windows\system32\perfc007.dat
2015-01-20 22:01 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 21:45 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Skype
2015-01-20 21:33 - 2014-07-17 15:45 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\TS3Client
2015-01-20 01:06 - 2009-07-14 05:45 - 05065904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-19 13:27 - 2014-07-16 15:57 - 00114784 _____ () C:\Users\[mein Name]\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-19 12:53 - 2014-12-11 00:01 - 00000000 ____D () C:\ProgramData\Unity
2015-01-18 21:48 - 2014-11-10 16:48 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 19:27 - 2014-07-21 12:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 19:27 - 2014-07-21 12:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 19:27 - 2014-07-21 12:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 13:16 - 2014-07-16 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:13 - 2014-07-16 14:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:02 - 2014-11-19 16:30 - 00000474 _____ () C:\Users\[mein Name]\Desktop\Woche.txt
2015-01-12 13:46 - 2014-09-18 09:13 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\FileZilla
2015-01-12 13:46 - 2014-07-16 18:57 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\DAEMON Tools Lite
2015-01-12 13:41 - 2014-07-16 16:08 - 00000000 ____D () C:\AMD
2015-01-11 22:40 - 2014-07-16 19:43 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 20:27 - 2014-07-22 10:41 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\NetBeans
2015-01-07 20:27 - 2014-07-22 10:35 - 00000000 ____D () C:\Users\[mein Name]\.nbi
2015-01-06 20:08 - 2014-08-11 15:18 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Mozilla
2015-01-06 14:23 - 2014-07-16 16:09 - 00000000 ____D () C:\ProgramData\AMD
2015-01-06 14:23 - 2014-07-16 13:40 - 00000000 ____D () C:\Program Files\AMD
2015-01-06 14:23 - 2014-07-16 13:37 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-01-06 14:22 - 2014-07-16 16:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 14:22 - 2014-07-16 16:09 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-08-28 13:34 - 2014-12-19 01:23 - 0000132 _____ () C:\Users\[mein Name]\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-16 14:03 - 2014-09-16 14:03 - 0001456 _____ () C:\Users\[mein Name]\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-26 14:51 - 2014-08-26 14:51 - 0000789 _____ () C:\Users\[mein Name]\AppData\Local\recently-used.xbel
2014-07-16 17:14 - 2014-07-16 17:14 - 0000017 _____ () C:\Users\[mein Name]\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 20:09

==================== End Of Log ============================
         
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by [mein Name] at 2015-01-26 19:16:59
Running from C:\Users\[mein Name]\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Aiseesoft DVD Creator 5.1.20 (HKLM-x32\...\Aiseesoft DVD Creator_is1) (Version:  - )
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Baldur's Gate (HKLM-x32\...\Baldur's Gate) (Version:  - )
Baldurs Gate(TM) II - Thron des Bhaal (TM) (HKLM-x32\...\{5B09F344-4406-11D5-96E8-0050BA84F5F7}) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.71.1.2014 - Georgy Berdyshev)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID ASUS CPU-Z 1.61 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.61 - CPUID, Inc.)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Dev Eject (HKLM-x32\...\{DAFFE086-6A05-46F1-90A3-E5C514AA02D7}) (Version: 1.0.29.0 - deveject.com)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
ffdshow v1.1.3800 [2011-03-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3800.0 - )
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
FormatFactory 3.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Git version 1.9.4-preview20140611 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140611 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
Grotesque Tactics: Evil Heroes (HKLM-x32\...\Steam App 46450) (Version:  - Headup Games)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Infinity Wars - Ani[mein Name]d Trading Card Game (HKLM-x32\...\Steam App 257730) (Version:  - Lightmare Studios)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mausarm 1.0.1 (HKLM-x32\...\{7A690610-D345-4889-98E0-CC2153718A46}_is1) (Version:  - Clemens Conrad)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Ihr Firmenname)
MOUSE Editor (x32 Version: 12.08.0006 - Ihr Firmenname) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PixelJunk Monsters Ulti[mein Name] (HKLM-x32\...\Steam App 243780) (Version:  - )
Puzzle Quest (HKLM-x32\...\Steam App 12500) (Version:  - Infinite Interactive)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games)
Tt eSPORTS Challenger Ulti[mein Name] (HKLM-x32\...\{D65D9706-6D6D-42E8-A11A-63E3AFECBBC1}) (Version: 2.0.2.0 - Tt eSPORTS)
Unity (HKLM-x32\...\Unity) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
yEd Graph Editor 3.13 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-911010182-206266418-2943002704-1000_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> F:\Office\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-911010182-206266418-2943002704-1000_Classes\CLSID\{BD6BEEE8-64CE-4814-B319-990645883E89}\InprocServer32 -> F:\Office\Evernote\EvernoteOLx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-911010182-206266418-2943002704-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> F:\Entwicklung\Git\git-cheetah\git_shell_ext64.dll ()

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-25 13:37 - 00001028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CDD5BB7-F4AB-4865-B7FA-A152464FAEEC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => F:\Office\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2ED8F299-4598-4C68-9BB0-7E015C37F4F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {4E16A694-B5D8-47F6-BB5D-02986F5B39DE} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-27] ()
Task: {62829E18-1906-4C58-ADC9-DC16C9B6DD79} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {6799CB9F-E12E-4314-A7C3-E5A5C3DF67FA} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {6CE2749F-A7EB-444C-B3FF-65DEE04661DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {814F6EAE-34A4-422F-B148-033A8A5F8615} - System32\Tasks\Microsoft Office 15 Sync Maintenance for [mein PC-Name]sPC-[mein Name] [mein PC-Name]sPC => F:\Office\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {86AE5538-64DE-4242-9FC3-1B02FC425015} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {93079ACB-96ED-424E-85F1-F057795B7518} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {992068AE-450E-45E1-9E9B-76F288005A98} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {9F77FE60-B252-416D-BB07-32B8C7224C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {B5F59D8F-C197-4994-BBC0-CC08696E0EE7} - System32\Tasks\CCleanerSkipUAC => F:\Wartung\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {EF4C3783-9A3A-4784-A028-A2E100EC82B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => F:\Office\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EFABD975-03FC-47AD-97AB-C7CAEE388A51} - System32\Tasks\AdobeAAMUpdater-1.0-[mein PC-Name]sPC-[mein Name] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2012-06-01 10:42 - 2012-06-01 10:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-11-24 22:36 - 2014-11-24 22:36 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-24 22:36 - 2014-11-24 22:36 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () F:\Internet\FileZilla\fzshellext_64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () F:\Tools\Unlocker\UnlockerCOM.dll
2014-08-11 15:51 - 2014-06-12 15:09 - 00736450 _____ () F:\Entwicklung\Git\git-cheetah\git_shell_ext64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () F:\Entwicklung\Notepad++\NppShell_06.dll
2012-08-16 04:11 - 2012-08-16 04:11 - 03333632 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-20 19:52 - 2015-01-20 19:52 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2014-11-24 22:36 - 2014-11-24 22:36 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-07-16 16:58 - 2015-01-26 19:15 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-07-16 16:58 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-01-20 23:43 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-20 23:43 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-20 23:43 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-20 23:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-20 23:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-12-02 10:56 - 2010-12-02 10:56 - 00815104 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-01-09 13:45 - 2011-01-09 13:45 - 00088064 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 08:59 - 2012-06-14 08:59 - 02414080 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 04:17 - 2012-05-17 04:17 - 01000448 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00085504 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00054272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 08:14 - 2011-04-12 08:14 - 00063488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 13:16 - 2010-11-01 13:16 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 04:40 - 2012-04-27 04:40 - 00118272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () F:\Internet\FileZilla\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () F:\Internet\FileZilla\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () F:\Internet\FileZilla\libstdc++-6.dll
2014-11-24 22:36 - 2014-11-24 22:36 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-16 16:52 - 2010-08-05 13:39 - 00045056 _____ () C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\WMINPUT.DLL
2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () F:\Office\Evernote\libxml2.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () F:\Office\Evernote\libtidy.dll
2014-12-03 19:07 - 2014-12-03 19:07 - 00019968 _____ () F:\Entwicklung\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-07-16 17:00 - 2012-08-03 09:41 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-07-16 17:00 - 2012-08-03 15:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-07-16 16:59 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-07-16 16:59 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-07-16 16:59 - 2012-03-21 11:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-07-16 17:00 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2014-07-16 16:59 - 2012-05-25 09:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-07-16 16:59 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-07-16 16:59 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-07-16 16:59 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-07-16 16:59 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-07-16 16:58 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2014-07-16 16:59 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-07-16 17:01 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2014-07-16 16:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-07-16 16:59 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-911010182-206266418-2943002704-500 - Administrator - Disabled)
Gast (S-1-5-21-911010182-206266418-2943002704-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-911010182-206266418-2943002704-1002 - Limited - Enabled)
[mein Name] (S-1-5-21-911010182-206266418-2943002704-1000 - Administrator - Enabled) => C:\Users\[mein Name]

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 07:15:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 10:01:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/20/2015 10:01:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/20/2015 10:01:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/20/2015 09:54:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 11:56:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/20/2015 11:56:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/20/2015 11:56:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/20/2015 11:51:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 01:11:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (01/26/2015 07:15:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/20/2015 09:54:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/20/2015 09:54:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎01.‎2015 um 21:45:40 unerwartet heruntergefahren.

Error: (01/20/2015 01:37:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/20/2015 01:37:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/20/2015 11:51:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/20/2015 01:06:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/19/2015 05:01:31 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (01/19/2015 10:48:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/18/2015 10:32:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (01/26/2015 07:15:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 10:01:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/20/2015 10:01:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/20/2015 10:01:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/20/2015 09:54:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 11:56:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/20/2015 11:56:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/20/2015 11:56:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/20/2015 11:51:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 01:11:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2015-01-26 19:15:43.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 01:29:33.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:59:24.209
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:50:20.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:43:27.534
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:36:07.506
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:29:22.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-20 23:40:28.344
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-20 23:05:48.606
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-20 22:41:11.386
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 11%
Total physical RAM: 16300.99 MB
Available physical RAM: 14355.46 MB
Total Pagefile: 32600.16 MB
Available Pagefile: 30444.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:80.03 GB) (Free:27.9 GB) NTFS
Drive d: (Projekte) (Fixed) (Total:150.27 GB) (Free:106.96 GB) NTFS
Drive e: (Medien) (Fixed) (Total:250.49 GB) (Free:88.64 GB) NTFS
Drive f: (Software) (Fixed) (Total:195.29 GB) (Free:162.1 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:158.22 GB) (Free:74.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A631432D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: CFB82CA6)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Ich danke euch vielmals für eure Hilfe!

Alt 26.01.2015, 18:46   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 26.01.2015, 20:02   #3
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



TDSSKiller-Log #1
Code:
ATTFilter
20:42:53.0856 0x0ec4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:42:53.0856 0x0ec4  UEFI system
20:43:58.0643 0x0ec4  ============================================================
20:43:58.0643 0x0ec4  Current date / time: 2015/01/26 20:43:58.0643
20:43:58.0643 0x0ec4  SystemInfo:
20:43:58.0643 0x0ec4  
20:43:58.0643 0x0ec4  OS Version: 6.1.7601 ServicePack: 1.0
20:43:58.0643 0x0ec4  Product type: Workstation
20:43:58.0643 0x0ec4  ComputerName: [mein PC-Name]SPC
20:43:58.0643 0x0ec4  UserName: [mein Name]
20:43:58.0643 0x0ec4  Windows directory: C:\Windows
20:43:58.0643 0x0ec4  System windows directory: C:\Windows
20:43:58.0643 0x0ec4  Running under WOW64
20:43:58.0643 0x0ec4  Processor architecture: Intel x64
20:43:58.0643 0x0ec4  Number of processors: 6
20:43:58.0643 0x0ec4  Page size: 0x1000
20:43:58.0643 0x0ec4  Boot type: Normal boot
20:43:58.0643 0x0ec4  ============================================================
20:43:58.0690 0x0ec4  KLMD registered as C:\Windows\system32\drivers\52234815.sys
20:43:58.0736 0x0ec4  System UUID: {06ADA3C5-5C46-797E-F122-15F0F844632E}
20:43:59.0002 0x0ec4  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:43:59.0017 0x0ec4  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:43:59.0033 0x0ec4  ============================================================
20:43:59.0033 0x0ec4  \Device\Harddisk0\DR0:
20:43:59.0033 0x0ec4  GPT partitions:
20:43:59.0033 0x0ec4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {594D50D1-243F-48E5-A16A-3DD68E8B4C40}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
20:43:59.0033 0x0ec4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {44D4BDB4-DB34-4AC4-AD95-4737F334D26A}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
20:43:59.0033 0x0ec4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7416F8A9-F370-470B-BECD-21CC19BFC6E2}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xA010000
20:43:59.0033 0x0ec4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {39C95DF6-464C-4BCD-8D82-B36861BF797E}, Name: Basic data partition, StartLBA 0xA082800, BlocksNum 0x13C70800
20:43:59.0033 0x0ec4  MBR partitions:
20:43:59.0033 0x0ec4  \Device\Harddisk1\DR1:
20:43:59.0033 0x0ec4  GPT partitions:
20:43:59.0033 0x0ec4  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {58800734-D5F7-4521-9458-5D8CBB15A157}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
20:43:59.0033 0x0ec4  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F51B3A84-B603-4D50-85E2-FEBA23A6267F}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x12C88000
20:43:59.0033 0x0ec4  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CF6EE5E4-E0D7-4526-955C-E756947F059A}, Name: Basic data partition, StartLBA 0x12CC8800, BlocksNum 0x1F4FA000
20:43:59.0033 0x0ec4  \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1EE7ACB7-C3C8-4607-8563-043F6CACBCF0}, Name: Basic data partition, StartLBA 0x321C2800, BlocksNum 0x18695000
20:43:59.0033 0x0ec4  MBR partitions:
20:43:59.0033 0x0ec4  ============================================================
20:43:59.0033 0x0ec4  C: <-> \Device\Harddisk0\DR0\Partition3
20:43:59.0048 0x0ec4  D: <-> \Device\Harddisk1\DR1\Partition2
20:43:59.0080 0x0ec4  E: <-> \Device\Harddisk1\DR1\Partition3
20:43:59.0126 0x0ec4  F: <-> \Device\Harddisk1\DR1\Partition4
20:43:59.0126 0x0ec4  G: <-> \Device\Harddisk0\DR0\Partition4
20:43:59.0126 0x0ec4  ============================================================
20:43:59.0126 0x0ec4  Initialize success
20:43:59.0126 0x0ec4  ============================================================
20:44:17.0129 0x0be8  Deinitialize success
         
