Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.08.2015, 23:54   #1
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Hey Leute ,
heute ist plötzlich mein Rechner , mit einem kurzen Bluescreen abgestürzt . Was da alles stand konnte ich nicht lesen , da es zu schnell weg ging .
Dann habe ich gesehen das mein Virenschutz aus ist (Avira) .

Beim Versuch Avira zu öffnen , passierte garnichts.
Beim Versuch Avira zu deinstallieren passiert auch nichts .
Beim Versuch in den Ordner von Avira unter Programme zu gehen , fehlten mir die Rechte;
(Sie verfügen momentan nicht über die Berechtigung des Zurgriffs auf diesen Ordner)

So versuchte Systemwiederherstellung zu öffnen , unter Start passierte auch nichts und öffnet sich auch nichts.

So nun wollte ich einfach Avast installieren , doppelklick auf den Installer von Avast gleich diese Fehlermeldung :"Auf das angegebene Gerät bzw. Pfad oder Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können"

Ich bin einziger Administrator , es gibt keinen anderen Benutzer . Mein Rechner ist 2 Monate alt , denn ich selbst zusammengestellt hab.

MEINE VERMUTUNG :


Ich hatte vor , mir ein Aufnahmeprogramm zu cracken.
Für die Lizensierung ,des Programms habe ich wie in dem Tutorial so ein Patch kurz laufen lassen. Für diese Schritte im Video hatte ich Avira aus , und vergessen wieder anzumachen


https://www.youtube.com/watch?v=aWKK8-jWecc


Hat es damit vielleicht was zu tun ?


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
durchgeführt von Administrator (Administrator) auf OLEG (02-08-2015 23:46:35)
Gestartet von C:\Users\Administrator\Downloads
Geladene Profile: Administrator (Verfügbare Profile: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe
(ZURvmkth8t) C:\ProgramData\208992\dl64.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [winDL] => "C:\Users\Administrator\AppData\Roaming\winDL"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientsvr.exe" [X]
HKU\S-1-5-21-2191931038-3256374100-2060679559-500\...\Run: [winDL] => "C:\Users\Administrator\AppData\Roaming\winDL"
HKU\S-1-5-21-2191931038-3256374100-2060679559-500\...\RunOnce: [WinDL] => C:\ProgramData\208992\dl64.exe [638976 2015-08-02] (ZURvmkth8t)
HKU\S-1-5-18\...\Run: [winDL] => "C:\Windows\system32\config\systemprofile\AppData\Roaming\winDL"
HKU\S-1-5-18\...\RunOnce: [WinDL] => C:\ProgramData\208992\dl64.exe [638976 2015-08-02] (ZURvmkth8t)
IFEO\AvastSvc.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\AvastUI.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avcenter.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avconfig.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avgcsrvx.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avgidsagent.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avgnt.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avgrsx.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avgui.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avgwdsvc.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\Avira.Systray.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\avp.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\bdagent.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\ccuac.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\ComboFix.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\egui.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\hijackthis.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\instup.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\keyscrambler.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\mbam.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\mbamgui.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\mbampt.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\mbamscheduler.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\mbamservice.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\MpCmdRun.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\MSASCui.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\msseces.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\rstrui.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\spybotsd.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\wireshark.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\wsctool.exe: [Debugger] C:\ProgramData\208992\dl64.exe
IFEO\zlclient.exe: [Debugger] C:\ProgramData\208992\dl64.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G2t6bIXtKRzH.lnk [2015-08-02]
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iXtKRzH.lnk [2015-08-02]
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\z6bIXtK.lnk [2015-08-02]

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2191931038-3256374100-2060679559-500 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-2191931038-3256374100-2060679559-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2F496DC7-DC04-4051-9D96-3459870624F0}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{31862F27-ADAA-4112-A282-18F22410A0ED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{51E58278-6273-4519-9D44-B199C99D5CF0}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fIJUrdmx.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-05-22] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-2191931038-3256374100-2060679559-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fIJUrdmx.default\Extensions\abs@avira.com [2015-05-26]

Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-07-25]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-25]
CHR Extension: (agar.io server browser) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-07-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-07-27] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation)
S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-02 23:46 - 2015-08-02 23:46 - 02169856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-08-02 23:46 - 2015-08-02 23:46 - 00014794 _____ C:\Users\Administrator\Downloads\FRST.txt
2015-08-02 23:46 - 2015-08-02 23:46 - 00000000 ____D C:\FRST
2015-08-02 23:35 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-02 23:35 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-02 23:35 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-02 23:35 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-02 23:34 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-02 23:15 - 2015-08-02 23:17 - 69999448 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2015-08-02 23:08 - 2015-08-02 23:09 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_de_av_55be86d43bd7c__ws.exe
2015-08-02 23:02 - 2015-08-02 23:36 - 00001540 _____ C:\Windows\setupact.log
2015-08-02 23:02 - 2015-08-02 23:35 - 00002596 _____ C:\Windows\PFRO.log
2015-08-02 23:02 - 2015-08-02 23:02 - 00000000 _____ C:\Windows\setuperr.log
2015-08-02 22:44 - 2015-08-02 22:57 - 00000000 ____D C:\Windows\Minidump
2015-08-02 22:43 - 2015-08-02 22:43 - 00712704 __RSH (aktl8tnbT) C:\Users\Administrator\AppData\Roaming\317871066123431.exe
2015-08-02 22:41 - 2015-08-02 22:41 - 00000006 __RSH C:\ProgramData\b446e5a15ad88b537dfc54bdd16426afd09c1664
2015-08-02 22:41 - 2015-08-02 22:41 - 00000000 __SHD C:\ProgramData\209092
2015-08-02 22:41 - 2015-08-02 22:41 - 00000000 __SHD C:\ProgramData\208992
2015-08-02 22:40 - 2015-08-02 22:40 - 00638976 __RSH (ZURvmkth8t) C:\Windows\SysWOW64\clientsvr.exe
2015-08-02 22:40 - 2015-08-02 22:40 - 00638976 __RSH (ZURvmkth8t) C:\Users\Administrator\AppData\Roaming\39932661720964.exe
2015-08-02 22:37 - 2015-08-02 23:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Default Folder
2015-08-02 22:37 - 2015-08-02 22:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Imminent
2015-08-02 22:37 - 2015-08-02 22:37 - 00000000 ____D C:\Default Folder
2015-08-02 22:36 - 2015-08-02 22:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\zSILlzC
2015-08-02 22:36 - 2015-08-02 22:36 - 00712704 ____H (GURvnkth8tn) C:\Users\Administrator\AppData\Roaming\262361265626012.exe
2015-08-02 22:31 - 2015-08-02 22:31 - 00599040 __RSH (TtnbTaRjJ) C:\Users\Administrator\AppData\Roaming\858768467368.exe
2015-08-02 20:26 - 2015-08-02 22:47 - 00000000 __SHD C:\Users\Administrator\AppData\Roaming\VSILlzCwXBSr
2015-08-02 20:25 - 2015-08-02 20:25 - 00599040 __RSH (TtnbTaRjJ) C:\Users\Administrator\AppData\Roaming\837264939096.exe
2015-08-02 20:16 - 2015-08-02 20:38 - 00000000 __SHD C:\Users\Administrator\AppData\Roaming\ESILlzCwXBS
2015-08-02 20:16 - 2015-08-02 20:16 - 00000000 ____D C:\Users\Administrator\Documents\Action!
2015-08-02 20:16 - 2015-08-02 20:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mirillis
2015-08-02 20:16 - 2015-08-02 20:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mirillis
2015-08-02 20:16 - 2015-08-02 20:16 - 00000000 ____D C:\ProgramData\Mirillis
2015-08-02 20:16 - 2013-05-28 22:23 - 00652288 _____ C:\Windows\system32\ficvdec_x64.dll
2015-08-02 20:16 - 2013-05-28 22:22 - 00641024 _____ C:\Windows\SysWOW64\ficvdec_x86.dll
2015-08-02 20:14 - 2015-08-02 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-08-01 11:39 - 2015-08-02 21:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Audacity
2015-08-01 11:36 - 2015-08-01 11:36 - 00000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-07-30 21:48 - 2015-07-18 16:27 - 00000000 ____D C:\Users\Administrator\Desktop\Takania2-Client
2015-07-28 10:29 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 10:29 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 10:29 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 10:29 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 10:29 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 10:29 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 10:29 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 10:29 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 20:15 - 2015-04-09 05:23 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-27 20:15 - 2015-04-09 05:09 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-27 20:15 - 2015-03-20 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-07-27 20:15 - 2015-03-20 05:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-07-27 20:15 - 2014-09-10 00:16 - 00377784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-07-27 20:15 - 2013-07-05 04:53 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2015-07-27 20:15 - 2013-02-27 07:25 - 00180584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2015-07-27 20:15 - 2012-07-30 20:38 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2015-07-27 20:15 - 2012-07-30 20:38 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2015-07-27 20:15 - 2012-07-30 19:40 - 00115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2015-07-27 12:27 - 2015-07-27 12:27 - 00003104 _____ C:\Windows\System32\Tasks\{CDF820F4-DC58-43F0-9F10-8D34F8D02643}
2015-07-27 11:16 - 2015-07-02 14:14 - 00022030 _____ C:\Users\Administrator\Desktop\Reflector.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00009815 _____ C:\Users\Administrator\Desktop\TextureAnimations.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00009327 _____ C:\Users\Administrator\Desktop\PlayerItemParser.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00008793 _____ C:\Users\Administrator\Desktop\WorldServerOF.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00008538 _____ C:\Users\Administrator\Desktop\mq.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00007433 _____ C:\Users\Administrator\Desktop\RandomMobs.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00006435 _____ C:\Users\Administrator\Desktop\qh.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00006089 _____ C:\Users\Administrator\Desktop\NaturalTextures.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00005683 _____ C:\Users\Administrator\Desktop\mr.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00005297 _____ C:\Users\Administrator\Desktop\qi.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00004342 _____ C:\Users\Administrator\Desktop\PlayerConfigurationParser.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00003657 _____ C:\Users\Administrator\Desktop\TextureAnimation.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00003440 _____ C:\Users\Administrator\Desktop\qd.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00003320 _____ C:\Users\Administrator\Desktop\ModelSprite.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00003015 _____ C:\Users\Administrator\Desktop\PlayerItemModel.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00003001 _____ C:\Users\Administrator\Desktop\VersionCheckThread.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002936 _____ C:\Users\Administrator\Desktop\Json.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002561 _____ C:\Users\Administrator\Desktop\RenderPlayerOF.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002490 _____ C:\Users\Administrator\Desktop\ReflectorMethod.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002340 _____ C:\Users\Administrator\Desktop\NextTickHashSet.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002329 _____ C:\Users\Administrator\Desktop\ReflectorConstructor.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002290 _____ C:\Users\Administrator\Desktop\PlayerConfigurations.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00002249 _____ C:\Users\Administrator\Desktop\ReflectorField.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001899 _____ C:\Users\Administrator\Desktop\WrDisplayListAllocator.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001829 _____ C:\Users\Administrator\Desktop\ReflectorClass.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001728 _____ C:\Users\Administrator\Desktop\qe.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001598 _____ C:\Users\Administrator\Desktop\PlayerConfigurationReceiver.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001507 _____ C:\Users\Administrator\Desktop\ReflectorForge.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001348 _____ C:\Users\Administrator\Desktop\PlayerConfiguration.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001227 _____ C:\Users\Administrator\Desktop\WrDisplayListBlock.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001215 _____ C:\Users\Administrator\Desktop\RangeListInt.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001091 _____ C:\Users\Administrator\Desktop\NaturalProperties.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001046 _____ C:\Users\Administrator\Desktop\qj.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00001015 _____ C:\Users\Administrator\Desktop\WorldServerMultiOF.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000925 _____ C:\Users\Administrator\Desktop\PlayerItemRenderer.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000903 _____ C:\Users\Administrator\Desktop\j.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000855 _____ C:\Users\Administrator\Desktop\RangeInt.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000732 _____ C:\Users\Administrator\Desktop\TextureUtils$2.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000575 _____ C:\Users\Administrator\Desktop\NbtTagValue.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000528 _____ C:\Users\Administrator\Desktop\TextureUtils$1.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000368 _____ C:\Users\Administrator\Desktop\VertexData.class
2015-07-27 11:16 - 2015-07-02 14:14 - 00000296 _____ C:\Users\Administrator\Desktop\ModelPlayerItem.class
2015-07-27 11:16 - 1980-01-01 00:00 - 00008391 ____N C:\Users\Administrator\Desktop\TextureUtils.class
2015-07-27 11:16 - 1980-01-01 00:00 - 00001170 ____N C:\Users\Administrator\Desktop\ResourceUtils.class
2015-07-25 18:22 - 2015-07-25 18:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2015-07-25 15:35 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-25 15:35 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-25 15:35 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-25 15:35 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-25 15:35 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-25 15:35 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-25 15:35 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-25 15:35 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-25 15:35 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-25 15:35 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-25 15:35 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-25 15:35 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-25 15:35 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-25 15:35 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-25 15:35 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-25 15:35 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-25 15:35 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-25 15:35 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-25 15:35 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-25 15:35 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-25 15:35 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-25 15:35 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-25 15:35 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-25 15:35 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-25 15:35 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-25 15:35 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-25 15:35 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-25 15:34 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-25 15:34 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-25 15:34 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-25 15:34 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-25 15:34 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-25 15:34 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-25 15:34 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-25 15:34 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-25 15:34 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-25 15:34 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-25 15:34 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-25 15:34 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-25 15:34 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-25 15:34 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-25 15:34 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-25 15:34 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-25 15:34 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-25 15:34 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-25 15:34 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-25 15:34 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-25 15:34 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-25 15:34 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-25 15:34 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-25 15:34 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-25 15:34 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-25 15:34 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-25 15:34 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-25 15:34 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-25 15:34 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-25 15:34 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-25 15:34 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-25 15:34 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-25 15:34 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-25 15:34 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-25 15:34 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-25 15:34 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-25 15:34 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-25 15:34 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-25 15:34 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-25 15:34 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-25 15:34 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-25 15:34 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-25 15:34 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-25 15:34 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-25 15:34 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-25 15:34 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-25 15:34 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-25 15:34 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-25 15:34 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-25 15:34 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-25 15:34 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-25 15:34 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-25 15:34 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-25 15:34 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-25 15:34 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-25 15:34 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-25 15:33 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-25 15:33 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-25 15:33 - 2015-07-01 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-25 15:33 - 2015-07-01 20:25 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-25 15:33 - 2015-07-01 20:21 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-25 15:33 - 2015-07-01 20:21 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-25 15:33 - 2015-07-01 20:21 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-25 15:33 - 2015-07-01 20:21 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-25 15:33 - 2015-07-01 20:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-25 15:33 - 2015-07-01 20:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-25 15:33 - 2015-07-01 20:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-25 15:33 - 2015-07-01 20:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-25 15:33 - 2015-07-01 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-25 15:33 - 2015-07-01 20:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-25 15:33 - 2015-07-01 19:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-25 15:33 - 2015-07-01 19:51 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-25 15:33 - 2015-07-01 19:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-25 15:33 - 2015-07-01 19:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-25 15:33 - 2015-07-01 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-25 15:33 - 2015-07-01 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-25 15:33 - 2015-07-01 19:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-25 15:33 - 2015-07-01 18:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-25 15:33 - 2015-07-01 18:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-25 15:33 - 2015-07-01 18:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-25 15:33 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-25 15:33 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-25 15:33 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-25 15:33 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-25 15:33 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-25 15:33 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-25 15:33 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-25 15:33 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-25 15:33 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-25 15:33 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-25 15:33 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-25 15:33 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-25 15:33 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-25 15:33 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-25 15:33 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-25 15:33 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-25 15:33 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-25 15:33 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-25 15:33 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-25 15:33 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-25 15:26 - 2015-07-25 15:26 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-07-25 15:26 - 2015-07-25 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-25 15:26 - 2015-07-25 15:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-25 15:26 - 2015-07-14 11:44 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-10 19:28 - 2015-08-02 17:02 - 00000000 ___HD C:\$Windows.~BT
2015-07-05 20:07 - 2015-07-05 20:07 - 00000550 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-07-05 20:07 - 2015-07-05 20:07 - 00000550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-02 23:44 - 2015-05-22 17:18 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-02 23:44 - 2015-05-22 17:18 - 00000000 ____D C:\ProgramData\Oracle
2015-08-02 23:44 - 2015-05-22 17:18 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-02 23:44 - 2015-05-22 15:45 - 01325474 _____ C:\Windows\WindowsUpdate.log
2015-08-02 23:43 - 2009-07-14 06:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-02 23:43 - 2009-07-14 06:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-02 23:42 - 2015-05-26 17:24 - 00000000 ___RD C:\Program Files (x86)\Avira
2015-08-02 23:41 - 2009-07-14 19:58 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-08-02 23:41 - 2009-07-14 19:58 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-08-02 23:41 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-02 23:38 - 2015-05-22 16:10 - 00044328 _____ C:\Windows\SysWOW64\Gms.log
2015-08-02 23:36 - 2015-05-22 15:54 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-02 23:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-02 23:31 - 2015-06-06 19:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-08-02 23:18 - 2015-05-22 15:49 - 01592628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-02 23:02 - 2015-05-25 17:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2015-08-02 22:58 - 2015-05-25 20:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-08-02 22:57 - 2015-06-05 10:57 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-02 22:57 - 2015-05-28 16:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TS3Client
2015-08-02 20:23 - 2015-06-13 16:44 - 00000000 ____D C:\Users\Administrator\Desktop\Alle Ordner
2015-08-02 17:05 - 2015-05-22 22:40 - 00000000 ____D C:\Windows\Panther
2015-08-01 21:04 - 2015-05-25 17:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-08-01 21:01 - 2009-07-14 06:45 - 00273304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-01 15:33 - 2015-06-05 17:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2015-08-01 11:34 - 2015-05-25 17:24 - 00059632 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-30 13:04 - 2015-05-26 17:29 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-30 13:04 - 2015-05-26 17:29 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-30 13:04 - 2015-05-26 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 12:51 - 2015-05-22 15:52 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-28 17:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-28 11:56 - 2015-05-23 21:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-26 12:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-25 16:54 - 2015-05-23 22:26 - 00000000 ____D C:\ProgramData\Riot Games
2015-07-25 16:52 - 2015-05-31 09:51 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 16:50 - 2015-05-31 09:51 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-25 16:50 - 2015-05-23 21:59 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-25 16:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-25 16:02 - 2015-05-26 19:38 - 00000000 ____D C:\Windows\system32\MRT
2015-07-25 15:28 - 2015-05-22 15:54 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-25 15:28 - 2015-05-22 15:54 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-25 15:28 - 2015-05-22 15:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-03 20:00 - 2015-05-31 20:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\NXEPassportClient
2015-07-03 08:43 - 2015-05-26 19:38 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-02 22:36 - 2015-08-02 22:36 - 0712704 ____H (GURvnkth8tn) C:\Users\Administrator\AppData\Roaming\262361265626012.exe
2015-08-02 22:43 - 2015-08-02 22:43 - 0712704 __RSH (aktl8tnbT) C:\Users\Administrator\AppData\Roaming\317871066123431.exe
2015-08-02 22:40 - 2015-08-02 22:40 - 0638976 __RSH (ZURvmkth8t) C:\Users\Administrator\AppData\Roaming\39932661720964.exe
2015-08-02 20:25 - 2015-08-02 20:25 - 0599040 __RSH (TtnbTaRjJ) C:\Users\Administrator\AppData\Roaming\837264939096.exe
2015-08-02 22:31 - 2015-08-02 22:31 - 0599040 __RSH (TtnbTaRjJ) C:\Users\Administrator\AppData\Roaming\858768467368.exe
2015-08-01 11:36 - 2015-08-01 11:36 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-05-25 21:41 - 2015-06-14 19:01 - 0000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2015-05-30 13:53 - 2015-05-30 13:53 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2015-08-02 22:41 - 2015-08-02 22:41 - 0000006 __RSH () C:\ProgramData\b446e5a15ad88b537dfc54bdd16426afd09c1664
2015-05-22 15:54 - 2015-05-22 15:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\KRzHJklNN.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-26 10:50

==================== Ende von log ============================
         
--- --- ---


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
durchgeführt von Administrator (2015-08-02 23:46:47)
Gestartet von C:\Users\Administrator\Downloads
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2191931038-3256374100-2060679559-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2191931038-3256374100-2060679559-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2191931038-3256374100-2060679559-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

AMD Catalyst Install Manager (HKLM\...\{00957033-C081-5235-665A-A014A6E2FF7B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version:  - Exe Games Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
FileZilla Client 3.11.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.1 - Tim Kosse)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{94A137EA-92EF-441C-A7E2-6757CC08EA82}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.1 - Notepad++ Team)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
PremiumSoft Navicat Lite 10.0 (HKLM-x32\...\PremiumSoft Navicat Lite_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-2191931038-3256374100-2060679559-500\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