TDSSKiller-Log #2
Code:
ATTFilter
20:44:19.0193 0x1524  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:44:19.0193 0x1524  UEFI system
20:44:22.0282 0x1524  ============================================================
20:44:22.0282 0x1524  Current date / time: 2015/01/26 20:44:22.0282
20:44:22.0282 0x1524  SystemInfo:
20:44:22.0282 0x1524  
20:44:22.0282 0x1524  OS Version: 6.1.7601 ServicePack: 1.0
20:44:22.0282 0x1524  Product type: Workstation
20:44:22.0282 0x1524  ComputerName: [mein PC-Name]SPC
20:44:22.0282 0x1524  UserName: [mein Name]
20:44:22.0282 0x1524  Windows directory: C:\Windows
20:44:22.0282 0x1524  System windows directory: C:\Windows
20:44:22.0282 0x1524  Running under WOW64
20:44:22.0282 0x1524  Processor architecture: Intel x64
20:44:22.0282 0x1524  Number of processors: 6
20:44:22.0282 0x1524  Page size: 0x1000
20:44:22.0282 0x1524  Boot type: Normal boot
20:44:22.0282 0x1524  ============================================================
20:44:22.0328 0x1524  KLMD registered as C:\Windows\system32\drivers\33570191.sys
20:44:22.0375 0x1524  System UUID: {06ADA3C5-5C46-797E-F122-15F0F844632E}
20:44:22.0640 0x1524  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:22.0640 0x1524  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:22.0656 0x1524  ============================================================
20:44:22.0656 0x1524  \Device\Harddisk0\DR0:
20:44:22.0656 0x1524  GPT partitions:
20:44:22.0656 0x1524  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {594D50D1-243F-48E5-A16A-3DD68E8B4C40}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
20:44:22.0656 0x1524  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {44D4BDB4-DB34-4AC4-AD95-4737F334D26A}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
20:44:22.0656 0x1524  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7416F8A9-F370-470B-BECD-21CC19BFC6E2}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xA010000
20:44:22.0656 0x1524  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {39C95DF6-464C-4BCD-8D82-B36861BF797E}, Name: Basic data partition, StartLBA 0xA082800, BlocksNum 0x13C70800
20:44:22.0656 0x1524  MBR partitions:
20:44:22.0656 0x1524  \Device\Harddisk1\DR1:
20:44:22.0656 0x1524  GPT partitions:
20:44:22.0656 0x1524  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {58800734-D5F7-4521-9458-5D8CBB15A157}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
20:44:22.0656 0x1524  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F51B3A84-B603-4D50-85E2-FEBA23A6267F}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x12C88000
20:44:22.0656 0x1524  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CF6EE5E4-E0D7-4526-955C-E756947F059A}, Name: Basic data partition, StartLBA 0x12CC8800, BlocksNum 0x1F4FA000
20:44:22.0656 0x1524  \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1EE7ACB7-C3C8-4607-8563-043F6CACBCF0}, Name: Basic data partition, StartLBA 0x321C2800, BlocksNum 0x18695000
20:44:22.0656 0x1524  MBR partitions:
20:44:22.0656 0x1524  ============================================================
20:44:22.0672 0x1524  C: <-> \Device\Harddisk0\DR0\Partition3
20:44:22.0672 0x1524  D: <-> \Device\Harddisk1\DR1\Partition2
20:44:22.0672 0x1524  E: <-> \Device\Harddisk1\DR1\Partition3
20:44:22.0687 0x1524  F: <-> \Device\Harddisk1\DR1\Partition4
20:44:22.0687 0x1524  G: <-> \Device\Harddisk0\DR0\Partition4
20:44:22.0687 0x1524  ============================================================
20:44:22.0687 0x1524  Initialize success
20:44:22.0687 0x1524  ============================================================
20:45:01.0890 0x0550  ============================================================
20:45:01.0890 0x0550  Scan started
20:45:01.0890 0x0550  Mode: Manual; SigCheck; TDLFS; 
20:45:01.0890 0x0550  ============================================================
20:45:01.0890 0x0550  KSN ping started
20:45:01.0906 0x0550  KSN ping finished: false
20:45:02.0124 0x0550  ================ Scan system memory ========================
20:45:02.0124 0x0550  System memory - ok
20:45:02.0124 0x0550  ================ Scan services =============================
20:45:02.0155 0x0550  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:45:02.0218 0x0550  1394ohci - ok
20:45:02.0218 0x0550  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:45:02.0249 0x0550  ACPI - ok
20:45:02.0249 0x0550  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:45:02.0265 0x0550  AcpiPmi - ok
20:45:02.0280 0x0550  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:45:02.0280 0x0550  AdobeARMservice - ok
20:45:02.0311 0x0550  [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:45:02.0327 0x0550  AdobeFlashPlayerUpdateSvc - ok
20:45:02.0343 0x0550  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:45:02.0374 0x0550  adp94xx - ok
20:45:02.0374 0x0550  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:45:02.0405 0x0550  adpahci - ok
20:45:02.0405 0x0550  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:45:02.0421 0x0550  adpu320 - ok
20:45:02.0436 0x0550  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:45:02.0467 0x0550  AeLookupSvc - ok
20:45:02.0467 0x0550  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:45:02.0499 0x0550  AFD - ok
20:45:02.0499 0x0550  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:45:02.0514 0x0550  agp440 - ok
20:45:02.0530 0x0550  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:45:02.0545 0x0550  ALG - ok
20:45:02.0545 0x0550  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:45:02.0561 0x0550  aliide - ok
20:45:02.0561 0x0550  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:45:02.0592 0x0550  AMD External Events Utility - ok
20:45:02.0592 0x0550  AMD FUEL Service - ok
20:45:02.0592 0x0550  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:45:02.0608 0x0550  amdide - ok
20:45:02.0608 0x0550  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:45:02.0623 0x0550  AmdK8 - ok
20:45:02.0920 0x0550  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:03.0372 0x0550  amdkmdag - ok
20:45:03.0403 0x0550  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:45:03.0435 0x0550  amdkmdap - ok
20:45:03.0435 0x0550  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:45:03.0450 0x0550  AmdPPM - ok
20:45:03.0466 0x0550  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:45:03.0481 0x0550  amdsata - ok
20:45:03.0481 0x0550  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:45:03.0497 0x0550  amdsbs - ok
20:45:03.0497 0x0550  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:45:03.0513 0x0550  amdxata - ok
20:45:03.0528 0x0550  [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
20:45:03.0544 0x0550  amd_sata - ok
20:45:03.0544 0x0550  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
20:45:03.0559 0x0550  amd_xata - ok
20:45:03.0559 0x0550  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:45:03.0575 0x0550  AODDriver4.3 - ok
20:45:03.0575 0x0550  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
20:45:03.0591 0x0550  AppID - ok
20:45:03.0606 0x0550  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:45:03.0622 0x0550  AppIDSvc - ok
20:45:03.0622 0x0550  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:45:03.0637 0x0550  Appinfo - ok
20:45:03.0637 0x0550  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:45:03.0669 0x0550  AppMgmt - ok
20:45:03.0669 0x0550  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:45:03.0684 0x0550  arc - ok
20:45:03.0684 0x0550  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:45:03.0700 0x0550  arcsas - ok
20:45:03.0715 0x0550  [ EB6DC008A1F36DFD7999EB57E97EAACE, 2652798D622A751AD84429E03266F32B4EE86DECC34CA8153790D04F43E03A66 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
20:45:03.0731 0x0550  asahci64 - ok
20:45:03.0747 0x0550  [ 31E2470E61D5A390405BA41C279D8446, ADA2518DCB78529F716622E45775283CBBB8CA61A4E90B99C2D799C23C8AFCAA ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
20:45:03.0778 0x0550  asComSvc - ok
20:45:03.0809 0x0550  [ 0466B91EE5767A769E9F8EDB8EF94DDB, 04A529E57D6F617688B072B3BD281538B6B02BB985EE0AE2E355E685E52BE0C8 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
20:45:03.0840 0x0550  asHmComSvc - ok
20:45:03.0856 0x0550  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
20:45:03.0871 0x0550  AsIO - ok
20:45:03.0871 0x0550  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:45:03.0887 0x0550  asmthub3 - ok
20:45:03.0903 0x0550  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:45:03.0934 0x0550  asmtxhci - ok
20:45:03.0934 0x0550  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:45:03.0965 0x0550  aspnet_state - ok
20:45:03.0965 0x0550  [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
20:45:03.0981 0x0550  AsSysCtrlService - ok
20:45:03.0981 0x0550  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
20:45:03.0996 0x0550  AsUpIO - ok
20:45:04.0027 0x0550  [ E73BD58EFACB75B2C66AF74B65EF8755, 9434733EC8661CC4E81CD33CA3DB26855E1BD4CF43E1353159BA7D66E19B639A ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
20:45:04.0090 0x0550  AsusFanControlService - ok
20:45:04.0090 0x0550  [ A5E4CDB420540095D1293C874B5F89AA, EBC082FF94872537649F00D91AF22E0AFB4D538ACDB4731C9A95D209C7B144FD ] ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
20:45:04.0105 0x0550  ASUSFILTER - ok
20:45:04.0105 0x0550  [ 7882BB401553008C3D17251D98474412, 6F09D494C6244D5A0B6738C64D2E43BECB7FC222FE4D433BF26397F1AFEF03AB ] ASUSstpt        C:\Windows\system32\DRIVERS\ASUSstpt.sys
20:45:04.0121 0x0550  ASUSstpt - ok
20:45:04.0137 0x0550  [ 23041D6FADF1287457E12CDBE2466554, DC77E1881D36F93BFD8E4BE50CA61511ECF8F3421424DD7A94C60DC2DF24D3F4 ] ASUSumsc        C:\Windows\system32\DRIVERS\ASUSumsc.sys
20:45:04.0152 0x0550  ASUSumsc - ok
20:45:04.0152 0x0550  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
20:45:04.0168 0x0550  aswHwid - ok
20:45:04.0168 0x0550  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:45:04.0183 0x0550  aswMonFlt - ok
20:45:04.0199 0x0550  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
20:45:04.0215 0x0550  aswRdr - ok
20:45:04.0215 0x0550  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:45:04.0230 0x0550  aswRvrt - ok
20:45:04.0246 0x0550  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:45:04.0293 0x0550  aswSnx - ok
20:45:04.0308 0x0550  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:45:04.0339 0x0550  aswSP - ok
20:45:04.0339 0x0550  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
20:45:04.0355 0x0550  aswStm - ok
20:45:04.0371 0x0550  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:45:04.0386 0x0550  aswVmm - ok
20:45:04.0402 0x0550  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:04.0417 0x0550  AsyncMac - ok
20:45:04.0433 0x0550  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:45:04.0449 0x0550  atapi - ok
20:45:04.0449 0x0550  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:45:04.0464 0x0550  AtiHDAudioService - ok
20:45:04.0480 0x0550  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:45:04.0511 0x0550  AudioEndpointBuilder - ok
20:45:04.0527 0x0550  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:45:04.0558 0x0550  AudioSrv - ok
20:45:04.0558 0x0550  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:45:04.0573 0x0550  avast! Antivirus - ok
20:45:04.0651 0x0550  [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
20:45:04.0761 0x0550  AvastVBoxSvc - ok
20:45:04.0776 0x0550  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:45:04.0792 0x0550  AxInstSV - ok
20:45:04.0807 0x0550  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:45:04.0839 0x0550  b06bdrv - ok
20:45:04.0839 0x0550  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:45:04.0870 0x0550  b57nd60a - ok
20:45:04.0870 0x0550  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:45:04.0885 0x0550  BDESVC - ok
20:45:04.0885 0x0550  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:45:04.0917 0x0550  Beep - ok
20:45:04.0932 0x0550  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:45:04.0963 0x0550  BFE - ok
20:45:04.0979 0x0550  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:45:05.0041 0x0550  BITS - ok
20:45:05.0041 0x0550  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:45:05.0057 0x0550  blbdrive - ok
20:45:05.0057 0x0550  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:45:05.0073 0x0550  bowser - ok
20:45:05.0073 0x0550  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:45:05.0088 0x0550  BrFiltLo - ok
20:45:05.0104 0x0550  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:45:05.0119 0x0550  BrFiltUp - ok
20:45:05.0119 0x0550  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:45:05.0135 0x0550  Browser - ok
20:45:05.0151 0x0550  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:45:05.0166 0x0550  Brserid - ok
20:45:05.0166 0x0550  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:45:05.0182 0x0550  BrSerWdm - ok
20:45:05.0197 0x0550  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:45:05.0213 0x0550  BrUsbMdm - ok
20:45:05.0213 0x0550  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:45:05.0229 0x0550  BrUsbSer - ok
20:45:05.0229 0x0550  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:45:05.0244 0x0550  BTHMODEM - ok
20:45:05.0260 0x0550  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:45:05.0275 0x0550  bthserv - ok
20:45:05.0291 0x0550  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:45:05.0322 0x0550  cdfs - ok
20:45:05.0322 0x0550  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:45:05.0338 0x0550  cdrom - ok
20:45:05.0353 0x0550  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:45:05.0369 0x0550  CertPropSvc - ok
20:45:05.0385 0x0550  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:45:05.0400 0x0550  circlass - ok
20:45:05.0400 0x0550  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:45:05.0431 0x0550  CLFS - ok
20:45:05.0431 0x0550  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:05.0447 0x0550  clr_optimization_v2.0.50727_32 - ok
20:45:05.0463 0x0550  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:45:05.0478 0x0550  clr_optimization_v2.0.50727_64 - ok
20:45:05.0478 0x0550  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:45:05.0509 0x0550  clr_optimization_v4.0.30319_32 - ok
20:45:05.0509 0x0550  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:45:05.0525 0x0550  clr_optimization_v4.0.30319_64 - ok
20:45:05.0525 0x0550  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:45:05.0541 0x0550  CmBatt - ok
20:45:05.0556 0x0550  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:45:05.0556 0x0550  cmdide - ok
20:45:05.0572 0x0550  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:45:05.0603 0x0550  CNG - ok
20:45:05.0603 0x0550  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:45:05.0619 0x0550  Compbatt - ok
20:45:05.0634 0x0550  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:45:05.0650 0x0550  CompositeBus - ok
20:45:05.0650 0x0550  COMSysApp - ok
20:45:05.0650 0x0550  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:45:05.0665 0x0550  crcdisk - ok
20:45:05.0681 0x0550  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:45:05.0697 0x0550  CryptSvc - ok
20:45:05.0712 0x0550  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
20:45:05.0728 0x0550  CSC - ok
20:45:05.0743 0x0550  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
20:45:05.0790 0x0550  CscService - ok
20:45:05.0790 0x0550  [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc    G:\Dragon Age - Origins\bin_ship\DAUpdaterSvc.Service.exe
20:45:05.0806 0x0550  DAUpdaterSvc - ok
20:45:05.0821 0x0550  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:45:05.0868 0x0550  DcomLaunch - ok
20:45:05.0868 0x0550  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:45:05.0899 0x0550  defragsvc - ok
20:45:05.0915 0x0550  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:45:05.0946 0x0550  DfsC - ok
20:45:05.0946 0x0550  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:45:05.0977 0x0550  Dhcp - ok
20:45:05.0977 0x0550  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:45:06.0009 0x0550  discache - ok
20:45:06.0009 0x0550  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:45:06.0024 0x0550  Disk - ok
20:45:06.0024 0x0550  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:45:06.0040 0x0550  dmvsc - ok
20:45:06.0055 0x0550  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:45:06.0071 0x0550  Dnscache - ok
20:45:06.0071 0x0550  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:45:06.0118 0x0550  dot3svc - ok
20:45:06.0118 0x0550  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:45:06.0149 0x0550  DPS - ok
20:45:06.0149 0x0550  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:45:06.0165 0x0550  drmkaud - ok
20:45:06.0165 0x0550  [ 44BB65B1D3827043978FC8E11CA7C0B4, 9198D43F853DE25CB704CC208F41E649727356E122C7451C411DD49542A5A582 ] DTSAudioService C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
20:45:06.0196 0x0550  DTSAudioService - ok
20:45:06.0196 0x0550  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:45:06.0227 0x0550  dtsoftbus01 - ok
20:45:06.0243 0x0550  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:45:06.0274 0x0550  DXGKrnl - ok
20:45:06.0289 0x0550  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:45:06.0321 0x0550  EapHost - ok
20:45:06.0383 0x0550  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:45:06.0461 0x0550  ebdrv - ok
20:45:06.0477 0x0550  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:45:06.0492 0x0550  EFS - ok
20:45:06.0508 0x0550  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:45:06.0539 0x0550  ehRecvr - ok
20:45:06.0555 0x0550  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:45:06.0570 0x0550  ehSched - ok
20:45:06.0586 0x0550  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:45:06.0601 0x0550  elxstor - ok
20:45:06.0617 0x0550  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:45:06.0633 0x0550  ErrDev - ok
20:45:06.0633 0x0550  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:45:06.0679 0x0550  EventSystem - ok
20:45:06.0679 0x0550  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:45:06.0711 0x0550  exfat - ok
20:45:06.0726 0x0550  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:45:06.0757 0x0550  fastfat - ok
20:45:06.0773 0x0550  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:45:06.0804 0x0550  Fax - ok
20:45:06.0804 0x0550  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:45:06.0820 0x0550  fdc - ok
20:45:06.0820 0x0550  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:45:06.0851 0x0550  fdPHost - ok
20:45:06.0851 0x0550  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:45:06.0882 0x0550  FDResPub - ok
20:45:06.0898 0x0550  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:45:06.0913 0x0550  FileInfo - ok
20:45:06.0913 0x0550  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:45:06.0945 0x0550  Filetrace - ok
20:45:06.0945 0x0550  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:45:06.0960 0x0550  flpydisk - ok
20:45:06.0960 0x0550  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:45:06.0991 0x0550  FltMgr - ok
20:45:07.0007 0x0550  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:45:07.0054 0x0550  FontCache - ok
20:45:07.0054 0x0550  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:45:07.0069 0x0550  FontCache3.0.0.0 - ok
20:45:07.0069 0x0550  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:45:07.0085 0x0550  FsDepends - ok
20:45:07.0085 0x0550  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:45:07.0101 0x0550  Fs_Rec - ok
20:45:07.0116 0x0550  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:45:07.0132 0x0550  fvevol - ok
20:45:07.0132 0x0550  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:45:07.0147 0x0550  gagp30kx - ok
20:45:07.0163 0x0550  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:45:07.0225 0x0550  gpsvc - ok
20:45:07.0225 0x0550  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:45:07.0241 0x0550  gupdate - ok
20:45:07.0241 0x0550  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:45:07.0257 0x0550  gupdatem - ok
20:45:07.0272 0x0550  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:45:07.0272 0x0550  hcw85cir - ok
20:45:07.0288 0x0550  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:45:07.0319 0x0550  HdAudAddService - ok
20:45:07.0319 0x0550  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:07.0335 0x0550  HDAudBus - ok
20:45:07.0350 0x0550  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:45:07.0366 0x0550  HidBatt - ok
20:45:07.0366 0x0550  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:45:07.0381 0x0550  HidBth - ok
20:45:07.0381 0x0550  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:45:07.0413 0x0550  HidIr - ok
20:45:07.0413 0x0550  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:45:07.0444 0x0550  hidserv - ok
20:45:07.0444 0x0550  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:45:07.0459 0x0550  HidUsb - ok
20:45:07.0459 0x0550  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:45:07.0491 0x0550  hkmsvc - ok
20:45:07.0506 0x0550  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:45:07.0522 0x0550  HomeGroupListener - ok
20:45:07.0537 0x0550  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:45:07.0553 0x0550  HomeGroupProvider - ok
20:45:07.0553 0x0550  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:45:07.0569 0x0550  HpSAMD - ok
20:45:07.0584 0x0550  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:45:07.0631 0x0550  HTTP - ok
20:45:07.0631 0x0550  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:45:07.0647 0x0550  hwpolicy - ok
20:45:07.0662 0x0550  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:45:07.0678 0x0550  i8042prt - ok
20:45:07.0678 0x0550  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:45:07.0709 0x0550  iaStorV - ok
20:45:07.0725 0x0550  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:45:07.0756 0x0550  idsvc - ok
20:45:07.0771 0x0550  IEEtwCollectorService - ok
20:45:07.0771 0x0550  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:45:07.0787 0x0550  iirsp - ok
20:45:07.0803 0x0550  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:45:07.0834 0x0550  IKEEXT - ok
20:45:07.0912 0x0550  [ 8524178B895E4BC04776B319DA3A70EC, A635EADF6E8BD985B730F2737E8DA36AC71E8FEB759787ECB24D955176622AD2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:45:08.0021 0x0550  IntcAzAudAddService - ok
20:45:08.0037 0x0550  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:45:08.0037 0x0550  intelide - ok
20:45:08.0052 0x0550  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:45:08.0068 0x0550  intelppm - ok
20:45:08.0068 0x0550  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:45:08.0099 0x0550  IPBusEnum - ok
20:45:08.0099 0x0550  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:08.0130 0x0550  IpFilterDriver - ok
20:45:08.0146 0x0550  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:45:08.0177 0x0550  iphlpsvc - ok
20:45:08.0177 0x0550  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:45:08.0193 0x0550  IPMIDRV - ok
20:45:08.0208 0x0550  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:45:08.0239 0x0550  IPNAT - ok
20:45:08.0239 0x0550  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:45:08.0255 0x0550  IRENUM - ok
20:45:08.0255 0x0550  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:45:08.0271 0x0550  isapnp - ok
20:45:08.0286 0x0550  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:45:08.0302 0x0550  iScsiPrt - ok
20:45:08.0302 0x0550  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:08.0317 0x0550  kbdclass - ok
20:45:08.0317 0x0550  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:08.0333 0x0550  kbdhid - ok
20:45:08.0349 0x0550  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:45:08.0349 0x0550  KeyIso - ok
20:45:08.0364 0x0550  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:45:08.0380 0x0550  KSecDD - ok
20:45:08.0380 0x0550  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:45:08.0395 0x0550  KSecPkg - ok
20:45:08.0395 0x0550  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:45:08.0427 0x0550  ksthunk - ok
20:45:08.0442 0x0550  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:45:08.0473 0x0550  KtmRm - ok
20:45:08.0489 0x0550  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:45:08.0520 0x0550  LanmanServer - ok
20:45:08.0536 0x0550  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:45:08.0567 0x0550  LanmanWorkstation - ok
20:45:08.0567 0x0550  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:45:08.0598 0x0550  lltdio - ok
20:45:08.0598 0x0550  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:45:08.0645 0x0550  lltdsvc - ok
20:45:08.0645 0x0550  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:45:08.0676 0x0550  lmhosts - ok
20:45:08.0676 0x0550  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:45:08.0692 0x0550  LSI_FC - ok
20:45:08.0692 0x0550  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:45:08.0707 0x0550  LSI_SAS - ok
20:45:08.0723 0x0550  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:45:08.0739 0x0550  LSI_SAS2 - ok
20:45:08.0739 0x0550  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:45:08.0754 0x0550  LSI_SCSI - ok
20:45:08.0754 0x0550  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:45:08.0785 0x0550  luafv - ok
20:45:08.0801 0x0550  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:45:08.0817 0x0550  Mcx2Svc - ok
20:45:08.0817 0x0550  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:45:08.0832 0x0550  megasas - ok
20:45:08.0832 0x0550  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:45:08.0863 0x0550  MegaSR - ok
20:45:08.0863 0x0550  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:45:08.0895 0x0550  MMCSS - ok
20:45:08.0895 0x0550  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:45:08.0926 0x0550  Modem - ok
20:45:08.0926 0x0550  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:45:08.0941 0x0550  monitor - ok
20:45:08.0941 0x0550  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:45:08.0957 0x0550  mouclass - ok
20:45:08.0973 0x0550  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:45:08.0973 0x0550  mouhid - ok
20:45:08.0988 0x0550  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:45:09.0004 0x0550  mountmgr - ok
20:45:09.0004 0x0550  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:45:09.0019 0x0550  mpio - ok
20:45:09.0035 0x0550  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:45:09.0051 0x0550  mpsdrv - ok
20:45:09.0066 0x0550  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:45:09.0129 0x0550  MpsSvc - ok
20:45:09.0129 0x0550  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:45:09.0144 0x0550  MRxDAV - ok
20:45:09.0160 0x0550  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:09.0175 0x0550  mrxsmb - ok
20:45:09.0175 0x0550  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:09.0207 0x0550  mrxsmb10 - ok
20:45:09.0207 0x0550  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:09.0222 0x0550  mrxsmb20 - ok
20:45:09.0222 0x0550  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:45:09.0238 0x0550  msahci - ok
20:45:09.0253 0x0550  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:45:09.0269 0x0550  msdsm - ok
20:45:09.0269 0x0550  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:45:09.0285 0x0550  MSDTC - ok
20:45:09.0300 0x0550  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:45:09.0331 0x0550  Msfs - ok
20:45:09.0331 0x0550  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:45:09.0347 0x0550  mshidkmdf - ok
20:45:09.0363 0x0550  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:45:09.0378 0x0550  msisadrv - ok
20:45:09.0378 0x0550  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:45:09.0409 0x0550  MSiSCSI - ok
20:45:09.0409 0x0550  msiserver - ok
20:45:09.0409 0x0550  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:45:09.0441 0x0550  MSKSSRV - ok
20:45:09.0441 0x0550  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:09.0472 0x0550  MSPCLOCK - ok
20:45:09.0472 0x0550  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:45:09.0503 0x0550  MSPQM - ok
20:45:09.0519 0x0550  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:45:09.0534 0x0550  MsRPC - ok
20:45:09.0534 0x0550  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:09.0550 0x0550  mssmbios - ok
20:45:09.0565 0x0550  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:45:09.0581 0x0550  MSTEE - ok
20:45:09.0597 0x0550  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:45:09.0597 0x0550  MTConfig - ok
20:45:09.0612 0x0550  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:45:09.0628 0x0550  Mup - ok
20:45:09.0628 0x0550  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:45:09.0675 0x0550  napagent - ok
20:45:09.0690 0x0550  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:45:09.0706 0x0550  NativeWifiP - ok
20:45:09.0721 0x0550  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:45:09.0768 0x0550  NDIS - ok
20:45:09.0768 0x0550  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:45:09.0799 0x0550  NdisCap - ok
20:45:09.0799 0x0550  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:09.0831 0x0550  NdisTapi - ok
20:45:09.0846 0x0550  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:09.0862 0x0550  Ndisuio - ok
20:45:09.0877 0x0550  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:09.0909 0x0550  NdisWan - ok
20:45:09.0909 0x0550  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:45:09.0940 0x0550  NDProxy - ok
20:45:09.0940 0x0550  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:45:09.0971 0x0550  NetBIOS - ok