02-08-2015 13:46:23 Windows Update
02-08-2015 22:54:10 Windows-Sicherung
02-08-2015 23:35:24 Windows Update

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-08-02 22:58 - 00001307 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   thislineskipsanyemptylines
127.0.0.1                   mirillis.com
127.0.0.1                   www.mirillis.com
127.0.0.1                   serwer2.paka-service.com
127.0.0.1                   ns386119.ovh.net
127.0.0.1                   mirillis.pl
127.0.0.1                   thislineskipsanyemptylines


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {3254A617-B686-48CB-8F5A-B70789EDC94B} - System32\Tasks\{88AF140C-3D18-4ABC-8C22-B7D555768D49} => C:\Users\Administrator\Desktop\2011er Client(upload by LenoxMt2Tutorials\2011 Client for 1678Files\Surakopf.exe
Task: {57E82D9E-4C24-4C92-82C7-A7B0DDC0D9E5} - System32\Tasks\{E4764C9E-B17D-421D-9D19-77D9F3FAC884} => C:\Users\Administrator\Desktop\AkameMT2\AkameMT2.exe.exe
Task: {6BE32756-1D41-49CC-B812-BA3E5ED22A60} - System32\Tasks\{CDF820F4-DC58-43F0-9F10-8D34F8D02643} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105/de/abandoninstall?page=tsProgressBar
Task: {7D1089B9-F9DB-4A0A-8981-6D70B994E792} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {848CF780-578B-4AB4-84B5-574890A2FB45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {A1156A98-053A-48FB-9376-E565AC4753C6} - System32\Tasks\{068B0816-78AB-428C-89FF-3AF4465E975C} => pcalua.exe -a C:\Users\Terence\Downloads\chromeinstall-8u45.exe -d C:\Users\Terence\Downloads
Task: {A4C2A654-6310-4037-A16A-D4E007DF5EB4} - System32\Tasks\{69EBE8AD-1E86-4569-97C7-847DF0D665EB} => C:\Users\Terence\Desktop\AkameMT2\AkameMT2.exe
Task: {CA922AC6-AFEA-4A3F-A1DB-ABF4EC922C48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {E16D88B9-9D5D-44B7-A08F-99FF27E8F8CF} - System32\Tasks\{DCD61A7F-D5C3-4E19-A075-BF848C63628D} => C:\Users\Administrator\Desktop\AkameMT2\AkameMT2.exe.exe
Task: {FFBEF495-C886-4DCC-8585-21F537DF3993} - System32\Tasks\{0CD045A4-32C9-4008-B413-EB0B942548B2} => pcalua.exe -a C:\Users\Terence\Desktop\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Terence\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5896

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-08-25 16:01 - 2014-08-25 16:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2015-05-22 16:46 - 2015-05-22 16:46 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-22 16:46 - 2015-05-22 16:46 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-07-25 15:40 - 2015-07-24 00:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-25 15:40 - 2015-07-24 00:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2191931038-3256374100-2060679559-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{B367C77E-B5ED-4C8A-83DA-F198866E33EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{686F0815-B04D-48CD-8B68-A3DFB7F5739A}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{185EB71F-8F34-4A6A-86FF-FAB5BCB3FB68}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{62CB6002-2C83-41D3-AE25-5960F911DAC9}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{9F57D264-9BFF-4740-9DD2-E69FF1E7F8D8}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [TCP Query User{07882884-7765-418A-B721-1CF9708651F2}C:\users\terence\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\terence\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D9468DAC-B495-4B65-98E8-45640FEF8EE6}C:\users\terence\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\terence\appdata\local\akamai\netsession_win.exe
FirewallRules: [{12B683C6-50CA-4B01-8D83-C930BD80C54C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C00C127-07FF-42C6-A21F-3D8CE044A212}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C898197-7496-49B5-8A6A-6923946676F9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBDD4CBE-70D8-4002-BBD0-75C20B79D35C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D3F5AB6-63F9-4F29-85E9-594627036202}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{04517692-04E6-429F-AD14-F5607904E874}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{4435863E-F819-4ACD-B1D3-79D912F38C7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D1F75FC1-B8B4-420C-800D-1660FAC1E80E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FF6B3FD3-4F1C-49FF-82E3-E8402B5EC54C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{96FB15AD-0862-43FA-A1D8-9BB378A9E48F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{616377E5-9630-4958-AD96-8216AFC142E0}C:\users\administrator\desktop\akamemt2\metin2client.exe] => (Block) C:\users\administrator\desktop\akamemt2\metin2client.exe
FirewallRules: [UDP Query User{55919F14-E94B-4882-ACD6-22B28042B104}C:\users\administrator\desktop\akamemt2\metin2client.exe] => (Block) C:\users\administrator\desktop\akamemt2\metin2client.exe
FirewallRules: [TCP Query User{4EDF620F-A1AE-461B-AD6E-7F193BAD644D}C:\users\administrator\desktop\portmap by .reduction\portmap by .reduction\portmap.exe] => (Allow) C:\users\administrator\desktop\portmap by .reduction\portmap by .reduction\portmap.exe
FirewallRules: [UDP Query User{DD81B20A-817F-4BA1-B511-A9CC8F888AAA}C:\users\administrator\desktop\portmap by .reduction\portmap by .reduction\portmap.exe] => (Allow) C:\users\administrator\desktop\portmap by .reduction\portmap by .reduction\portmap.exe
FirewallRules: [{2B8BFA25-2580-4767-88F0-C57F2D4B50C8}] => (Block) C:\users\administrator\desktop\portmap by .reduction\portmap by .reduction\portmap.exe
FirewallRules: [{CCB9DD48-46AE-47A8-8860-BDFB9BF8FC92}] => (Block) C:\users\administrator\desktop\portmap by .reduction\portmap by .reduction\portmap.exe
FirewallRules: [TCP Query User{0BD9F7C6-48E5-417C-A0BC-25925B4E4ADC}C:\users\administrator\desktop\portmaps\portmaps\portmap.exe] => (Allow) C:\users\administrator\desktop\portmaps\portmaps\portmap.exe
FirewallRules: [UDP Query User{FDFE5AE0-739F-4895-B438-3662CE47113B}C:\users\administrator\desktop\portmaps\portmaps\portmap.exe] => (Allow) C:\users\administrator\desktop\portmaps\portmaps\portmap.exe
FirewallRules: [{C4392A1D-589E-4186-BA35-FCF5E60AA50D}] => (Block) C:\users\administrator\desktop\portmaps\portmaps\portmap.exe
FirewallRules: [{28497C5B-E9AE-4017-B003-C662F06E32D6}] => (Block) C:\users\administrator\desktop\portmaps\portmaps\portmap.exe
FirewallRules: [TCP Query User{2B396934-428C-4370-B01F-2425D4C45DBB}C:\users\administrator\desktop\portmap\portmap\portmap.exe] => (Allow) C:\users\administrator\desktop\portmap\portmap\portmap.exe
FirewallRules: [UDP Query User{A3349DA2-3994-4ACD-A260-9DC1EC8B6251}C:\users\administrator\desktop\portmap\portmap\portmap.exe] => (Allow) C:\users\administrator\desktop\portmap\portmap\portmap.exe
FirewallRules: [{0BBD77FA-B0C7-4CF6-9BCE-C70AB5DDDE88}] => (Block) C:\users\administrator\desktop\portmap\portmap\portmap.exe
FirewallRules: [{4A99B33D-4133-459C-80A8-D6FCB8BD3FE5}] => (Block) C:\users\administrator\desktop\portmap\portmap\portmap.exe
FirewallRules: [TCP Query User{CC02C35E-B400-4A45-AC42-4F59B536D90E}C:\users\administrator\desktop\neuer ordner (2)\portmap.exe] => (Allow) C:\users\administrator\desktop\neuer ordner (2)\portmap.exe
FirewallRules: [UDP Query User{A6FBAD1D-482D-41BA-A53E-6A2D734F3B48}C:\users\administrator\desktop\neuer ordner (2)\portmap.exe] => (Allow) C:\users\administrator\desktop\neuer ordner (2)\portmap.exe
FirewallRules: [{45721E76-2892-44DE-863E-299A428022C6}] => (Block) C:\users\administrator\desktop\neuer ordner (2)\portmap.exe
FirewallRules: [{063D84F8-1A06-433F-AA2D-ECC103A73D96}] => (Block) C:\users\administrator\desktop\neuer ordner (2)\portmap.exe
FirewallRules: [TCP Query User{1275C68F-8219-4756-81F2-FD7D2708866B}C:\users\administrator\desktop\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\administrator\desktop\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{10A31925-82AE-432B-B12C-71D76E572BE3}C:\users\administrator\desktop\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\administrator\desktop\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6A10E0D6-C99B-49CC-A0AA-F598D9D2AB8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B5592706-DC21-4AD9-8331-878FF55CC4DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F2698F43-B4A5-4651-BAB9-E9DE02FE2A26}C:\users\administrator\desktop\alle ordner\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\desktop\alle ordner\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5D38FC21-29CE-4691-AA31-A41F02A6F1BA}C:\users\administrator\desktop\alle ordner\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\desktop\alle ordner\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{12042C8A-FD58-4D99-AFFA-CB47C31457F2}] => (Allow) F:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{496738E9-6419-4855-ACDB-DC1513279D45}] => (Allow) F:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{CC31E86D-F651-41CF-803C-3C8886690F4E}F:\steam\steamapps\common\dayz\dayz.exe] => (Allow) F:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{ABEB54AB-7A4B-4709-A5CA-FBBC59BF5204}F:\steam\steamapps\common\dayz\dayz.exe] => (Allow) F:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{4C066A71-FFF2-4366-9312-261FD63D1F16}] => (Allow) F:\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{6423CF7A-25C4-4E36-B61E-CF6D513571BC}C:\program files (x86)\steam\steamapps\common\brick-force row\brickforce.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\brick-force row\brickforce.exe
FirewallRules: [UDP Query User{39140BF9-AA5F-491A-97E1-85935F168274}C:\program files (x86)\steam\steamapps\common\brick-force row\brickforce.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\brick-force row\brickforce.exe
FirewallRules: [{5BDD5C36-8743-40CC-91F3-E7D89AE8BDC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{CF2DC844-BD37-48BF-A701-8B3CC3AB2997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{FFAE0467-D329-47FC-8A42-B6FBC0C79F6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{020879F6-DAFD-42BC-8F5D-541C9112AD53}C:\users\administrator\appdata\local\temp\rar$exa0.993\takania2-client\metin2client_normal.exe] => (Allow) C:\users\administrator\appdata\local\temp\rar$exa0.993\takania2-client\metin2client_normal.exe
FirewallRules: [UDP Query User{788FCDAE-8DB2-4E89-BE7E-9B5395C623DC}C:\users\administrator\appdata\local\temp\rar$exa0.993\takania2-client\metin2client_normal.exe] => (Allow) C:\users\administrator\appdata\local\temp\rar$exa0.993\takania2-client\metin2client_normal.exe
FirewallRules: [TCP Query User{9F9D5430-22E6-4A0A-A0E0-29E6955D9892}C:\users\administrator\desktop\takania2-client\metin2client_normal.exe] => (Block) C:\users\administrator\desktop\takania2-client\metin2client_normal.exe
FirewallRules: [UDP Query User{73710857-D980-4DEF-9E66-D82178C2A420}C:\users\administrator\desktop\takania2-client\metin2client_normal.exe] => (Block) C:\users\administrator\desktop\takania2-client\metin2client_normal.exe
FirewallRules: [{5EEAF5D5-1F69-4CB8-A19F-8957282CE638}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{B1B814F5-F374-43CE-A6F3-2F868C027C49}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe
FirewallRules: [{1104ABA5-C04C-4442-A206-D86D6C62644B}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{F2E98BB5-595B-4501-9A3D-0708E3792997}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe
FirewallRules: [{C836E62F-CA9B-413F-8DB4-123492C4B17A}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{6A94AC9D-CF55-4680-9307-E1DB3718D09B}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/02/2015 11:30:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951de0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23072, Zeitstempel: 0x5563650d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c44d
ID des fehlerhaften Prozesses: 0x15e4
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.exe2
Berichtskennung: Avira.OE.Setup.Bundle.exe3