20:45:09.0971 0x0550  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:45:10.0018 0x0550  NetBT - ok
20:45:10.0018 0x0550  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:45:10.0033 0x0550  Netlogon - ok
20:45:10.0049 0x0550  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:45:10.0080 0x0550  Netman - ok
20:45:10.0096 0x0550  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:45:10.0111 0x0550  NetMsmqActivator - ok
20:45:10.0111 0x0550  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:45:10.0127 0x0550  NetPipeActivator - ok
20:45:10.0143 0x0550  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:45:10.0189 0x0550  netprofm - ok
20:45:10.0189 0x0550  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:45:10.0205 0x0550  NetTcpActivator - ok
20:45:10.0205 0x0550  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:45:10.0236 0x0550  NetTcpPortSharing - ok
20:45:10.0236 0x0550  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:45:10.0252 0x0550  nfrd960 - ok
20:45:10.0252 0x0550  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:45:10.0283 0x0550  NlaSvc - ok
20:45:10.0283 0x0550  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:45:10.0314 0x0550  Npfs - ok
20:45:10.0314 0x0550  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:45:10.0345 0x0550  nsi - ok
20:45:10.0345 0x0550  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:45:10.0377 0x0550  nsiproxy - ok
20:45:10.0408 0x0550  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:45:10.0470 0x0550  Ntfs - ok
20:45:10.0470 0x0550  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:45:10.0501 0x0550  Null - ok
20:45:10.0501 0x0550  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:45:10.0533 0x0550  nvraid - ok
20:45:10.0533 0x0550  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:45:10.0548 0x0550  nvstor - ok
20:45:10.0548 0x0550  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:45:10.0564 0x0550  nv_agp - ok
20:45:10.0579 0x0550  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:45:10.0595 0x0550  ohci1394 - ok
20:45:10.0595 0x0550  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:45:10.0611 0x0550  ose64 - ok
20:45:10.0704 0x0550  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:45:10.0829 0x0550  osppsvc - ok
20:45:10.0845 0x0550  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:45:10.0876 0x0550  p2pimsvc - ok
20:45:10.0876 0x0550  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:45:10.0907 0x0550  p2psvc - ok
20:45:10.0923 0x0550  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:45:10.0938 0x0550  Parport - ok
20:45:10.0938 0x0550  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:45:10.0954 0x0550  partmgr - ok
20:45:10.0954 0x0550  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:45:10.0985 0x0550  PcaSvc - ok
20:45:10.0985 0x0550  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:45:11.0001 0x0550  pci - ok
20:45:11.0001 0x0550  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:45:11.0016 0x0550  pciide - ok
20:45:11.0032 0x0550  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:45:11.0047 0x0550  pcmcia - ok
20:45:11.0047 0x0550  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:45:11.0063 0x0550  pcw - ok
20:45:11.0079 0x0550  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:45:11.0110 0x0550  PEAUTH - ok
20:45:11.0141 0x0550  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:45:11.0188 0x0550  PeerDistSvc - ok
20:45:11.0203 0x0550  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:45:11.0219 0x0550  PerfHost - ok
20:45:11.0250 0x0550  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:45:11.0328 0x0550  pla - ok
20:45:11.0328 0x0550  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:45:11.0359 0x0550  PlugPlay - ok
20:45:11.0359 0x0550  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:45:11.0375 0x0550  PNRPAutoReg - ok
20:45:11.0391 0x0550  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:45:11.0406 0x0550  PNRPsvc - ok
20:45:11.0422 0x0550  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:45:11.0469 0x0550  PolicyAgent - ok
20:45:11.0469 0x0550  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:45:11.0500 0x0550  Power - ok
20:45:11.0515 0x0550  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:45:11.0547 0x0550  PptpMiniport - ok
20:45:11.0547 0x0550  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:45:11.0562 0x0550  Processor - ok
20:45:11.0562 0x0550  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:45:11.0593 0x0550  ProfSvc - ok
20:45:11.0593 0x0550  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:45:11.0609 0x0550  ProtectedStorage - ok
20:45:11.0609 0x0550  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:45:11.0640 0x0550  Psched - ok
20:45:11.0640 0x0550  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:45:11.0656 0x0550  PxHlpa64 - ok
20:45:11.0687 0x0550  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:45:11.0749 0x0550  ql2300 - ok
20:45:11.0749 0x0550  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:45:11.0765 0x0550  ql40xx - ok
20:45:11.0781 0x0550  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:45:11.0796 0x0550  QWAVE - ok
20:45:11.0796 0x0550  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:45:11.0827 0x0550  QWAVEdrv - ok
20:45:11.0827 0x0550  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:45:11.0859 0x0550  RasAcd - ok
20:45:11.0859 0x0550  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:45:11.0890 0x0550  RasAgileVpn - ok
20:45:11.0890 0x0550  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:45:11.0921 0x0550  RasAuto - ok
20:45:11.0937 0x0550  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:11.0968 0x0550  Rasl2tp - ok
20:45:11.0968 0x0550  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:45:12.0015 0x0550  RasMan - ok
20:45:12.0015 0x0550  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:12.0046 0x0550  RasPppoe - ok
20:45:12.0046 0x0550  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:45:12.0077 0x0550  RasSstp - ok
20:45:12.0093 0x0550  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:45:12.0124 0x0550  rdbss - ok
20:45:12.0124 0x0550  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:45:12.0139 0x0550  rdpbus - ok
20:45:12.0139 0x0550  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:12.0171 0x0550  RDPCDD - ok
20:45:12.0186 0x0550  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:45:12.0202 0x0550  RDPDR - ok
20:45:12.0202 0x0550  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:45:12.0233 0x0550  RDPENCDD - ok
20:45:12.0233 0x0550  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:45:12.0264 0x0550  RDPREFMP - ok
20:45:12.0264 0x0550  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:45:12.0280 0x0550  RdpVideoMiniport - ok
20:45:12.0280 0x0550  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:45:12.0311 0x0550  RDPWD - ok
20:45:12.0311 0x0550  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:45:12.0327 0x0550  rdyboost - ok
20:45:12.0342 0x0550  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:45:12.0373 0x0550  RemoteAccess - ok
20:45:12.0373 0x0550  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:45:12.0405 0x0550  RemoteRegistry - ok
20:45:12.0405 0x0550  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:45:12.0436 0x0550  RpcEptMapper - ok
20:45:12.0451 0x0550  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:45:12.0467 0x0550  RpcLocator - ok
20:45:12.0467 0x0550  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:45:12.0514 0x0550  RpcSs - ok
20:45:12.0514 0x0550  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:45:12.0545 0x0550  rspndr - ok
20:45:12.0561 0x0550  [ 3713DACCA1025B05A6343104112708D9, 77830F361775166ED2408CFF9F0DBEDFF225895DD0FAC93F3DC5FFD8DBE0ED2B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:45:12.0592 0x0550  RTL8167 - ok
20:45:12.0592 0x0550  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:45:12.0607 0x0550  s3cap - ok
20:45:12.0623 0x0550  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:45:12.0623 0x0550  SamSs - ok
20:45:12.0639 0x0550  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:45:12.0654 0x0550  sbp2port - ok
20:45:12.0654 0x0550  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:45:12.0685 0x0550  SCardSvr - ok
20:45:12.0701 0x0550  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:45:12.0717 0x0550  scfilter - ok
20:45:12.0748 0x0550  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:45:12.0810 0x0550  Schedule - ok
20:45:12.0810 0x0550  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:45:12.0841 0x0550  SCPolicySvc - ok
20:45:12.0841 0x0550  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:45:12.0857 0x0550  SDRSVC - ok
20:45:12.0888 0x0550  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:45:12.0966 0x0550  SDScannerService - ok
20:45:12.0997 0x0550  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:45:13.0060 0x0550  SDUpdateService - ok
20:45:13.0075 0x0550  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:45:13.0091 0x0550  SDWSCService - ok
20:45:13.0107 0x0550  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:45:13.0122 0x0550  secdrv - ok
20:45:13.0138 0x0550  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:45:13.0153 0x0550  seclogon - ok
20:45:13.0169 0x0550  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:45:13.0200 0x0550  SENS - ok
20:45:13.0200 0x0550  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:45:13.0216 0x0550  SensrSvc - ok
20:45:13.0216 0x0550  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:45:13.0231 0x0550  Serenum - ok
20:45:13.0231 0x0550  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:45:13.0247 0x0550  Serial - ok
20:45:13.0263 0x0550  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:45:13.0278 0x0550  sermouse - ok
20:45:13.0278 0x0550  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:45:13.0309 0x0550  SessionEnv - ok
20:45:13.0309 0x0550  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:45:13.0325 0x0550  sffdisk - ok
20:45:13.0341 0x0550  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:45:13.0356 0x0550  sffp_mmc - ok
20:45:13.0356 0x0550  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:45:13.0372 0x0550  sffp_sd - ok
20:45:13.0372 0x0550  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:45:13.0387 0x0550  sfloppy - ok
20:45:13.0403 0x0550  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:45:13.0434 0x0550  SharedAccess - ok
20:45:13.0450 0x0550  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:45:13.0481 0x0550  ShellHWDetection - ok
20:45:13.0497 0x0550  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:45:13.0512 0x0550  SiSRaid2 - ok
20:45:13.0512 0x0550  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:45:13.0528 0x0550  SiSRaid4 - ok
20:45:13.0575 0x0550  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     F:\Kommunikation\Skype\Updater\Updater.exe
20:45:13.0590 0x0550  SkypeUpdate - ok
20:45:13.0606 0x0550  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:45:13.0637 0x0550  Smb - ok
20:45:13.0637 0x0550  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:45:13.0653 0x0550  SNMPTRAP - ok
20:45:13.0653 0x0550  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:45:13.0668 0x0550  spldr - ok
20:45:13.0684 0x0550  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:45:13.0715 0x0550  Spooler - ok
20:45:13.0777 0x0550  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:45:13.0887 0x0550  sppsvc - ok
20:45:13.0887 0x0550  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:45:13.0918 0x0550  sppuinotify - ok
20:45:13.0933 0x0550  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:45:13.0965 0x0550  srv - ok
20:45:13.0980 0x0550  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:45:13.0996 0x0550  srv2 - ok
20:45:14.0011 0x0550  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:45:14.0027 0x0550  srvnet - ok
20:45:14.0027 0x0550  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:45:14.0074 0x0550  SSDPSRV - ok
20:45:14.0074 0x0550  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:45:14.0105 0x0550  SstpSvc - ok
20:45:14.0121 0x0550  [ 37365BB52BB1466221BF7B8A7D22D663, 4ADA4612D1A1541965B0F1032283C0C7C51AE8383072264D48B1074E9580CD32 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:45:14.0152 0x0550  Steam Client Service - ok
20:45:14.0167 0x0550  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:45:14.0167 0x0550  stexstor - ok
20:45:14.0183 0x0550  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:45:14.0214 0x0550  stisvc - ok
20:45:14.0230 0x0550  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:45:14.0245 0x0550  storflt - ok
20:45:14.0245 0x0550  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
20:45:14.0261 0x0550  StorSvc - ok
20:45:14.0261 0x0550  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:45:14.0277 0x0550  storvsc - ok
20:45:14.0277 0x0550  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:45:14.0292 0x0550  swenum - ok
20:45:14.0308 0x0550  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:45:14.0339 0x0550  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:45:14.0386 0x0550  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:45:14.0386 0x0550  Force sending object to P2P due to detect: SwitchBoard
20:45:14.0386 0x0550  Object send P2P result: false
20:45:14.0401 0x0550  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:45:14.0448 0x0550  swprv - ok
20:45:14.0479 0x0550  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:45:14.0542 0x0550  SysMain - ok
20:45:14.0557 0x0550  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:45:14.0573 0x0550  TabletInputService - ok
20:45:14.0589 0x0550  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:45:14.0620 0x0550  TapiSrv - ok
20:45:14.0635 0x0550  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:45:14.0667 0x0550  TBS - ok
20:45:14.0698 0x0550  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:45:14.0760 0x0550  Tcpip - ok
20:45:14.0791 0x0550  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:45:14.0854 0x0550  TCPIP6 - ok
20:45:14.0869 0x0550  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:45:14.0885 0x0550  tcpipreg - ok
20:45:14.0885 0x0550  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:45:14.0901 0x0550  TDPIPE - ok
20:45:14.0901 0x0550  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:45:14.0916 0x0550  TDTCP - ok
20:45:14.0916 0x0550  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:45:14.0932 0x0550  tdx - ok
20:45:14.0947 0x0550  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:45:14.0963 0x0550  TermDD - ok
20:45:14.0979 0x0550  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:45:15.0010 0x0550  TermService - ok