Error: (08/02/2015 11:12:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_55be86d43bd7c__ws.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951de0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23072, Zeitstempel: 0x5563650d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c44d
ID des fehlerhaften Prozesses: 0x17cc
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_55be86d43bd7c__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_55be86d43bd7c__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_55be86d43bd7c__ws.exe2
Berichtskennung: avira_de_av_55be86d43bd7c__ws.exe3

Error: (08/02/2015 11:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_55be86d43bd7c__ws.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951de0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23072, Zeitstempel: 0x5563650d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c44d
ID des fehlerhaften Prozesses: 0xac0
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_55be86d43bd7c__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_55be86d43bd7c__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_55be86d43bd7c__ws.exe2
Berichtskennung: avira_de_av_55be86d43bd7c__ws.exe3

Error: (08/02/2015 08:38:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x7745beb7
ID des fehlerhaften Prozesses: 0xf1c
Startzeit der fehlerhaften Anwendung: 0xAvira.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.Systray.exe2
Berichtskennung: Avira.Systray.exe3

Error: (08/02/2015 08:29:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x76f0beb7
ID des fehlerhaften Prozesses: 0xf80
Startzeit der fehlerhaften Anwendung: 0xAvira.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.Systray.exe2
Berichtskennung: Avira.Systray.exe3

Error: (08/02/2015 08:22:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x771dbeb7
ID des fehlerhaften Prozesses: 0xeb4
Startzeit der fehlerhaften Anwendung: 0xAvira.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.Systray.exe2
Berichtskennung: Avira.Systray.exe3

Error: (08/02/2015 08:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000008
Fehleroffset: 0x76f6beb7
ID des fehlerhaften Prozesses: 0xed0
Startzeit der fehlerhaften Anwendung: 0xAvira.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.Systray.exe2
Berichtskennung: Avira.Systray.exe3

Error: (07/05/2015 08:58:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/05/2015 08:58:09 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/05/2015 08:58:09 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


Systemfehler:
=============
Error: (08/02/2015 11:40:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (08/02/2015 11:36:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (08/02/2015 11:36:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (08/02/2015 11:36:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (08/02/2015 11:35:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Ralink - Network - RT73 USB Wireless LAN Card

Error: (08/02/2015 11:16:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (08/02/2015 11:06:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (08/02/2015 11:05:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (08/02/2015 11:05:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (08/02/2015 11:02:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.


Microsoft Office:
=========================
Error: (08/02/2015 11:30:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Setup.Bundle.exe1.1.42.1041555951de0KERNELBASE.dll6.1.7601.230725563650dc06d007e0000c44d15e401d0cd6a79d6ddebC:\ProgramData\Package Cache\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}\Avira.OE.Setup.Bundle.exeC:\Windows\syswow64\KERNELBASE.dllb7c870b4-395d-11e5-bb8c-d8cb8a1fbf3c

Error: (08/02/2015 11:12:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avira_de_av_55be86d43bd7c__ws.exe1.1.42.1041555951de0KERNELBASE.dll6.1.7601.230725563650dc06d007e0000c44d17cc01d0cd67f25bccc0C:\Users\Administrator\Downloads\avira_de_av_55be86d43bd7c__ws.exeC:\Windows\syswow64\KERNELBASE.dll3075d6ed-395b-11e5-bb8c-d8cb8a1fbf3c

Error: (08/02/2015 11:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avira_de_av_55be86d43bd7c__ws.exe1.1.42.1041555951de0KERNELBASE.dll6.1.7601.230725563650dc06d007e0000c44dac001d0cd67792b910aC:\Users\Administrator\Downloads\avira_de_av_55be86d43bd7c__ws.exeC:\Windows\syswow64\KERNELBASE.dllb80ecfbf-395a-11e5-bb8c-d8cb8a1fbf3c

Error: (08/02/2015 08:38:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.Systray.exe1.1.42.1041555951d10unknown0.0.0.000000000c00000087745beb7f1c01d0cd525506c0bcC:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeunknowna4aa6033-3945-11e5-b8cf-d8cb8a1fbf3c

Error: (08/02/2015 08:29:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.Systray.exe1.1.42.1041555951d10unknown0.0.0.000000000c000000876f0beb7f8001d0cd51205c51f5C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeunknown7082db3b-3944-11e5-847d-d8cb8a1fbf3c

Error: (08/02/2015 08:22:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.Systray.exe1.1.42.1041555951d10unknown0.0.0.000000000c0000008771dbeb7eb401d0cd502574a95aC:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeunknown762d0233-3943-11e5-bbdf-d8cb8a1fbf3c

Error: (08/02/2015 08:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.Systray.exe1.1.42.1041555951d10unknown0.0.0.000000000c000000876f6beb7ed001d0cd186e583f23C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exeunknown8c8540dc-3942-11e5-b8f0-d8cb8a1fbf3c

Error: (07/05/2015 08:58:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/05/2015 08:58:09 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/05/2015 08:58:09 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


==================== Speicherinformationen =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8119.98 MB
Available physical RAM: 6075.98 MB
Total Virtual: 16238.15 MB
Available Virtual: 13999 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:30.67 GB) NTFS
Drive d: (Disk_1) (CDROM) (Total:7.91 GB) (Free:0 GB) UDF
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive f: (Volume) (Fixed) (Total:931.41 GB) (Free:874.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3CE7B461)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3CE7B479)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Ende von log ============================
         

Alt 03.08.2015, 06:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 03.08.2015, 11:15   #3
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



So hier MBAR HAT WAS GEFUNDEN :
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.08.03.02
  rootkit: v2015.07.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
Administrator :: OLEG [administrator]

03.08.2015 11:58:02
mbar-log-2015-08-03 (11-58-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 353214
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 10
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 1684 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 1788 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 2464 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 4372 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 4388 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 4856 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 4928 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 4368 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 1548 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> 5208 -> Delete on reboot. [ffffffffffffffffffffffffffffffff]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 66
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AvastSvc.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AvastUI.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avast_free_antivirus_setup.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgidsagent.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Avira.Systray.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avp.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bdagent.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\egui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\instup.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wsctool.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AvastSvc.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AvastUI.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avast_free_antivirus_setup.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgidsagent.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Avira.Systray.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avp.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bdagent.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\egui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\instup.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wsctool.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]

Registry Values Detected: 66
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WinDL (Heuristics.Shuriken) -> Data: "C:\ProgramData\208992\dl64.exe" -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKU\S-1-5-21-2191931038-3256374100-2060679559-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WinDL (Heuristics.Shuriken) -> Data: "C:\ProgramData\208992\dl64.exe" -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WinDL (Heuristics.Shuriken) -> Data: "C:\ProgramData\208992\dl64.exe" -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [cca229dbe5a678be3acb904858ab28d8]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [6a0452b2dab164d266a1756380831ee2]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [e18d758f4f3ca88efc0dbf1960a38d73]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [fe70ae56dbb0cb6b6d9ff7e113f04eb2]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGCSRVX.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [3737976d711a79bdbf5f56823cc77c84]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [78f6e12384070531b64764f3748f48b8]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [eb832fd5ee9d68ceed3abb1d7a89bb45]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSX.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [b7b7a55f860569cd45e48e4aef148977]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [e18d47bda6e5c2747ab9cf09976ce917]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGWDSVC.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [006e5ca84d3e51e5d66308d0a360629e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [afbf17eda1eafc3a074eeeeaeb18d030]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [6fffc73df09b95a122698553689ba25e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [5e10cc38f09ba09610d2700d0ef60cf4]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [492510f4701b6dc940ce4297b64d3ec2]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [74fa07fd98f3fb3b0a62bc1d42c13bc5]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [541af4105635d462c43cdefca2610ef2]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [fb7328dc90fb49ed11ed273042c13dc3]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [432b7a8afc8f3006dd047ffe16ee18e8]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAM.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [501eba4ad7b474c2e4f7e0fa17ecfb05]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMGUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [600eca3ac2c97cba76f903823ac931cf]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMPT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [e88658ac1d6e1a1c2f4cb0d58a7ac33d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [84ea9371b0db82b4edf8e97324dfbf41]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSERVICE.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [bfaf8282dab13cfa6b712eacc83b40c0]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [5816b054cfbc3cfa997f6a71699acf31]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [303e9b69414a181e9a909546bb48f010]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [92dcdd27aae10b2b024107d4b2514db3]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [6905c440bdcec76f9d2a1dbf8b78cd33]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [a3cb8084bdceaf87e5313725857fe11f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [7bf351b3107bff37f1f2d6a7e91b2fd1]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCTOOL.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [036b27dd5239d95dd6a237a7f90abe42]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [066813f1c2c986b0762208d6758eb848]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [e688ed17ccbfe45254b129af38cb9868]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [a5c96d978209a78f67a0984042c1ba46]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [313de51fb1dab6806a9f27b1e51eee12]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [82ec729207846fc728e46f69de258b75]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGCSRVX.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [412d03012f5cf93dea347c5c5ba8738d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [ed8126de45462a0c75882b2c6f94669a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [b0be8c785f2c94a2ca5d8e4adf2414ec]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSX.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [7df17094c5c63df96ebbf5e37c879e62]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [442ad92b7f0cf83e75be5f797d866c94]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGWDSVC.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [d599cf35b8d3f541b1888157ea19af51]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [eb830ff5731874c23b1abc1cd82bbc44]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [4e205ca8c5c63ef8c1ca35a3689b0af6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [7ef03cc84f3c59dd4999d3aab74dbd43]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [e38bc2424d3ed660eb23f6e373902ed2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [de9055afb2d9d165da928356966df40c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [78f6bd47771478be837d75650af9ac54]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [e5892ada0f7c50e6be4099be9073ce32]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [73fb9c6866251d19b9287409b252e61a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAM.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [bfaf08fcd3b8f93d409beded24dfbf41]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMGUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [ea8415ef226952e43d327510df2429d7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMPT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [036b59abe4a738fe0c6fd0b54bb92dd3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [f777e222850604327174f6666d96f10f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSERVICE.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [640ae61e2962d66018c44694fc0714ec]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [48263aca9fecc175b16739a20003916f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [dc92ce363f4cc96dc86235a609fa7090]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [d8968f752b6046f0b0931bc06a99b24e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [5d113ec68b0039fdeed93ca00ef546ba]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [a9c5f80cbbd060d65cbab4a852b2bc44]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [94daf410800b50e623c083fad430768a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCTOOL.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [b9b526de1f6c0b2bf58339a5eb184db3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE|Debugger (Security.Hijack) -> Data: C:\ProgramData\208992\dl64.exe -> Delete on reboot. [a4ca12f28902d0665444a13db74c0ff1]
HKU\S-1-5-21-2191931038-3256374100-2060679559-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Hijack.Shell) -> Data: explorer.exe,"C:\ProgramData\208992\dl64.exe" -> Delete on reboot. [b1bd986c642757df13636537e61e5da3]

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientsvr.exe") Good: (userinit.exe) -> Replace on reboot. [db936a9a018aa88e11ab1d2a25e00df3]

Folders Detected: 3
C:\Users\Administrator\AppData\Roaming\Imminent\Logs (Stolen.Data) -> Delete on reboot. [d29c9470a7e4d95d9824222342c1e41c]
C:\Users\Administrator\AppData\Roaming\ESILlzCwXBS (Backdoor.Agent.PDLGen) -> Delete on reboot. [204e06fecbc047efff2a06010003e719]
C:\Users\Administrator\AppData\Roaming\VSILlzCwXBSr (Backdoor.Agent.PDLGen) -> Delete on reboot. [5c121de7840752e442e717f0689bff01]

Files Detected: 11
C:\ProgramData\208992\dl64.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\Users\Administrator\AppData\Roaming\39932661720964.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\Windows\SysWOW64\clientsvr.exe (Heuristics.Shuriken) -> Delete on reboot. [ffffffffffffffffffffffffffffffff]
C:\Users\Administrator\Desktop\Alle Ordner\Games\Windows Loader 2.2.2\Windows Loader.exe (Hacktool.Agent) -> Delete on reboot. [d29c13f13a51bd79241f3dd531d0936d]
C:\Users\Administrator\AppData\Roaming\Imminent\Logs\02-08-2015 (Stolen.Data) -> Delete on reboot. [d29c9470a7e4d95d9824222342c1e41c]
C:\Users\Administrator\AppData\Roaming\Imminent\Path.dat (Malware.Trace.E) -> Delete on reboot. [9cd2a1631c6f77bfdbe24500f90abf41]
C:\Users\Administrator\AppData\Roaming\262361265626012.exe (Trojan.Agent) -> Delete on reboot. [f07e50b41279b97da8a9f883c73c6898]
C:\Users\Administrator\AppData\Roaming\317871066123431.exe (Trojan.Agent) -> Delete on reboot. [4a24956f3754c47260f1d1aaea1907f9]
C:\Users\Administrator\AppData\Roaming\837264939096.exe (Trojan.Agent) -> Delete on reboot. [ea846a9a2962b58157fa92e95ea57a86]
C:\Users\Administrator\AppData\Roaming\858768467368.exe (Trojan.Agent) -> Delete on reboot. [660810f4622972c4460bcfac9370c43c]
C:\Users\Administrator\AppData\Roaming\VSILlzCwXBSr\oQ1Vb72t6bI.exe (Backdoor.Agent.PDLGen) -> Delete on reboot. [5c121de7840752e442e717f0689bff01]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 03.08.2015, 11:16   #4
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



UND TBS NICHTS :

Code:
ATTFilter
12:00:16.0888 0x07a8  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
12:00:40.0192 0x07a8  ============================================================
12:00:40.0192 0x07a8  Current date / time: 2015/08/03 12:00:40.0192
12:00:40.0192 0x07a8  SystemInfo:
12:00:40.0192 0x07a8  
12:00:40.0192 0x07a8  OS Version: 6.1.7601 ServicePack: 1.0
12:00:40.0192 0x07a8  Product type: Workstation
12:00:40.0192 0x07a8  ComputerName: OLEG
12:00:40.0192 0x07a8  UserName: Administrator
12:00:40.0192 0x07a8  Windows directory: C:\Windows
12:00:40.0192 0x07a8  System windows directory: C:\Windows
12:00:40.0192 0x07a8  Running under WOW64
12:00:40.0192 0x07a8  Processor architecture: Intel x64
12:00:40.0192 0x07a8  Number of processors: 8
12:00:40.0192 0x07a8  Page size: 0x1000
12:00:40.0192 0x07a8  Boot type: Normal boot
12:00:40.0192 0x07a8  ============================================================
12:00:40.0380 0x07a8  KLMD registered as C:\Windows\system32\drivers\80526084.sys
12:00:40.0411 0x07a8  System UUID: {F252F1D8-665D-39D5-D577-E87ADEC8F508}
12:00:40.0614 0x07a8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:40.0629 0x07a8  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:40.0629 0x07a8  ============================================================
12:00:40.0629 0x07a8  \Device\Harddisk1\DR1:
12:00:40.0629 0x07a8  MBR partitions:
12:00:40.0629 0x07a8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:00:40.0629 0x07a8  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
12:00:40.0629 0x07a8  \Device\Harddisk0\DR0:
12:00:40.0629 0x07a8  MBR partitions:
12:00:40.0629 0x07a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
12:00:40.0629 0x07a8  ============================================================
12:00:40.0629 0x07a8  C: <-> \Device\Harddisk0\DR0\Partition1
12:00:40.0629 0x07a8  E: <-> \Device\Harddisk1\DR1\Partition1
12:00:40.0660 0x07a8  F: <-> \Device\Harddisk1\DR1\Partition2
12:00:40.0660 0x07a8  ============================================================
12:00:40.0660 0x07a8  Initialize success
12:00:40.0660 0x07a8  ============================================================
12:01:19.0311 0x098c  Deinitialize success
         