20:45:15.0010 0x0550  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:45:15.0025 0x0550  Themes - ok
20:45:15.0041 0x0550  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:45:15.0057 0x0550  THREADORDER - ok
20:45:15.0072 0x0550  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:45:15.0103 0x0550  TrkWks - ok
20:45:15.0103 0x0550  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:45:15.0150 0x0550  TrustedInstaller - ok
20:45:15.0150 0x0550  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:15.0181 0x0550  tssecsrv - ok
20:45:15.0181 0x0550  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:45:15.0197 0x0550  TsUsbFlt - ok
20:45:15.0197 0x0550  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:45:15.0213 0x0550  TsUsbGD - ok
20:45:15.0228 0x0550  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:45:15.0259 0x0550  tunnel - ok
20:45:15.0259 0x0550  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:45:15.0275 0x0550  uagp35 - ok
20:45:15.0275 0x0550  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:45:15.0322 0x0550  udfs - ok
20:45:15.0322 0x0550  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:45:15.0337 0x0550  UI0Detect - ok
20:45:15.0353 0x0550  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:45:15.0369 0x0550  uliagpkx - ok
20:45:15.0369 0x0550  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:45:15.0384 0x0550  umbus - ok
20:45:15.0384 0x0550  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:45:15.0400 0x0550  UmPass - ok
20:45:15.0400 0x0550  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:45:15.0431 0x0550  UmRdpService - ok
20:45:15.0462 0x0550  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 F:\Tools\Unlocker\UnlockerDriver5.sys
20:45:15.0478 0x0550  UnlockerDriver5 - ok
20:45:15.0478 0x0550  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:45:15.0525 0x0550  upnphost - ok
20:45:15.0525 0x0550  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:45:15.0540 0x0550  usbaudio - ok
20:45:15.0556 0x0550  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:15.0571 0x0550  usbccgp - ok
20:45:15.0571 0x0550  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:45:15.0587 0x0550  usbcir - ok
20:45:15.0587 0x0550  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:45:15.0603 0x0550  usbehci - ok
20:45:15.0618 0x0550  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:45:15.0634 0x0550  usbfilter - ok
20:45:15.0634 0x0550  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:45:15.0665 0x0550  usbhub - ok
20:45:15.0665 0x0550  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:45:15.0681 0x0550  usbohci - ok
20:45:15.0681 0x0550  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:45:15.0696 0x0550  usbprint - ok
20:45:15.0696 0x0550  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:15.0727 0x0550  USBSTOR - ok
20:45:15.0727 0x0550  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:45:15.0743 0x0550  usbuhci - ok
20:45:15.0743 0x0550  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:45:15.0774 0x0550  UxSms - ok
20:45:15.0774 0x0550  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:45:15.0790 0x0550  VaultSvc - ok
20:45:15.0805 0x0550  [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
20:45:15.0821 0x0550  VBoxAswDrv - ok
20:45:15.0821 0x0550  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:45:15.0837 0x0550  vdrvroot - ok
20:45:15.0852 0x0550  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:45:15.0899 0x0550  vds - ok
20:45:15.0899 0x0550  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:15.0915 0x0550  vga - ok
20:45:15.0930 0x0550  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:45:15.0961 0x0550  VgaSave - ok
20:45:15.0961 0x0550  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:45:15.0977 0x0550  vhdmp - ok
20:45:15.0977 0x0550  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:45:15.0993 0x0550  viaide - ok
20:45:16.0008 0x0550  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:45:16.0024 0x0550  vmbus - ok
20:45:16.0024 0x0550  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:45:16.0039 0x0550  VMBusHID - ok
20:45:16.0039 0x0550  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:45:16.0055 0x0550  volmgr - ok
20:45:16.0071 0x0550  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:45:16.0086 0x0550  volmgrx - ok
20:45:16.0102 0x0550  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:45:16.0117 0x0550  volsnap - ok
20:45:16.0133 0x0550  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:45:16.0149 0x0550  vsmraid - ok
20:45:16.0164 0x0550  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:45:16.0242 0x0550  VSS - ok
20:45:16.0258 0x0550  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:45:16.0273 0x0550  vwifibus - ok
20:45:16.0273 0x0550  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:45:16.0320 0x0550  W32Time - ok
20:45:16.0320 0x0550  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:45:16.0336 0x0550  WacomPen - ok
20:45:16.0351 0x0550  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:45:16.0383 0x0550  WANARP - ok
20:45:16.0383 0x0550  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:45:16.0414 0x0550  Wanarpv6 - ok
20:45:16.0429 0x0550  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:45:16.0492 0x0550  wbengine - ok
20:45:16.0507 0x0550  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:45:16.0523 0x0550  WbioSrvc - ok
20:45:16.0539 0x0550  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:45:16.0570 0x0550  wcncsvc - ok
20:45:16.0570 0x0550  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:45:16.0585 0x0550  WcsPlugInService - ok
20:45:16.0585 0x0550  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:45:16.0601 0x0550  Wd - ok
20:45:16.0617 0x0550  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:45:16.0648 0x0550  Wdf01000 - ok
20:45:16.0663 0x0550  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:45:16.0679 0x0550  WdiServiceHost - ok
20:45:16.0679 0x0550  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:45:16.0710 0x0550  WdiSystemHost - ok
20:45:16.0710 0x0550  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:45:16.0741 0x0550  WebClient - ok
20:45:16.0741 0x0550  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:45:16.0773 0x0550  Wecsvc - ok
20:45:16.0788 0x0550  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:45:16.0819 0x0550  wercplsupport - ok
20:45:16.0819 0x0550  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:45:16.0851 0x0550  WerSvc - ok
20:45:16.0851 0x0550  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:45:16.0882 0x0550  WfpLwf - ok
20:45:16.0882 0x0550  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:45:16.0897 0x0550  WIMMount - ok
20:45:16.0897 0x0550  WinDefend - ok
20:45:16.0913 0x0550  WinHttpAutoProxySvc - ok
20:45:16.0913 0x0550  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:45:16.0960 0x0550  Winmgmt - ok
20:45:16.0991 0x0550  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:45:17.0053 0x0550  WinRM - ok
20:45:17.0085 0x0550  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:45:17.0131 0x0550  Wlansvc - ok
20:45:17.0131 0x0550  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:17.0147 0x0550  WmiAcpi - ok
20:45:17.0147 0x0550  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:45:17.0178 0x0550  wmiApSrv - ok
20:45:17.0178 0x0550  WMPNetworkSvc - ok
20:45:17.0178 0x0550  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:45:17.0194 0x0550  WPCSvc - ok
20:45:17.0194 0x0550  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:45:17.0225 0x0550  WPDBusEnum - ok
20:45:17.0225 0x0550  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:45:17.0256 0x0550  ws2ifsl - ok
20:45:17.0256 0x0550  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:45:17.0272 0x0550  wscsvc - ok
20:45:17.0272 0x0550  WSearch - ok
20:45:17.0319 0x0550  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:45:17.0412 0x0550  wuauserv - ok
20:45:17.0412 0x0550  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:45:17.0428 0x0550  WudfPf - ok
20:45:17.0443 0x0550  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:45:17.0459 0x0550  wudfsvc - ok
20:45:17.0459 0x0550  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:45:17.0490 0x0550  WwanSvc - ok
20:45:17.0490 0x0550  ================ Scan global ===============================
20:45:17.0490 0x0550  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:45:17.0506 0x0550  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:45:17.0506 0x0550  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:45:17.0521 0x0550  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:45:17.0521 0x0550  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:45:17.0537 0x0550  [ Global ] - ok
20:45:17.0537 0x0550  ================ Scan MBR ==================================
20:45:17.0537 0x0550  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:45:17.0553 0x0550  \Device\Harddisk0\DR0 - ok
20:45:17.0553 0x0550  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:45:17.0599 0x0550  \Device\Harddisk1\DR1 - ok
20:45:17.0599 0x0550  ================ Scan VBR ==================================
20:45:17.0599 0x0550  [ F45DB6A152131423C80B8AB2B8A2A342 ] \Device\Harddisk0\DR0\Partition1
20:45:17.0599 0x0550  \Device\Harddisk0\DR0\Partition1 - ok
20:45:17.0599 0x0550  [ 4D361B0BC46BE65A58C7366060CEB9B9 ] \Device\Harddisk0\DR0\Partition2
20:45:17.0599 0x0550  \Device\Harddisk0\DR0\Partition2 - ok
20:45:17.0615 0x0550  [ 344DE3C19AFF15542BA3FEA03FBCEAD6 ] \Device\Harddisk0\DR0\Partition3
20:45:17.0615 0x0550  \Device\Harddisk0\DR0\Partition3 - ok
20:45:17.0615 0x0550  [ E7FFFAE92DB47D7028AB6D14EC7170FB ] \Device\Harddisk0\DR0\Partition4
20:45:17.0615 0x0550  \Device\Harddisk0\DR0\Partition4 - ok
20:45:17.0646 0x0550  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk1\DR1\Partition1
20:45:17.0646 0x0550  \Device\Harddisk1\DR1\Partition1 - ok
20:45:17.0646 0x0550  [ DA0A6140BE70425052B753E27BB27B8E ] \Device\Harddisk1\DR1\Partition2
20:45:17.0646 0x0550  \Device\Harddisk1\DR1\Partition2 - ok
20:45:17.0646 0x0550  [ 3D60B01B3DCA1851E101409A6F3D5984 ] \Device\Harddisk1\DR1\Partition3
20:45:17.0646 0x0550  \Device\Harddisk1\DR1\Partition3 - ok
20:45:17.0646 0x0550  [ B91DEBE94E698A5D0AF255B1B6F3BCA2 ] \Device\Harddisk1\DR1\Partition4
20:45:17.0646 0x0550  \Device\Harddisk1\DR1\Partition4 - ok
20:45:17.0646 0x0550  ================ Scan generic autorun ======================
20:45:17.0755 0x0550  [ BDBC2F97FC0CA86D390C07021DAA6BF8, F15C0999698AAD78FA36211D799EF90164774A28BC3CF37F39505EC978909BBB ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:45:17.0927 0x0550  RTHDVCPL - ok
20:45:17.0958 0x0550  [ 938B4FEF3CD3311B241FDB5B50C2568B, 52F93F10A5144CD320E6257E438F7FAA52522A55EA3CBE3D142756B71CC6F531 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:45:18.0005 0x0550  RtHDVBg_DTS - ok
20:45:18.0005 0x0550  [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:45:18.0036 0x0550  AdobeAAMUpdater-1.0 - ok
20:45:18.0114 0x0550  [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
20:45:18.0286 0x0550  AvastUI.exe - ok
20:45:18.0301 0x0550  [ C3E16D8414BF87298E30B488D4946A0D, 2854C0C4923F6C573C90580F931E0E679D61EF6F899737E9698EC169A75A9ADC ] C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\Ttsystray3.exe
20:45:18.0364 0x0550  ChallengerUlti[mein Name] - detected UnsignedFile.Multi.Generic ( 1 )
20:45:18.0364 0x0550  ChallengerUlti[mein Name] ( UnsignedFile.Multi.Generic ) - warning
20:45:18.0364 0x0550  [ 75B0B330DB6E7B7821281B96DA7B8530, 44F9A3AA8DEB74322B9739D8B0036EBA6210FCEF9C883FD7175AF836F12B104F ] C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\tTOSD2k1001.exe
20:45:18.0395 0x0550  ChallengerUlti[mein Name]OSD - detected UnsignedFile.Multi.Generic ( 1 )
20:45:18.0395 0x0550  ChallengerUlti[mein Name]OSD ( UnsignedFile.Multi.Generic ) - warning
20:45:18.0411 0x0550  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:45:18.0442 0x0550  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:45:18.0442 0x0550  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:45:18.0457 0x0550  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
20:45:18.0489 0x0550  AdobeCS6ServiceManager - ok
20:45:18.0520 0x0550  [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:45:18.0551 0x0550  Adobe ARM - ok
20:45:18.0582 0x0550  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:45:18.0629 0x0550  Sidebar - ok
20:45:18.0629 0x0550  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:45:18.0660 0x0550  mctadmin - ok
20:45:18.0676 0x0550  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:45:18.0723 0x0550  Sidebar - ok
20:45:18.0723 0x0550  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:45:18.0754 0x0550  mctadmin - ok
20:45:18.0801 0x0550  [ F9BEBBB6A409B78B435A72B5F4319D81, 2A424EF6F6134C635E5693325054907F3043C42081FB4250BBEB736113B3CC1C ] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
20:45:18.0910 0x0550  OscarEditor - detected UnsignedFile.Multi.Generic ( 1 )
20:45:18.0910 0x0550  OscarEditor ( UnsignedFile.Multi.Generic ) - warning
20:45:19.0019 0x0550  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] F:\Tools\DAEMON Tools Lite\DTLite.exe
20:45:19.0113 0x0550  DAEMON Tools Lite - ok
20:45:19.0128 0x0550  Akamai NetSession Interface - ok
20:45:19.0144 0x0550  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
20:45:19.0144 0x0550  Win FW state via NFP2: enabled
20:45:19.0144 0x0550  ============================================================
20:45:19.0144 0x0550  Scan finished
20:45:19.0144 0x0550  ============================================================
20:45:19.0144 0x17e4  Detected object count: 5
20:45:19.0144 0x17e4  Actual detected object count: 5
20:46:33.0634 0x17e4  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:33.0634 0x17e4  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:33.0634 0x17e4  ChallengerUlti[mein Name] ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:33.0634 0x17e4  ChallengerUlti[mein Name] ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:33.0634 0x17e4  ChallengerUlti[mein Name]OSD ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:33.0634 0x17e4  ChallengerUlti[mein Name]OSD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:33.0634 0x17e4  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:33.0634 0x17e4  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:46:33.0634 0x17e4  OscarEditor ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:33.0634 0x17e4  OscarEditor ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Anti-Rootkit-Log
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.26.07
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
[mein Name] :: [mein PC-Name]SPC [administrator]