Code:
ATTFilter
12:09:31.0517 0x10c0  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
12:09:33.0548 0x10c0  ============================================================
12:09:33.0548 0x10c0  Current date / time: 2015/08/03 12:09:33.0548
12:09:33.0548 0x10c0  SystemInfo:
12:09:33.0548 0x10c0  
12:09:33.0548 0x10c0  OS Version: 6.1.7601 ServicePack: 1.0
12:09:33.0548 0x10c0  Product type: Workstation
12:09:33.0548 0x10c0  ComputerName: OLEG
12:09:33.0548 0x10c0  UserName: Administrator
12:09:33.0548 0x10c0  Windows directory: C:\Windows
12:09:33.0548 0x10c0  System windows directory: C:\Windows
12:09:33.0548 0x10c0  Running under WOW64
12:09:33.0548 0x10c0  Processor architecture: Intel x64
12:09:33.0548 0x10c0  Number of processors: 8
12:09:33.0548 0x10c0  Page size: 0x1000
12:09:33.0548 0x10c0  Boot type: Normal boot
12:09:33.0548 0x10c0  ============================================================
12:09:33.0783 0x10c0  KLMD registered as C:\Windows\system32\drivers\51349854.sys
12:09:33.0833 0x10c0  System UUID: {F252F1D8-665D-39D5-D577-E87ADEC8F508}
12:09:34.0026 0x10c0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:34.0026 0x10c0  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:34.0036 0x10c0  ============================================================
12:09:34.0036 0x10c0  \Device\Harddisk1\DR1:
12:09:34.0036 0x10c0  MBR partitions:
12:09:34.0036 0x10c0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:09:34.0036 0x10c0  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
12:09:34.0036 0x10c0  \Device\Harddisk0\DR0:
12:09:34.0036 0x10c0  MBR partitions:
12:09:34.0036 0x10c0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
12:09:34.0036 0x10c0  ============================================================
12:09:34.0036 0x10c0  C: <-> \Device\Harddisk0\DR0\Partition1
12:09:34.0036 0x10c0  E: <-> \Device\Harddisk1\DR1\Partition1
12:09:34.0056 0x10c0  F: <-> \Device\Harddisk1\DR1\Partition2
12:09:34.0056 0x10c0  ============================================================
12:09:34.0056 0x10c0  Initialize success
12:09:34.0056 0x10c0  ============================================================
12:09:38.0733 0x0994  ============================================================
12:09:38.0733 0x0994  Scan started
12:09:38.0733 0x0994  Mode: Manual; SigCheck; TDLFS; 
12:09:38.0733 0x0994  ============================================================
12:09:38.0733 0x0994  KSN ping started
12:10:04.0266 0x0994  KSN ping finished: true
12:10:04.0966 0x0994  ================ Scan system memory ========================
12:10:04.0966 0x0994  System memory - ok
12:10:04.0966 0x0994  ================ Scan services =============================
12:10:04.0986 0x0994  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:10:05.0016 0x0994  1394ohci - ok
12:10:05.0026 0x0994  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:10:05.0036 0x0994  ACPI - ok
12:10:05.0036 0x0994  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:10:05.0056 0x0994  AcpiPmi - ok
12:10:05.0056 0x0994  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:10:05.0076 0x0994  adp94xx - ok
12:10:05.0076 0x0994  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:10:05.0086 0x0994  adpahci - ok
12:10:05.0096 0x0994  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:10:05.0096 0x0994  adpu320 - ok
12:10:05.0106 0x0994  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:10:05.0106 0x0994  AeLookupSvc - ok
12:10:05.0116 0x0994  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:10:05.0136 0x0994  AFD - ok
12:10:05.0136 0x0994  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:10:05.0146 0x0994  agp440 - ok
12:10:05.0146 0x0994  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:10:05.0156 0x0994  ALG - ok
12:10:05.0156 0x0994  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:10:05.0166 0x0994  aliide - ok
12:10:05.0166 0x0994  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:10:05.0186 0x0994  AMD External Events Utility - ok
12:10:05.0186 0x0994  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:10:05.0186 0x0994  amdide - ok
12:10:05.0196 0x0994  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:10:05.0196 0x0994  AmdK8 - ok
12:10:05.0466 0x0994  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:10:05.0756 0x0994  amdkmdag - ok
12:10:05.0776 0x0994  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:10:05.0796 0x0994  amdkmdap - ok
12:10:05.0796 0x0994  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:10:05.0806 0x0994  AmdPPM - ok
12:10:05.0806 0x0994  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:10:05.0816 0x0994  amdsata - ok
12:10:05.0816 0x0994  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:10:05.0826 0x0994  amdsbs - ok
12:10:05.0826 0x0994  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:10:05.0836 0x0994  amdxata - ok
12:10:05.0846 0x0994  [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
12:10:05.0886 0x0994  AntiVirMailService - ok
12:10:05.0896 0x0994  [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
12:10:05.0906 0x0994  AntiVirSchedulerService - ok
12:10:05.0906 0x0994  [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
12:10:05.0926 0x0994  AntiVirService - ok
12:10:05.0936 0x0994  [ F857D22CEC14854D310C5596C8CE6006, 67448C506D3171D327A6CE3952E41BDC65587FEB45F510160A1DAFCA9491711E ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
12:10:05.0966 0x0994  AntiVirWebService - ok
12:10:05.0966 0x0994  [ FD4C75719AEB09C938E12291496FF25E, 1DB8DD5FD303F04FC5E93232BEBE7299BA29951C65B72F7FA0F9A2FC19031940 ] AppID           C:\Windows\system32\drivers\appid.sys
12:10:05.0976 0x0994  AppID - ok
12:10:05.0976 0x0994  [ 6A5B942C2B39F7FB678878E54B47E4E5, 617DED8D6933ED6D234A937E701863A6DFE33BF3818BA2DF21AFF595659E1CEE ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:10:05.0986 0x0994  AppIDSvc - ok
12:10:05.0986 0x0994  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
12:10:05.0996 0x0994  Appinfo - ok
12:10:05.0996 0x0994  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:10:06.0006 0x0994  arc - ok
12:10:06.0006 0x0994  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:10:06.0016 0x0994  arcsas - ok
12:10:06.0016 0x0994  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:10:06.0026 0x0994  aspnet_state - ok
12:10:06.0026 0x0994  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:06.0056 0x0994  AsyncMac - ok
12:10:06.0066 0x0994  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:10:06.0066 0x0994  atapi - ok
12:10:06.0076 0x0994  [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:10:06.0076 0x0994  AtiHDAudioService - ok
12:10:06.0096 0x0994  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:10:06.0106 0x0994  AudioEndpointBuilder - ok
12:10:06.0116 0x0994  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:10:06.0136 0x0994  AudioSrv - ok
12:10:06.0136 0x0994  [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:10:06.0146 0x0994  avgntflt - ok
12:10:06.0146 0x0994  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:10:06.0156 0x0994  avipbb - ok
12:10:06.0166 0x0994  [ 4B3DBF1CEBE1B2346BF2F8D2251F641A, CDC5BCA35BE658007E29E94E7FBFAA499B50929E738A12904397D16268C6FBAE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
12:10:06.0166 0x0994  Suspicious file ( NoAccess ): C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe. md5: 4B3DBF1CEBE1B2346BF2F8D2251F641A, sha256: CDC5BCA35BE658007E29E94E7FBFAA499B50929E738A12904397D16268C6FBAE
12:10:06.0166 0x0994  Avira.ServiceHost - detected LockedFile.Multi.Generic ( 1 )
12:10:08.0722 0x0994  Detect skipped due to KSN trusted
12:10:08.0722 0x0994  Avira.ServiceHost - ok
12:10:08.0732 0x0994  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:10:08.0752 0x0994  avkmgr - ok
12:10:08.0752 0x0994  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
12:10:08.0762 0x0994  avnetflt - ok
12:10:08.0772 0x0994  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:10:08.0792 0x0994  AxInstSV - ok
12:10:08.0802 0x0994  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:10:08.0812 0x0994  b06bdrv - ok
12:10:08.0822 0x0994  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:10:08.0832 0x0994  b57nd60a - ok
12:10:08.0832 0x0994  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:10:08.0842 0x0994  BDESVC - ok
12:10:08.0842 0x0994  BEDaisy - ok
12:10:08.0842 0x0994  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:10:08.0862 0x0994  Beep - ok
12:10:08.0882 0x0994  [ 2EE42E7539BBF4252F7F47B288E61CEA, 2113A7C825AE2D222FD80D092BAA254AB3EFA8A2F58EC8325837A6BC611BC715 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
12:10:08.0901 0x0994  BEService - ok
12:10:08.0911 0x0994  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:10:08.0931 0x0994  BFE - ok
12:10:08.0950 0x0994  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:10:08.0992 0x0994  BITS - ok
12:10:08.0992 0x0994  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:10:09.0002 0x0994  blbdrive - ok
12:10:09.0002 0x0994  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:10:09.0012 0x0994  bowser - ok
12:10:09.0012 0x0994  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:10:09.0022 0x0994  BrFiltLo - ok
12:10:09.0022 0x0994  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:10:09.0032 0x0994  BrFiltUp - ok
12:10:09.0032 0x0994  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:10:09.0042 0x0994  Browser - ok
12:10:09.0052 0x0994  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:10:09.0062 0x0994  Brserid - ok
12:10:09.0062 0x0994  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:10:09.0072 0x0994  BrSerWdm - ok
12:10:09.0072 0x0994  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:10:09.0082 0x0994  BrUsbMdm - ok
12:10:09.0082 0x0994  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:10:09.0082 0x0994  BrUsbSer - ok
12:10:09.0092 0x0994  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:10:09.0092 0x0994  BTHMODEM - ok
12:10:09.0102 0x0994  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:10:09.0122 0x0994  bthserv - ok
12:10:09.0122 0x0994  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:10:09.0142 0x0994  cdfs - ok
12:10:09.0142 0x0994  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:10:09.0152 0x0994  cdrom - ok
12:10:09.0152 0x0994  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:10:09.0172 0x0994  CertPropSvc - ok
12:10:09.0172 0x0994  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:10:09.0182 0x0994  circlass - ok
12:10:09.0192 0x0994  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:10:09.0202 0x0994  CLFS - ok
12:10:09.0202 0x0994  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:09.0212 0x0994  clr_optimization_v2.0.50727_32 - ok
12:10:09.0212 0x0994  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:10:09.0222 0x0994  clr_optimization_v2.0.50727_64 - ok
12:10:09.0222 0x0994  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:09.0232 0x0994  clr_optimization_v4.0.30319_32 - ok
12:10:09.0232 0x0994  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:10:09.0242 0x0994  clr_optimization_v4.0.30319_64 - ok
12:10:09.0242 0x0994  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:10:09.0252 0x0994  CmBatt - ok
12:10:09.0252 0x0994  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:10:09.0262 0x0994  cmdide - ok
12:10:09.0262 0x0994  [ 4566E7FEA8C966648DFC34FE9953653E, CEFF85D84529F8EFE119ECC8E521B854A4A30F30F4212B30AE8B577F41682576 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:10:09.0282 0x0994  CNG - ok
12:10:09.0282 0x0994  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:10:09.0292 0x0994  Compbatt - ok
12:10:09.0292 0x0994  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:10:09.0302 0x0994  CompositeBus - ok
12:10:09.0302 0x0994  COMSysApp - ok
12:10:09.0302 0x0994  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:10:09.0312 0x0994  crcdisk - ok
12:10:09.0312 0x0994  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:10:09.0322 0x0994  CryptSvc - ok
12:10:09.0332 0x0994  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:10:09.0362 0x0994  DcomLaunch - ok
12:10:09.0362 0x0994  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:10:09.0382 0x0994  defragsvc - ok
12:10:09.0392 0x0994  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:10:09.0412 0x0994  DfsC - ok
12:10:09.0412 0x0994  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:10:09.0422 0x0994  dg_ssudbus - ok
12:10:09.0422 0x0994  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:10:09.0432 0x0994  Dhcp - ok
12:10:09.0452 0x0994  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:10:09.0482 0x0994  DiagTrack - ok
12:10:09.0482 0x0994  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:10:09.0502 0x0994  discache - ok
12:10:09.0502 0x0994  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:10:09.0512 0x0994  Disk - ok
12:10:09.0512 0x0994  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:10:09.0522 0x0994  Dnscache - ok
12:10:09.0532 0x0994  [ A5E97B8E11AC35F2C5DAF85FF95B1E52, E054BB8F75465173E227C8AADA39DCE724F892755DFCFCC6E005BA999BAC6C35 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:10:09.0542 0x0994  dot3svc - ok
12:10:09.0542 0x0994  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:10:09.0562 0x0994  DPS - ok
12:10:09.0562 0x0994  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:10:09.0572 0x0994  drmkaud - ok
12:10:09.0582 0x0994  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:10:09.0602 0x0994  DXGKrnl - ok
12:10:09.0612 0x0994  EagleX64 - ok
12:10:09.0612 0x0994  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:10:09.0632 0x0994  EapHost - ok
12:10:09.0672 0x0994  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:10:09.0732 0x0994  ebdrv - ok
12:10:09.0732 0x0994  [ 5F8423E7FDA0EB902C6D156F6121E094, DFAAD493E41A1545258FF6B4F64C32852B2E58D9E709921B5812DE75C6BD3745 ] EFS             C:\Windows\System32\lsass.exe
12:10:09.0742 0x0994  EFS - ok
12:10:09.0752 0x0994  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:10:09.0772 0x0994  ehRecvr - ok
12:10:09.0772 0x0994  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:10:09.0782 0x0994  ehSched - ok
12:10:09.0792 0x0994  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:10:09.0802 0x0994  elxstor - ok
12:10:09.0802 0x0994  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:10:09.0812 0x0994  ErrDev - ok
12:10:09.0822 0x0994  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:10:09.0842 0x0994  EventSystem - ok
12:10:09.0852 0x0994  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:10:09.0872 0x0994  exfat - ok
12:10:09.0872 0x0994  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:10:09.0892 0x0994  fastfat - ok
12:10:09.0902 0x0994  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:10:09.0922 0x0994  Fax - ok
12:10:09.0922 0x0994  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:10:09.0932 0x0994  fdc - ok
12:10:09.0932 0x0994  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:10:09.0952 0x0994  fdPHost - ok
12:10:09.0952 0x0994  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:10:09.0972 0x0994  FDResPub - ok
12:10:09.0972 0x0994  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:10:09.0982 0x0994  FileInfo - ok
12:10:09.0982 0x0994  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:10:10.0002 0x0994  Filetrace - ok
12:10:10.0002 0x0994  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:10:10.0002 0x0994  flpydisk - ok
12:10:10.0012 0x0994  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:10:10.0022 0x0994  FltMgr - ok
12:10:10.0042 0x0994  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
12:10:10.0062 0x0994  FontCache - ok
12:10:10.0072 0x0994  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:10:10.0072 0x0994  FontCache3.0.0.0 - ok
12:10:10.0072 0x0994  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:10:10.0082 0x0994  FsDepends - ok
12:10:10.0082 0x0994  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:10:10.0082 0x0994  Fs_Rec - ok
12:10:10.0092 0x0994  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:10:10.0102 0x0994  fvevol - ok
12:10:10.0102 0x0994  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:10:10.0112 0x0994  gagp30kx - ok
12:10:10.0122 0x0994  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:10:10.0152 0x0994  gpsvc - ok
12:10:10.0152 0x0994  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:10:10.0162 0x0994  gupdate - ok
12:10:10.0162 0x0994  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:10:10.0172 0x0994  gupdatem - ok
12:10:10.0172 0x0994  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:10:10.0172 0x0994  hamachi - ok
12:10:10.0212 0x0994  [ 3FF6FCC221F5128BE77B13BF523F2614, CAB9E7CDEA2EF36E986F2B690C1F19084B30E7F2C28E22A87BA9DBECDAD31F96 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:10:10.0252 0x0994  Hamachi2Svc - ok
12:10:10.0252 0x0994  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:10:10.0262 0x0994  hcw85cir - ok
12:10:10.0272 0x0994  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:10.0282 0x0994  HdAudAddService - ok
12:10:10.0282 0x0994  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:10:10.0292 0x0994  HDAudBus - ok
12:10:10.0292 0x0994  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:10:10.0302 0x0994  HidBatt - ok
12:10:10.0312 0x0994  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:10:10.0312 0x0994  HidBth - ok
12:10:10.0322 0x0994  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:10:10.0322 0x0994  HidIr - ok
12:10:10.0332 0x0994  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:10:10.0352 0x0994  hidserv - ok
12:10:10.0352 0x0994  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:10:10.0352 0x0994  HidUsb - ok
12:10:10.0362 0x0994  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:10:10.0382 0x0994  hkmsvc - ok
12:10:10.0382 0x0994  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:10:10.0392 0x0994  HomeGroupListener - ok
12:10:10.0402 0x0994  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:10:10.0402 0x0994  HomeGroupProvider - ok
12:10:10.0412 0x0994  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:10:10.0412 0x0994  HpSAMD - ok
12:10:10.0432 0x0994  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:10:10.0442 0x0994  HTTP - ok
12:10:10.0452 0x0994  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:10:10.0452 0x0994  hwpolicy - ok
12:10:10.0452 0x0994  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:10:10.0462 0x0994  i8042prt - ok
12:10:10.0472 0x0994  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:10:10.0482 0x0994  iaStorV - ok
12:10:10.0502 0x0994  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:10:10.0512 0x0994  idsvc - ok
12:10:10.0522 0x0994  IEEtwCollectorService - ok
12:10:10.0522 0x0994  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:10:10.0522 0x0994  iirsp - ok
12:10:10.0532 0x0994  [ FF604BCE2537A4734DA0CE19AD9B7B7A, E40E87961F46B374122ED2B06E79C575FCFA4D29F95763ADC7E88270D064AFE8 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
12:10:10.0532 0x0994  ikbevent - ok
12:10:10.0542 0x0994  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:10:10.0572 0x0994  IKEEXT - ok
12:10:10.0572 0x0994  [ 298E67827BE3C4403C32EAB66987A334, BE7D95E2BB0D6D60B40966305D0354CA93F773FD2FA2727F1076DC8E162D5EB1 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
12:10:10.0572 0x0994  imsevent - ok
12:10:10.0582 0x0994  [ 0BBE196EED750C18E5D4B3CB55EB097C, 6A67BF6CD9BBC77034AD1BBDE6FD1DE78440825E317DB7C517BD4D773FEBDA39 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
12:10:10.0582 0x0994  INETMON - ok
12:10:10.0644 0x0994  [ CC2521C1BE66E922196431B77F765178, 07106F575F715F761E01D3788053CBA6E53DD8390CE79BD4F6FC2BCDDC34C982 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:10:10.0711 0x0994  IntcAzAudAddService - ok
12:10:10.0730 0x0994  [ 9A6DEB5DDF7E29728F6FEA5092AFA3F2, 21C47A0490EBA302657EF30C560E4AF83777685FFE126DCCAC310163C47401D1 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
12:10:10.0749 0x0994  Intel(R) Capability Licensing Service TCP IP Interface - ok
12:10:10.0752 0x0994  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:10:10.0757 0x0994  intelide - ok
12:10:10.0759 0x0994  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:10:10.0766 0x0994  intelppm - ok
12:10:10.0769 0x0994  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:10:10.0788 0x0994  IPBusEnum - ok
12:10:10.0788 0x0994  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:10.0808 0x0994  IpFilterDriver - ok
12:10:10.0818 0x0994  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:10:10.0828 0x0994  iphlpsvc - ok
12:10:10.0838 0x0994  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:10:10.0838 0x0994  IPMIDRV - ok
12:10:10.0848 0x0994  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:10:10.0868 0x0994  IPNAT - ok
12:10:10.0868 0x0994  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:10:10.0878 0x0994  IRENUM - ok
12:10:10.0878 0x0994  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:10:10.0888 0x0994  isapnp - ok
12:10:10.0888 0x0994  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:10:10.0898 0x0994  iScsiPrt - ok
12:10:10.0908 0x0994  [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT            C:\Windows\system32\DRIVERS\ISCTD.sys
12:10:10.0908 0x0994  ISCT - ok
12:10:10.0918 0x0994  [ 796A8DFCB3609C61E6AD43E551F55D9A, 20A0FF8E72238DAC64A65DEEAA84BD8D7AD45249FC87DEA11B715D0CD0DBDCBC ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
12:10:10.0918 0x0994  ISCTAgent - ok
12:10:10.0928 0x0994  [ 61662AFF4AF0413F461F2780167703AE, 55CCBA4F09581871B3EB81A40A3FB59013AD988CEED109E18C58609AD469117A ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
12:10:10.0928 0x0994  iusb3hcs - ok
12:10:10.0938 0x0994  [ 923030D5F4B1C801AE5219551F7B490B, C00D9CCE8D04FEFA9391725F79BBD77F03ED3E3DB53E02E80ABC008B2F179043 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
12:10:10.0948 0x0994  iusb3hub - ok
12:10:10.0958 0x0994  [ 234E2245AF65CFC021874F64C40E206B, 4254180327F7B58AAE1A158DADE53A06C02139F6CDD2A657E5E9B2868B96F806 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
12:10:10.0978 0x0994  iusb3xhc - ok
12:10:10.0988 0x0994  [ 9BF27BE5D9F87E556BF4269025703E4D, A4BF5514BD6FFA9FEA5AF4DCCCB92DEB93261731A4B5814177D2680883D0C09A ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:10:10.0988 0x0994  jhi_service - ok
12:10:10.0988 0x0994  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:10:10.0998 0x0994  kbdclass - ok
12:10:10.0998 0x0994  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:10:11.0008 0x0994  kbdhid - ok
12:10:11.0008 0x0994  [ 5F8423E7FDA0EB902C6D156F6121E094, DFAAD493E41A1545258FF6B4F64C32852B2E58D9E709921B5812DE75C6BD3745 ] KeyIso          C:\Windows\system32\lsass.exe
12:10:11.0018 0x0994  KeyIso - ok
12:10:11.0018 0x0994  [ C3F8DB19AD0513CD8DA02CE4317AE205, 248468D1BC359455681E1D0D223CF57CA0A9A3359C54D3DDB4134E4EC7C53914 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:10:11.0028 0x0994  KSecDD - ok
12:10:11.0028 0x0994  [ 2E87D22C2F33ACD245679DD4D0332831, 4ED6C9DA23EB84A60CF04DCFA72500358A2D10C4CCFB22D45790EE2D01C4EF48 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:10:11.0038 0x0994  KSecPkg - ok
12:10:11.0038 0x0994  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:10:11.0058 0x0994  ksthunk - ok
12:10:11.0058 0x0994  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:10:11.0088 0x0994  KtmRm - ok
12:10:11.0088 0x0994  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:10:11.0108 0x0994  LanmanServer - ok
12:10:11.0118 0x0994  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:10:11.0138 0x0994  LanmanWorkstation - ok
12:10:11.0138 0x0994  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:10:11.0158 0x0994  lltdio - ok
12:10:11.0168 0x0994  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:10:11.0188 0x0994  lltdsvc - ok
12:10:11.0188 0x0994  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:10:11.0212 0x0994  lmhosts - ok
12:10:11.0220 0x0994  [ D6BF6FD055BD719F3D62E51B90857159, A7777D18E404164B4DA531AD94D2A712D9CC6A9288795B7388037752A558E96F ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
12:10:11.0229 0x0994  LMIGuardianSvc - ok