26.01.2015 20:50:29
mbar-log-2015-01-26 (20-50-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 332434
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
SwitchBoard scheint von Adobe zu sein, ChallengerUltimate ist meine Tastatur und MouseEditor ist der Treiber und das Konfigurationsprogramm für meine Maus. Die Software für Tastatur + Maus kommt von Treiber-CDs.

Zwischenfrage: Konntest du bisher, sei es jetzt durch die Scans oder das FRST-Log (das interessiert mich besonders) schon irgendetwas Verdächtiges erkennen?
__________________

Alt 27.01.2015, 06:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Nee, das einzige was ich sehe, und das sehe ich jetzt erst, finde ich gar nit mal so cool.....

Zitat:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2015, 10:28   #5
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Das werde ich unverzüglich beheben. Kommt aus dem host-File, richtig? Wird gelöscht. Ich hoffe, du unterstützt mich danach weiter?

Okay, da die Zeit zum Editieren meines Beitrags schon abgelaufen ist, poste ich die neuen FRST-Logs, die ich gerade erstellt habe, hier. Ich habe jetzt alles vom PC geschmissen, das in Verbindung mit illegaler Software stehen könnte und möchte mich noch einmal für ihre Existenz entschuldigen. Cracks/Keygens oder sonstiges existieren schon länger nicht mehr.

FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by [mein Name] (administrator) on [mein PC-Name]SPC on 27-01-2015 11:16:13
Running from C:\Users\[mein Name]\Desktop
Loaded Profiles: [mein Name] (Available profiles: [mein Name])
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Chicony) C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\Ttsystray3.exe
(Chicony) C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\tTOSD2k1001.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) F:\Office\Evernote\EvernoteClipper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-08] (AVAST Software)
HKLM-x32\...\Run: [ChallengerUlti[mein Name]] => C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\Ttsystray3.exe [1254912 2010-08-05] (Chicony)
HKLM-x32\...\Run: [ChallengerUlti[mein Name]OSD] => C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\tTOSD2k1001.exe [634880 2010-08-05] (Chicony)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] ()
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [DAEMON Tools Lite] => F:\Tools\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\[mein Name]\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\MountPoints2: {7364f857-0ce3-11e4-befb-806e6f6e6963} - G:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> F:\Office\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mausarm.lnk
ShortcutTarget: Mausarm.lnk -> F:\Tools\Mausarm\Mausarm.exe (hxxp://www.repetitive-strain-injury.de)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
ShortcutTarget: Omnimo.lnk -> E:\Dokumente\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\[mein Name]\AppData\Roaming\Mozilla\Firefox\Profiles\wzabaujr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> F:\Multimedia\VLC Media Player\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-911010182-206266418-2943002704-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\[mein Name]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]
StartMenuInternet: FIREFOX.EXE - F:\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> chrome://apps/
CHR Profile: C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-07-16]
CHR Extension: (Google Docs) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Do Not Track) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2014-10-08]
CHR Extension: (Google-Suche) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Clear Cache) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2014-10-08]
CHR Extension: (AdBlock) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-16]
CHR Extension: (Avast Online Security) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Evernote Web Clipper) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-10-08]
CHR Extension: (Google Mail) - C:\Users\[mein Name]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
S3 DAUpdaterSvc; G:\Dragon Age - Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SkypeUpdate; F:\Kommunikation\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-16] (Disc Soft Ltd)
U5 UnlockerDriver5; F:\Tools\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 20:48 - 2015-01-26 20:55 - 00000000 ____D () C:\Users\[mein Name]\Desktop\mbar
2015-01-26 20:40 - 2015-01-26 20:01 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\[mein Name]\Desktop\tdsskiller.exe
2015-01-26 19:16 - 2015-01-27 11:16 - 00016422 _____ () C:\Users\[mein Name]\Desktop\FRST.txt
2015-01-26 19:16 - 2015-01-27 11:16 - 00000000 ____D () C:\FRST
2015-01-26 19:16 - 2015-01-26 19:13 - 02129920 _____ (Farbar) C:\Users\[mein Name]\Desktop\FRST64.exe
2015-01-26 19:15 - 2015-01-26 19:15 - 00000376 _____ () C:\Windows\PFRO.log
2015-01-21 00:50 - 2015-01-21 00:50 - 00012471 _____ () C:\Users\[mein Name]\Desktop\hijackthis.log
2015-01-21 00:44 - 2015-01-26 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 00:43 - 2015-01-21 00:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\[mein Name]\Desktop\HijackThis.exe
2015-01-21 00:42 - 2015-01-21 00:26 - 16466552 _____ (Malwarebytes Corp.) C:\Users\[mein Name]\Desktop\mbar-1.08.3.1004.exe
2015-01-21 00:40 - 2015-01-21 00:40 - 02651496 _____ () C:\Users\[mein Name]\Desktop\OTL.Txt
2015-01-21 00:36 - 2015-01-21 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\[mein Name]\Desktop\otl.exe
2015-01-20 23:52 - 2015-01-26 20:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 23:52 - 2015-01-26 20:48 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-20 23:52 - 2015-01-20 23:52 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-20 23:52 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-20 23:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-20 23:43 - 2015-01-20 23:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 23:43 - 2015-01-20 23:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 23:43 - 2015-01-20 23:43 - 00001398 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-20 23:43 - 2015-01-20 23:43 - 00001386 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-20 23:43 - 2015-01-20 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-20 23:43 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-18 21:48 - 2015-01-18 21:48 - 00271640 _____ () C:\Windows\Minidump\011815-10124-01.dmp
2015-01-16 10:47 - 2015-01-16 10:47 - 00275936 _____ () C:\Windows\Minidump\011615-13353-01.dmp
2015-01-16 10:43 - 2015-01-16 10:43 - 00271640 _____ () C:\Windows\Minidump\011615-10296-01.dmp
2015-01-16 10:35 - 2015-01-18 21:48 - 317814034 _____ () C:\Windows\MEMORY.DMP
2015-01-16 10:35 - 2015-01-16 10:35 - 00275936 _____ () C:\Windows\Minidump\011615-13244-01.dmp
2015-01-14 12:22 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:22 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:22 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:22 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:22 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:22 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:22 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:22 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:22 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:22 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:22 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:08 - 2015-01-13 13:08 - 00001567 _____ () C:\Users\[mein Name]\Desktop\Player.txt
2015-01-13 13:07 - 2015-01-13 13:07 - 00001054 _____ () C:\Users\[mein Name]\Desktop\Server.txt
2015-01-13 13:06 - 2015-01-13 13:06 - 00001822 _____ () C:\Users\[mein Name]\Desktop\Client.txt
2015-01-12 23:42 - 2015-01-27 11:04 - 00002184 _____ () C:\Windows\setupact.log
2015-01-12 23:42 - 2015-01-12 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 13:46 - 2015-01-20 22:05 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for [mein PC-Name]sPC-[mein Name] [mein PC-Name]sPC
2015-01-11 22:40 - 2015-01-11 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-11 22:40 - 2015-01-11 22:40 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\Program Files\Apache Software Foundation
2015-01-07 20:24 - 2015-01-07 20:24 - 00000890 _____ () C:\Users\Public\Desktop\NetBeans IDE 8.0.2.lnk
2015-01-07 20:24 - 2015-01-07 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2015-01-06 22:39 - 2015-01-07 21:45 - 00005210 _____ () C:\Users\[mein Name]\Desktop\Schmutzosophie.txt
2015-01-06 20:09 - 2015-01-06 20:09 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Macromedia
2015-01-06 20:08 - 2015-01-06 20:08 - 00000765 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-06 20:08 - 2015-01-06 20:08 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Mozilla
2015-01-06 14:23 - 2015-01-06 14:23 - 00058826 _____ () C:\Windows\SysWOW64\CCCInstall_201501061423450181.log
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\ProgramData\ATI
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 11:15 - 2014-07-16 15:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 11:14 - 2014-07-16 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-27 11:13 - 2011-04-12 08:55 - 00000000 ____D () C:\Windows\ShellNew
2015-01-27 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-27 11:11 - 2011-04-12 08:43 - 01790066 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 11:11 - 2011-04-12 08:43 - 00488406 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 11:11 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 11:11 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 11:11 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 11:10 - 2014-07-16 19:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-27 11:10 - 2014-07-16 19:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-27 11:10 - 2014-07-16 17:07 - 00000000 _____ () C:\Windows\Path.idx
2015-01-27 11:10 - 2014-07-16 15:57 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Adobe
2015-01-27 11:08 - 2014-07-16 13:26 - 01150076 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 11:08 - 2014-07-16 13:26 - 00000000 ____D () C:\Users\[mein Name]
2015-01-27 11:07 - 2014-08-25 16:27 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Adobe
2015-01-27 11:06 - 2014-08-28 11:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-27 11:05 - 2014-07-16 17:02 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-01-27 11:04 - 2014-07-16 15:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 11:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 01:27 - 2014-07-21 12:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 21:45 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Skype
2015-01-20 21:33 - 2014-07-17 15:45 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\TS3Client
2015-01-20 01:06 - 2009-07-14 05:45 - 05065904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-19 13:27 - 2014-07-16 15:57 - 00114784 _____ () C:\Users\[mein Name]\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-19 12:53 - 2014-12-11 00:01 - 00000000 ____D () C:\ProgramData\Unity
2015-01-18 21:48 - 2014-11-10 16:48 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 19:27 - 2014-07-21 12:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 19:27 - 2014-07-21 12:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 19:27 - 2014-07-21 12:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 13:16 - 2014-07-16 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:13 - 2014-07-16 14:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:02 - 2014-11-19 16:30 - 00000474 _____ () C:\Users\[mein Name]\Desktop\Woche.txt
2015-01-12 13:46 - 2014-09-18 09:13 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\FileZilla
2015-01-12 13:46 - 2014-07-16 18:57 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\DAEMON Tools Lite
2015-01-12 13:41 - 2014-07-16 16:08 - 00000000 ____D () C:\AMD
2015-01-11 22:40 - 2014-07-16 19:43 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 20:27 - 2014-07-22 10:41 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\NetBeans
2015-01-07 20:27 - 2014-07-22 10:35 - 00000000 ____D () C:\Users\[mein Name]\.nbi
2015-01-06 20:08 - 2014-08-11 15:18 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Mozilla
2015-01-06 14:23 - 2014-07-16 16:09 - 00000000 ____D () C:\ProgramData\AMD
2015-01-06 14:23 - 2014-07-16 13:40 - 00000000 ____D () C:\Program Files\AMD
2015-01-06 14:23 - 2014-07-16 13:37 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-01-06 14:22 - 2014-07-16 16:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 14:22 - 2014-07-16 16:09 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-08-28 13:34 - 2014-12-19 01:23 - 0000132 _____ () C:\Users\[mein Name]\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-16 14:03 - 2014-09-16 14:03 - 0001456 _____ () C:\Users\[mein Name]\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-26 14:51 - 2014-08-26 14:51 - 0000789 _____ () C:\Users\[mein Name]\AppData\Local\recently-used.xbel
2014-07-16 17:14 - 2014-07-16 17:14 - 0000017 _____ () C:\Users\[mein Name]\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\[mein Name]\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 20:09

==================== End Of Log ============================
         
--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by [mein Name] at 2015-01-27 11:16:33
Running from C:\Users\[mein Name]\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Aiseesoft DVD Creator 5.1.20 (HKLM-x32\...\Aiseesoft DVD Creator_is1) (Version:  - )
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Baldur's Gate (HKLM-x32\...\Baldur's Gate) (Version:  - )
Baldurs Gate(TM) II - Thron des Bhaal (TM) (HKLM-x32\...\{5B09F344-4406-11D5-96E8-0050BA84F5F7}) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.71.1.2014 - Georgy Berdyshev)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID ASUS CPU-Z 1.61 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.61 - CPUID, Inc.)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Dev Eject (HKLM-x32\...\{DAFFE086-6A05-46F1-90A3-E5C514AA02D7}) (Version: 1.0.29.0 - deveject.com)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
ffdshow v1.1.3800 [2011-03-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3800.0 - )
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
FormatFactory 3.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Git version 1.9.4-preview20140611 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140611 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
Grotesque Tactics: Evil Heroes (HKLM-x32\...\Steam App 46450) (Version:  - Headup Games)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Infinity Wars - Ani[mein Name]d Trading Card Game (HKLM-x32\...\Steam App 257730) (Version:  - Lightmare Studios)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mausarm 1.0.1 (HKLM-x32\...\{7A690610-D345-4889-98E0-CC2153718A46}_is1) (Version:  - Clemens Conrad)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Ihr Firmenname)
MOUSE Editor (x32 Version: 12.08.0006 - Ihr Firmenname) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PixelJunk Monsters Ulti[mein Name] (HKLM-x32\...\Steam App 243780) (Version:  - )
Puzzle Quest (HKLM-x32\...\Steam App 12500) (Version:  - Infinite Interactive)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games)
Tt eSPORTS Challenger Ulti[mein Name] (HKLM-x32\...\{D65D9706-6D6D-42E8-A11A-63E3AFECBBC1}) (Version: 2.0.2.0 - Tt eSPORTS)
Unity (HKLM-x32\...\Unity) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-911010182-206266418-2943002704-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
yEd Graph Editor 3.13 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-911010182-206266418-2943002704-1000_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> F:\Office\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-911010182-206266418-2943002704-1000_Classes\CLSID\{BD6BEEE8-64CE-4814-B319-990645883E89}\InprocServer32 -> F:\Office\Evernote\EvernoteOLx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-911010182-206266418-2943002704-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> F:\Entwicklung\Git\git-cheetah\git_shell_ext64.dll ()

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-27 11:15 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2ED8F299-4598-4C68-9BB0-7E015C37F4F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {4E16A694-B5D8-47F6-BB5D-02986F5B39DE} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-27] ()
Task: {62829E18-1906-4C58-ADC9-DC16C9B6DD79} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: {6799CB9F-E12E-4314-A7C3-E5A5C3DF67FA} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {6CE2749F-A7EB-444C-B3FF-65DEE04661DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {814F6EAE-34A4-422F-B148-033A8A5F8615} - System32\Tasks\Microsoft Office 15 Sync Maintenance for [mein PC-Name]sPC-[mein Name] [mein PC-Name]sPC => F:\Office\Microsoft Office\Office15\MsoSync.exe
Task: {86AE5538-64DE-4242-9FC3-1B02FC425015} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {93079ACB-96ED-424E-85F1-F057795B7518} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {992068AE-450E-45E1-9E9B-76F288005A98} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {9F77FE60-B252-416D-BB07-32B8C7224C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {B5F59D8F-C197-4994-BBC0-CC08696E0EE7} - System32\Tasks\CCleanerSkipUAC => F:\Wartung\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2012-06-01 10:42 - 2012-06-01 10:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-11-24 22:36 - 2014-11-24 22:36 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-24 22:36 - 2014-11-24 22:36 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () F:\Internet\FileZilla\fzshellext_64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () F:\Tools\Unlocker\UnlockerCOM.dll
2014-08-11 15:51 - 2014-06-12 15:09 - 00736450 _____ () F:\Entwicklung\Git\git-cheetah\git_shell_ext64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () F:\Entwicklung\Notepad++\NppShell_06.dll
2012-08-16 04:11 - 2012-08-16 04:11 - 03333632 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-20 19:52 - 2015-01-20 19:52 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll
2014-11-24 22:36 - 2014-11-24 22:36 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-07-16 16:58 - 2015-01-27 11:04 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-07-16 16:58 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-01-20 23:43 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-20 23:43 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-20 23:43 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-20 23:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-20 23:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-12-02 10:56 - 2010-12-02 10:56 - 00815104 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-01-09 13:45 - 2011-01-09 13:45 - 00088064 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 08:59 - 2012-06-14 08:59 - 02414080 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 04:17 - 2012-05-17 04:17 - 01000448 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00085504 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00054272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 08:14 - 2011-04-12 08:14 - 00063488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 13:16 - 2010-11-01 13:16 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 04:40 - 2012-04-27 04:40 - 00118272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2014-11-24 22:36 - 2014-11-24 22:36 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-16 16:52 - 2010-08-05 13:39 - 00045056 _____ () C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\WMINPUT.DLL
2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () F:\Office\Evernote\libxml2.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () F:\Office\Evernote\libtidy.dll
2014-07-16 17:00 - 2012-08-03 09:41 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-07-16 17:00 - 2012-08-03 15:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-07-16 16:59 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-07-16 16:59 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-07-16 16:59 - 2012-03-21 11:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-07-16 17:00 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2014-07-16 16:59 - 2012-05-25 09:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-07-16 16:59 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-07-16 16:59 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-07-16 16:59 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-07-16 16:59 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-07-16 16:58 - 2010-08-23 03:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2014-07-16 16:59 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-07-16 17:01 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2014-07-16 17:01 - 2010-09-23 10:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2014-07-16 17:01 - 2010-02-25 13:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2014-07-16 16:59 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-07-16 16:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-911010182-206266418-2943002704-500 - Administrator - Disabled)
Gast (S-1-5-21-911010182-206266418-2943002704-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-911010182-206266418-2943002704-1002 - Limited - Enabled)
[mein Name] (S-1-5-21-911010182-206266418-2943002704-1000 - Administrator - Enabled) => C:\Users\[mein Name]

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 11:11:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/27/2015 11:11:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/27/2015 11:11:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/27/2015 11:04:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 11:08:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 08:46:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/26/2015 08:46:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/26/2015 08:46:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/26/2015 08:39:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 07:22:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (01/27/2015 11:04:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/26/2015 11:08:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/26/2015 08:39:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/26/2015 07:15:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/20/2015 09:54:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/20/2015 09:54:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎01.‎2015 um 21:45:40 unerwartet heruntergefahren.

Error: (01/20/2015 01:37:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/20/2015 01:37:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/20/2015 11:51:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/20/2015 01:06:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (01/27/2015 11:11:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/27/2015 11:11:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/27/2015 11:11:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/27/2015 11:04:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 11:08:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 08:46:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/26/2015 08:46:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/26/2015 08:46:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/26/2015 08:39:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 07:22:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2015-01-27 11:12:53.397
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 11:04:49.884
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-26 23:08:21.196
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-26 20:55:54.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-26 20:39:49.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-26 19:25:50.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-26 19:15:43.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 01:29:33.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:59:24.209
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-21 00:50:20.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 14%
Total physical RAM: 16300.99 MB
Available physical RAM: 13981.32 MB
Total Pagefile: 32600.16 MB
Available Pagefile: 30278.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:80.03 GB) (Free:37.88 GB) NTFS
Drive d: (Projekte) (Fixed) (Total:150.27 GB) (Free:106.96 GB) NTFS
Drive e: (Medien) (Fixed) (Total:250.49 GB) (Free:88.64 GB) NTFS
Drive f: (Software) (Fixed) (Total:195.29 GB) (Free:172.89 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:158.22 GB) (Free:74.73 GB) NTFS
Drive x: (1913_26012015) (CDROM) (Total:0.07 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A631432D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: CFB82CA6)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 27.01.2015, 18:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



hi,

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

__________________
--> Maus wurde fremdgesteuert; Suche nach der Ursache

Alt 27.01.2015, 22:23   #7
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Dazu direkt eine Verständnisfrage: Soll ich die Funde in die Quarantäne verschieben oder löschen? Ich gehe jetzt mal von Zweiterem aus, aber da die bebilderte Anleitung dem widerspricht, frage ich lieber nochmal nach.

Okay, der Scan ist fertig. Zwei Installationsdateien gefunden. Das angegebene Risiko war allerdings "kein Risiko" und davon gehe ich auch aus, hab die Dateien trotzdem gelöscht, weil ich sie ohnehin nicht brauche.

Emergency-Kit-Log:
Code:
ATTFilter
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 27.01.2015 21:01:22
Benutzerkonto: [mein PC-Name]sPC\[mein Name]

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	27.01.2015 21:01:40
E:\Downloads\Installationsdateien\Core Temp.exe 	gefunden: Application.Bundler.InstallIQ.A (B)
E:\Downloads\Installationsdateien\DAEMON Tools Lite.exe 	gefunden: Application.Win32.InstallAd (A)

Gescannt	1140997
Gefunden	2

Scan Ende:	27.01.2015 23:15:00
Scan Zeit:	2:13:20

E:\Downloads\Installationsdateien\DAEMON Tools Lite.exe	Gelöscht Application.Win32.InstallAd (A)
E:\Downloads\Installationsdateien\Core Temp.exe	Gelöscht Application.Bundler.InstallIQ.A (B)

Gelöscht	2
         
Hab außerdem in der Ereignisanzeige diese Meldung gefunden und würde gern wissen, ob die potentiell verdächtig sein könnte. Tritt quasi bei jedem Systemstart auf:

Zitat:
Von der Codeintegrität wurde festgestellt, dass die Seitenhashes einer Abbilddatei ungültig sind. Die Datei ist möglicherweise nicht ordnungsgemäß mit Seitenhashes signiert oder wurde durch eine nicht autorisierte Änderung beschädigt. Die ungültigen Hashes können auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume3\Windows\System32\sxs.dll

Alt 28.01.2015, 11:32   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Also ich sehe nix was auf RAT oder fernsteuern hinweist.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 13:12   #9
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Okay, dann danke ich dir in jedem Fall schonmal bis hierhin. Vielleicht sollte ich mal entsprechende Programme von einer Live-CD ausführen, damit sich die potentiellen Schädlinge nicht tarnen können? Könntest du mir da was empfehlen oder hast du eine Idee, wie die Situation sonst zustande gekommen sein könnte?

Alt 28.01.2015, 16:24   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Idee hab ich keine. Wir können auch mal von aussen scannen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 17:37   #11
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Das werde ich sobald wie möglich tun, momentan erlaubt mir die Uni das nicht, ich melde mich dann aber wieder, wenn sich das etwas entspannt (voraussichtlich nächsten Dienstag).

Alt 30.01.2015, 06:19   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.02.2015, 13:18   #13
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



So, hab's jetzt endlich geschafft. Eine kurze Frage: Habe ich auf diese Art und Weise, also indem ich die Programme aus der Systemreparatur heraus starte, denn tatsächlich eine höhere Chance, Malware, Rootkits und Konsorten zu erkennen und ist das Ganze nicht schon zu sehr mit dem Betriebssystem verbunden, sodass Schadsoftware, die sich vor dem BS versteckt, auch von dort aus nicht erkannt werden kann?

Die ominöse "balsdfj.exe" auf dem Desktop ist eine von mir umbenannte Anti-Malware-exe, also alles in Ordnung, die kannst du ignorieren.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by SYSTEM on MININT-6QDAC04 on 04-02-2015 14:13:34
Running from i:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-08] (AVAST Software)
HKLM-x32\...\Run: [ChallengerUlti[mein Name]] => C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\Ttsystray3.exe [1254912 2010-08-05] (Chicony)
HKLM-x32\...\Run: [ChallengerUlti[mein Name]OSD] => C:\Program Files (x86)\Thermaltake Ttesports Ulti[mein Name]\tTOSD2k1001.exe [634880 2010-08-05] (Chicony)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\[mein Name]\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] ()
HKU\[mein Name]\...\Run: [DAEMON Tools Lite] => "F:\Tools\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\[mein Name]\...\Run: [Akamai NetSession Interface] => "C:\Users\[mein Name]\AppData\Local\Akamai\netsession_win.exe"
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> F:\Office\Evernote\EvernoteClipper.exe (No File)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mausarm.lnk
ShortcutTarget: Mausarm.lnk -> F:\Tools\Mausarm\Mausarm.exe (No File)
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
ShortcutTarget: Omnimo.lnk -> E:\Dokumente\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
S2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 DAUpdaterSvc; G:\Dragon Age - Origins\bin_ship\DAUpdaterSvc.Service.exe [X]
S2 SkypeUpdate; F:\Kommunikation\Skype\Updater\Updater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-27] (Emsisoft GmbH)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-16] (Disc Soft Ltd)
S4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys A87FC6E3670DB55788184FE3A3808712
C:\Windows\System32\DRIVERS\atikmpag.sys 971F3B12C24BB83B48F8CCA2ED019906
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys EE4797DFEBBE8ACDB548DD8E80BE0A88
C:\Windows\System32\DRIVERS\amd_xata.sys D56EAD71A86FD2ACAE2DB47D0A6A3A41
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asahci64.sys EB6DC008A1F36DFD7999EB57E97EAACE
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\System32\DRIVERS\asmthub3.sys 22842362DF890F5492F85AA60916A697
C:\Windows\System32\DRIVERS\asmtxhci.sys 08E2D77766CC05E75A0707207D9FC684
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\ASUSstpt.sys 7882BB401553008C3D17251D98474412
C:\Windows\System32\DRIVERS\ASUSumsc.sys 23041D6FADF1287457E12CDBE2466554
C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC
C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C
C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095
C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D
C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30
C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6
C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782
C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 33497249626E7787AA5CEA99B226CCA6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\EEK\bin\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 8524178B895E4BC04776B319DA3A70EC
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 3713DACCA1025B05A6343104112708D9
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 504901430B6E03B99EBB6BF26E0868C6
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 1352B215BDC5807A5641E7C143796DD7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 13:30 - 2015-02-04 13:30 - 00000000 _____ () C:\Users\[mein Name]\Desktop\Neues Textdokument.txt
2015-02-04 13:24 - 2015-02-04 13:17 - 00380416 _____ () C:\Users\[mein Name]\Desktop\balsdfj.exe
2015-01-27 20:59 - 2015-01-27 20:59 - 00000750 _____ () C:\Users\[mein Name]\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-27 20:59 - 2015-01-27 20:59 - 00000000 ____D () C:\EEK
2015-01-27 20:57 - 2015-01-27 20:34 - 169133552 _____ () C:\Users\[mein Name]\Desktop\EmsisoftEmergencyKit.exe
2015-01-27 20:56 - 2015-01-27 20:56 - 00000390 _____ () C:\Users\[mein Name]\Desktop\Meldung.txt
2015-01-27 11:16 - 2015-01-27 11:16 - 00034886 _____ () C:\Users\[mein Name]\Desktop\Addition.txt
2015-01-26 20:48 - 2015-01-26 20:55 - 00000000 ____D () C:\Users\[mein Name]\Desktop\mbar
2015-01-26 20:40 - 2015-01-26 20:01 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\[mein Name]\Desktop\tdsskiller.exe
2015-01-26 19:16 - 2015-02-04 14:13 - 00000000 ____D () C:\FRST
2015-01-26 19:16 - 2015-01-27 11:16 - 00029366 _____ () C:\Users\[mein Name]\Desktop\FRST.txt
2015-01-26 19:16 - 2015-01-26 19:13 - 02129920 _____ (Farbar) C:\Users\[mein Name]\Desktop\FRST64.exe
2015-01-26 19:15 - 2015-01-27 20:41 - 00001322 _____ () C:\Windows\PFRO.log
2015-01-21 00:50 - 2015-01-21 00:50 - 00012471 _____ () C:\Users\[mein Name]\Desktop\hijackthis.log
2015-01-21 00:44 - 2015-01-26 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 00:43 - 2015-01-21 00:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\[mein Name]\Desktop\HijackThis.exe
2015-01-21 00:42 - 2015-01-21 00:26 - 16466552 _____ (Malwarebytes Corp.) C:\Users\[mein Name]\Desktop\mbar-1.08.3.1004.exe
2015-01-21 00:40 - 2015-01-21 00:40 - 02651496 _____ () C:\Users\[mein Name]\Desktop\OTL.Txt
2015-01-21 00:36 - 2015-01-21 00:25 - 00602112 _____ (OldTimer Tools) C:\Users\[mein Name]\Desktop\otl.exe
2015-01-20 23:52 - 2015-01-26 20:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-20 23:52 - 2015-01-26 20:48 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-20 23:52 - 2015-01-20 23:52 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 23:52 - 2015-01-20 23:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-20 23:52 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-01-20 23:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-01-20 23:43 - 2015-01-20 23:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 23:43 - 2015-01-20 23:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 23:43 - 2015-01-20 23:43 - 00001386 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-20 23:43 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2015-01-18 21:48 - 2015-01-18 21:48 - 00271640 _____ () C:\Windows\Minidump\011815-10124-01.dmp
2015-01-16 10:47 - 2015-01-16 10:47 - 00275936 _____ () C:\Windows\Minidump\011615-13353-01.dmp
2015-01-16 10:43 - 2015-01-16 10:43 - 00271640 _____ () C:\Windows\Minidump\011615-10296-01.dmp
2015-01-16 10:35 - 2015-01-18 21:48 - 317814034 _____ () C:\Windows\MEMORY.DMP
2015-01-16 10:35 - 2015-01-16 10:35 - 00275936 _____ () C:\Windows\Minidump\011615-13244-01.dmp
2015-01-14 12:22 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-14 12:22 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-14 12:22 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-14 12:22 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-14 12:22 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-14 12:22 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:22 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:22 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-14 12:22 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-14 12:22 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:22 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:08 - 2015-01-13 13:08 - 00001567 _____ () C:\Users\[mein Name]\Desktop\Player.txt
2015-01-13 13:07 - 2015-01-13 13:07 - 00001054 _____ () C:\Users\[mein Name]\Desktop\Server.txt
2015-01-13 13:06 - 2015-01-13 13:06 - 00001822 _____ () C:\Users\[mein Name]\Desktop\Client.txt
2015-01-12 23:42 - 2015-02-04 13:23 - 00002296 _____ () C:\Windows\setupact.log
2015-01-12 23:42 - 2015-01-12 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 13:46 - 2015-01-20 22:05 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for [mein Computername]sPC-[mein Name] [mein Computername]sPC
2015-01-11 22:40 - 2015-01-11 22:40 - 00000000 ____D () C:\Program Files (x86)\Skype
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\Program Files\Apache Software Foundation
2015-01-07 20:24 - 2015-01-07 20:24 - 00000890 _____ () C:\Users\Public\Desktop\NetBeans IDE 8.0.2.lnk
2015-01-06 22:39 - 2015-01-07 21:45 - 00005210 _____ () C:\Users\[mein Name]\Desktop\Schmutzosophie.txt
2015-01-06 20:09 - 2015-01-06 20:09 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Macromedia
2015-01-06 20:08 - 2015-01-06 20:08 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Mozilla
2015-01-06 14:23 - 2015-01-06 14:23 - 00058826 _____ () C:\Windows\SysWOW64\CCCInstall_201501061423450181.log
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\ProgramData\ATI
2015-01-06 14:23 - 2015-01-06 14:23 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 13:31 - 2014-07-16 13:26 - 01195966 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 13:30 - 2011-04-12 08:43 - 01819150 _____ () C:\Windows\System32\perfh007.dat
2015-02-04 13:30 - 2011-04-12 08:43 - 00497442 _____ () C:\Windows\System32\perfc007.dat
2015-02-04 13:30 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-04 13:30 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 13:30 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 13:27 - 2014-07-21 12:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 13:24 - 2014-07-16 17:02 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-04 13:23 - 2014-07-16 15:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 13:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 23:16 - 2014-07-16 15:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 23:02 - 2014-07-16 17:07 - 00000000 _____ () C:\Windows\Path.idx
2015-01-27 20:54 - 2014-07-16 15:57 - 00112768 _____ () C:\Users\[mein Name]\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 20:41 - 2009-07-14 05:45 - 05063464 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-27 11:14 - 2014-07-16 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-27 11:13 - 2011-04-12 08:55 - 00000000 ____D () C:\Windows\ShellNew
2015-01-27 11:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-27 11:10 - 2014-07-16 19:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-27 11:10 - 2014-07-16 19:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-27 11:10 - 2014-07-16 15:57 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Adobe
2015-01-27 11:08 - 2014-07-16 13:26 - 00000000 ____D () C:\users\[mein Name]
2015-01-27 11:07 - 2014-08-25 16:27 - 00000000 ____D () C:\Users\[mein Name]\AppData\Local\Adobe
2015-01-27 11:06 - 2014-08-28 11:09 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-20 21:45 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Skype
2015-01-20 21:33 - 2014-07-17 15:45 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\TS3Client
2015-01-19 12:53 - 2014-12-11 00:01 - 00000000 ____D () C:\ProgramData\Unity
2015-01-18 21:48 - 2014-11-10 16:48 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 19:27 - 2014-07-21 12:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 19:27 - 2014-07-21 12:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 19:27 - 2014-07-21 12:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 13:16 - 2014-07-16 14:46 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-14 13:13 - 2014-07-16 14:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-13 15:02 - 2014-11-19 16:30 - 00000474 _____ () C:\Users\[mein Name]\Desktop\Woche.txt
2015-01-12 13:46 - 2014-09-18 09:13 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\FileZilla
2015-01-12 13:46 - 2014-07-16 18:57 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\DAEMON Tools Lite
2015-01-12 13:41 - 2014-07-16 16:08 - 00000000 ____D () C:\AMD
2015-01-11 22:40 - 2014-07-16 19:43 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 20:27 - 2014-07-22 10:41 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\NetBeans
2015-01-07 20:27 - 2014-07-22 10:35 - 00000000 ____D () C:\Users\[mein Name]\.nbi
2015-01-06 20:08 - 2014-08-11 15:18 - 00000000 ____D () C:\Users\[mein Name]\AppData\Roaming\Mozilla
2015-01-06 14:23 - 2014-07-16 16:09 - 00000000 ____D () C:\ProgramData\AMD
2015-01-06 14:23 - 2014-07-16 13:40 - 00000000 ____D () C:\Program Files\AMD
2015-01-06 14:23 - 2014-07-16 13:37 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-01-06 14:22 - 2014-07-16 16:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 14:22 - 2014-07-16 16:09 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== BCD ================================

Start-Manager fr Firmware
--------------------------
Bezeichner              {fwbootmgr}
displayorder            {bootmgr}
                        {dd03586a-0ce9-11e4-960b-ee5bab69ba89}
                        {dd035869-0ce9-11e4-960b-ee5bab69ba89}
timeout                 0

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {dd03586c-0ce9-11e4-960b-ee5bab69ba89}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Firmwareanwendung (101fffff)
----------------------------
Bezeichner              {dd035869-0ce9-11e4-960b-ee5bab69ba89}
description             CD/DVD Drive 

Firmwareanwendung (101fffff)
----------------------------
Bezeichner              {dd03586a-0ce9-11e4-960b-ee5bab69ba89}
description             Hard Drive 

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {dd03586c-0ce9-11e4-960b-ee5bab69ba89}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\dd03586e-0ce9-11e4-960b-ee5bab69ba89\Winre.wim,{dd03586f-0ce9-11e4-960b-ee5bab69ba89}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\dd03586e-0ce9-11e4-960b-ee5bab69ba89\Winre.wim,{dd03586f-0ce9-11e4-960b-ee5bab69ba89}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {dd03586c-0ce9-11e4-960b-ee5bab69ba89}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {dd03586f-0ce9-11e4-960b-ee5bab69ba89}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\dd03586e-0ce9-11e4-960b-ee5bab69ba89\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16300.99 MB
Available physical RAM: 15142.98 MB
Total Pagefile: 16299.19 MB
Available Pagefile: 15147.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:80.03 GB) (Free:37.63 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:158.22 GB) (Free:74.73 GB) NTFS
Drive e: (Projekte) (Fixed) (Total:150.27 GB) (Free:106.96 GB) NTFS
Drive f: (Medien) (Fixed) (Total:250.49 GB) (Free:88.65 GB) NTFS
Drive g: (Software) (Fixed) (Total:195.29 GB) (Free:172.89 GB) NTFS
Drive h: (1913_26012015) (CDROM) (Total:0.3 GB) (Free:0 GB) UDF
Drive i: () (Fixed) (Total:29.8 GB) (Free:26.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A631432D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: CFB82CA6)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 6A3260D6)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)


LastRegBack: 2015-01-14 20:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 04.02.2015, 18:46   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Zitat:
So, hab's jetzt endlich geschafft. Eine kurze Frage: Habe ich auf diese Art und Weise, also indem ich die Programme aus der Systemreparatur heraus starte, denn tatsächlich eine höhere Chance, Malware, Rootkits und Konsorten zu erkennen und ist das Ganze nicht schon zu sehr mit dem Betriebssystem verbunden, sodass Schadsoftware, die sich vor dem BS versteckt, auch von dort aus nicht erkannt werden kann?
Kein Rootkit der Welt kann ich davor verstecken, da gar kein Windows geladen wird.

Zitat:
Startup: C:\Users\[mein Name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk
ShortcutTarget: Omnimo.lnk -> E:\Dokumente\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe (No File)
kennst Du das?


SOnst ist alles sauber.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.02.2015, 21:34   #15
AquaClassic
 
Maus wurde fremdgesteuert; Suche nach der Ursache - Standard

Maus wurde fremdgesteuert; Suche nach der Ursache



Ja, das ist ein Style für Rainmeter, und das wiederum ist ein Programm, um die Desktopoberfläche zu gestalten. Halte ich nicht für verdächtig.

Heute um 15:54 wurde von meinem GMX-Mail-Account, den ich schon seit längerer Zeit nicht mehr nutze (außer für Facebook, aber ich habe mich das letzte Mal vor einer gefühlten Ewigkeit in den E-Mail-Accout eingeloggt) eine Spam-Mail an mein Adressbuch verschickt. Der Account hat(te) dasselbe Passwort wie eine ganze Reihe anderer Accounts von mir im Internet (eigentlich fast alle vor dem Mausangriff, ich war da sehr schludrig - mein Facebook-Account hatte auch dasselbe Passwort). Die E-Mails werden mir auch im Gesendet-Ordner angezeigt - ich gehe also mal davon aus, dass mein Account gehackt wurde?

Ich hab jetzt grad etwas Panik, dass das etwas mit dem Angriff vor zwei Wochen zu tun hat... wobei das GMX-Postfach dann eigentlich eine merkwürdige Wahl ist, weil ich das, wie gesagt, schon lange nicht mehr aktiv benutzt habe...

Könnte das was mit dem Angriff zu tun haben oder ist es wahrscheinlicher, dass es unabhängig davon gehackt wurde? Hat's vielleicht was mit Facebook zu tun, weil ich dort ja dasselbe Passwort hatte?

Noch eine Anmerkung dazu: Das Passwort ist grundsätzlich als sicher anzusehen (sinnlose Zahlen- und Buchstabenkombinationen, wenn auch keine Sonderzeichen), ich glaube nicht, dass es (bei vernünftiger Verschlüsselung in der Datenbank) durch einen Brute-Force-Angriff o. ä. geknackt worden sein kann. Das muss irgendwie anders passiert sein. Vielleicht habe ich das PW mal bei einem anderen Dienst verwendet, der die PWs unverschlüsselt in der Datenbank gespeichert/per E-Mail versandt hat?

Wie gesagt, gegen eine direkte Verbindung zu dem Hacker-Angriff spricht eigentlich, dass ich dieses Konto seit Ewigkeiten nicht mehr aktiv benutze, da wären doch meine aktuellen E-Mail-Konten, mein Online-Banking, PayPal, eBay, was auch immer wesentlich attraktiver gewesen, nehme ich an...

Muss dazu sagen, dass ich mich enorm unsicher und unwohl fühle - vor allem, weil das jetzt "zufälligerweise" zwei Wochen nach dem besagten Vorfall passiert...

Antwort

Themen zu Maus wurde fremdgesteuert; Suche nach der Ursache
akamai, antivirus, browser, computer, converter, cpu-z, desktop, fehler, flash player, helper, hijack, homepage, internet, maus, mozilla, prozess, realtek, refresh, registry, robot, safer networking, security, software, starten, svchost.exe, system, updates, usb, windows



Ähnliche Themen: Maus wurde fremdgesteuert; Suche nach der Ursache


  1. USB Maus geht nicht mehr - neue Maus geht nach 2 Tagen auch nicht mehr!
    Netzwerk und Hardware - 26.10.2015 (4)
  2. Wiederkehrender Trojaner nach DHL Mail + Spam Mails von meiner Emailaddy - Fremdgesteuert?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2015 (25)
  3. Internet langsam und fremdgesteuert - Virus eingefangen?
    Log-Analyse und Auswertung - 17.05.2015 (11)
  4. Windows 7 nach Anmelden Schwarzer Bildschirm mit Maus / nach einer Zeit Windows Funktioniert nicht mehr
    Alles rund um Windows - 09.02.2015 (1)
  5. Beim öffnen des DVD-Laufwerkes verhält sich die Maus wie fremdgesteuert
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (7)
  6. Blackscreen mit beweglicher Maus nach Systemstart
    Alles rund um Windows - 20.10.2014 (2)
  7. Win7: PC fremdgesteuert? FVL player von falscher Seite gedownloadet?
    Log-Analyse und Auswertung - 19.01.2014 (5)
  8. windows7: Maus- und Internetprobleme nach BKA-Trojaner
    Log-Analyse und Auswertung - 21.11.2013 (3)
  9. Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?
    Log-Analyse und Auswertung - 10.06.2013 (16)
  10. PC fremdgesteuert?
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (25)
  11. Malwarebefall, mögliche Ursache: Link angeklickt "xxx.ru, der nach Angriff a. die Website angezeigt
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  12. Weiterleitung bei Suchprogrammen ist fremdgesteuert
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (24)
  13. Suche nach angepasstem Script nach Gema-Virus und weißen Bildschirm mit ...
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  14. Maus hängt nach nach Bereinigung mit Anti-Malware von Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (9)
  15. Msn Spinnt, maus zieht selten nach,-->Log<--
    Log-Analyse und Auswertung - 18.05.2010 (3)
  16. Maus nach Virenbefall verschwunden
    Plagegeister aller Art und deren Bekämpfung - 11.02.2010 (1)
  17. Fremdgesteuert?
    Plagegeister aller Art und deren Bekämpfung - 15.05.2005 (18)

Zum Thema Maus wurde fremdgesteuert; Suche nach der Ursache - Hallo, liebe Experten. Ich habe kürzlich bereits einen Thread im Bereich "Überwachung, Datenschutz und Spam" eröffnet und davon erzählt, dass am letzten Dienstag um ungefähr 21:45 Uhr , während ich - Maus wurde fremdgesteuert; Suche nach der Ursache...
Archiv
Du betrachtest: Maus wurde fremdgesteuert; Suche nach der Ursache auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.