12:10:11.0238 0x0994  [ E4267604E975EF4BBB1A39A1B4F5B3CB, 4FC4D213A209F96893819EC7971BEA9651BAF4BF999304FB20556ACF98ADBB9C ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:10:11.0247 0x0994  LMS - ok
12:10:11.0252 0x0994  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:10:11.0259 0x0994  LSI_FC - ok
12:10:11.0262 0x0994  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:10:11.0269 0x0994  LSI_SAS - ok
12:10:11.0272 0x0994  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:10:11.0278 0x0994  LSI_SAS2 - ok
12:10:11.0282 0x0994  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:10:11.0289 0x0994  LSI_SCSI - ok
12:10:11.0292 0x0994  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:10:11.0313 0x0994  luafv - ok
12:10:11.0316 0x0994  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:10:11.0324 0x0994  Mcx2Svc - ok
12:10:11.0327 0x0994  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:10:11.0332 0x0994  megasas - ok
12:10:11.0338 0x0994  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:10:11.0339 0x0994  MegaSR - ok
12:10:11.0351 0x0994  [ A37A2ED3321A7A7BC85FA05221051A7F, 32E75126F3480DC59C480D821A717E5AC2639912D515693557EBF999B7DB0B10 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
12:10:11.0358 0x0994  MEIx64 - ok
12:10:11.0361 0x0994  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:10:11.0381 0x0994  MMCSS - ok
12:10:11.0383 0x0994  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:10:11.0402 0x0994  Modem - ok
12:10:11.0404 0x0994  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:10:11.0412 0x0994  monitor - ok
12:10:11.0414 0x0994  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:10:11.0421 0x0994  mouclass - ok
12:10:11.0423 0x0994  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:10:11.0430 0x0994  mouhid - ok
12:10:11.0434 0x0994  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:10:11.0440 0x0994  mountmgr - ok
12:10:11.0445 0x0994  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:10:11.0453 0x0994  mpio - ok
12:10:11.0456 0x0994  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:10:11.0473 0x0994  mpsdrv - ok
12:10:11.0483 0x0994  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:10:11.0518 0x0994  MpsSvc - ok
12:10:11.0523 0x0994  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:10:11.0532 0x0994  MRxDAV - ok
12:10:11.0536 0x0994  [ E9DD0E8829567362C1051E0905174DDE, DF6C53DF697AD0E3FE540F713583CC5097D0A161E6851AAB36FAFF88B9900ACE ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:11.0545 0x0994  mrxsmb - ok
12:10:11.0552 0x0994  [ 53AED80EDC6949A55EFC68DDFE85ACFD, 70D301FB34A0434B1580C8CB32BFA1F09EFA3F8BD0DC17CB50D6DF0D02A95D94 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:11.0564 0x0994  mrxsmb10 - ok
12:10:11.0568 0x0994  [ 56EDB4E0EF919D89B34DE0140B409FB1, 7C98D3E736690F1052157C5FE14BB9225C75D4386F6736846C559F682DB1BD04 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:11.0575 0x0994  mrxsmb20 - ok
12:10:11.0577 0x0994  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:10:11.0583 0x0994  msahci - ok
12:10:11.0583 0x0994  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:10:11.0593 0x0994  msdsm - ok
12:10:11.0593 0x0994  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:10:11.0603 0x0994  MSDTC - ok
12:10:11.0603 0x0994  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:10:11.0628 0x0994  Msfs - ok
12:10:11.0630 0x0994  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:10:11.0648 0x0994  mshidkmdf - ok
12:10:11.0650 0x0994  MSICDSetup - ok
12:10:11.0652 0x0994  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:10:11.0657 0x0994  msisadrv - ok
12:10:11.0661 0x0994  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:10:11.0673 0x0994  MSiSCSI - ok
12:10:11.0683 0x0994  msiserver - ok
12:10:11.0683 0x0994  [ 6AFCD25B843D0C731B6987E39995AE72, FD0F2E15B0CEB1E558BD8A02D59B9002706A003049678281A446BC4398862B70 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
12:10:11.0693 0x0994  MSI_SuperCharger - ok
12:10:11.0693 0x0994  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:10:11.0713 0x0994  MSKSSRV - ok
12:10:11.0713 0x0994  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:11.0733 0x0994  MSPCLOCK - ok
12:10:11.0733 0x0994  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:10:11.0753 0x0994  MSPQM - ok
12:10:11.0753 0x0994  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:10:11.0763 0x0994  MsRPC - ok
12:10:11.0773 0x0994  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:10:11.0773 0x0994  mssmbios - ok
12:10:11.0773 0x0994  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:10:11.0799 0x0994  MSTEE - ok
12:10:11.0801 0x0994  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:10:11.0808 0x0994  MTConfig - ok
12:10:11.0811 0x0994  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:10:11.0816 0x0994  Mup - ok
12:10:11.0825 0x0994  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:10:11.0847 0x0994  napagent - ok
12:10:11.0847 0x0994  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:10:11.0857 0x0994  NativeWifiP - ok
12:10:11.0877 0x0994  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:10:11.0900 0x0994  NDIS - ok
12:10:11.0903 0x0994  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:10:11.0916 0x0994  NdisCap - ok
12:10:11.0916 0x0994  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:11.0936 0x0994  NdisTapi - ok
12:10:11.0936 0x0994  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:11.0956 0x0994  Ndisuio - ok
12:10:11.0956 0x0994  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:11.0976 0x0994  NdisWan - ok
12:10:11.0976 0x0994  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:10:11.0996 0x0994  NDProxy - ok
12:10:11.0996 0x0994  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:10:12.0016 0x0994  NetBIOS - ok
12:10:12.0026 0x0994  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:10:12.0046 0x0994  NetBT - ok
12:10:12.0046 0x0994  [ 5F8423E7FDA0EB902C6D156F6121E094, DFAAD493E41A1545258FF6B4F64C32852B2E58D9E709921B5812DE75C6BD3745 ] Netlogon        C:\Windows\system32\lsass.exe
12:10:12.0046 0x0994  Netlogon - ok
12:10:12.0056 0x0994  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:10:12.0076 0x0994  Netman - ok
12:10:12.0086 0x0994  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:12.0096 0x0994  NetMsmqActivator - ok
12:10:12.0096 0x0994  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:12.0106 0x0994  NetPipeActivator - ok
12:10:12.0106 0x0994  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:10:12.0136 0x0994  netprofm - ok
12:10:12.0146 0x0994  [ F3A1D8B7317939813568992D1BFDDE37, 816829E4B8DF5C6A2B09685ED45E844D8DE2C2721C90490A2957227025D057A0 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
12:10:12.0166 0x0994  netr7364 - ok
12:10:12.0166 0x0994  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:12.0176 0x0994  NetTcpActivator - ok
12:10:12.0176 0x0994  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:12.0186 0x0994  NetTcpPortSharing - ok
12:10:12.0186 0x0994  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:10:12.0196 0x0994  nfrd960 - ok
12:10:12.0196 0x0994  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:10:12.0216 0x0994  NlaSvc - ok
12:10:12.0216 0x0994  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\Windows\system32\drivers\npf.sys
12:10:12.0216 0x0994  NPF - ok
12:10:12.0226 0x0994  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:10:12.0236 0x0994  Npfs - ok
12:10:12.0246 0x0994  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:10:12.0266 0x0994  nsi - ok
12:10:12.0266 0x0994  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:10:12.0286 0x0994  nsiproxy - ok
12:10:12.0306 0x0994  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:10:12.0336 0x0994  Ntfs - ok
12:10:12.0336 0x0994  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
12:10:12.0346 0x0994  NTIOLib_1_0_3 - ok
12:10:12.0346 0x0994  NTIOLib_1_0_C - ok
12:10:12.0346 0x0994  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:10:12.0366 0x0994  Null - ok
12:10:12.0366 0x0994  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:10:12.0376 0x0994  nvraid - ok
12:10:12.0376 0x0994  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:10:12.0386 0x0994  nvstor - ok
12:10:12.0386 0x0994  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:10:12.0396 0x0994  nv_agp - ok
12:10:12.0396 0x0994  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:10:12.0406 0x0994  ohci1394 - ok
12:10:12.0416 0x0994  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:10:12.0426 0x0994  p2pimsvc - ok
12:10:12.0426 0x0994  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:10:12.0446 0x0994  p2psvc - ok
12:10:12.0446 0x0994  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:10:12.0456 0x0994  Parport - ok
12:10:12.0456 0x0994  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:10:12.0466 0x0994  partmgr - ok
12:10:12.0466 0x0994  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:10:12.0476 0x0994  PcaSvc - ok
12:10:12.0476 0x0994  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:10:12.0486 0x0994  pci - ok
12:10:12.0486 0x0994  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:10:12.0496 0x0994  pciide - ok
12:10:12.0496 0x0994  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:10:12.0506 0x0994  pcmcia - ok
12:10:12.0506 0x0994  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:10:12.0516 0x0994  pcw - ok
12:10:12.0526 0x0994  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:10:12.0536 0x0994  PEAUTH - ok
12:10:12.0546 0x0994  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:10:12.0556 0x0994  PerfHost - ok
12:10:12.0576 0x0994  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:10:12.0616 0x0994  pla - ok
12:10:12.0626 0x0994  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:10:12.0636 0x0994  PlugPlay - ok
12:10:12.0636 0x0994  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:10:12.0646 0x0994  PNRPAutoReg - ok
12:10:12.0656 0x0994  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:10:12.0666 0x0994  PNRPsvc - ok
12:10:12.0676 0x0994  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:10:12.0696 0x0994  PolicyAgent - ok
12:10:12.0706 0x0994  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:10:12.0726 0x0994  Power - ok
12:10:12.0726 0x0994  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:10:12.0746 0x0994  PptpMiniport - ok
12:10:12.0746 0x0994  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:10:12.0756 0x0994  Processor - ok
12:10:12.0756 0x0994  [ D0891D2F5D63DAB719F005919762912C, F187C38764D01AE3FD7CF711DF8B5FE8EB455186F104D5A76FB9DD7443066352 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:10:12.0766 0x0994  ProfSvc - ok
12:10:12.0776 0x0994  [ 5F8423E7FDA0EB902C6D156F6121E094, DFAAD493E41A1545258FF6B4F64C32852B2E58D9E709921B5812DE75C6BD3745 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:12.0776 0x0994  ProtectedStorage - ok
12:10:12.0776 0x0994  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:10:12.0796 0x0994  Psched - ok
12:10:12.0826 0x0994  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:10:12.0856 0x0994  ql2300 - ok
12:10:12.0856 0x0994  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:10:12.0866 0x0994  ql40xx - ok
12:10:12.0866 0x0994  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:10:12.0876 0x0994  QWAVE - ok
12:10:12.0886 0x0994  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:10:12.0886 0x0994  QWAVEdrv - ok
12:10:12.0896 0x0994  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:10:12.0906 0x0994  RasAcd - ok
12:10:12.0916 0x0994  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:12.0926 0x0994  RasAgileVpn - ok
12:10:12.0936 0x0994  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:10:12.0956 0x0994  RasAuto - ok
12:10:12.0956 0x0994  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:12.0976 0x0994  Rasl2tp - ok
12:10:12.0976 0x0994  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:10:13.0006 0x0994  RasMan - ok
12:10:13.0006 0x0994  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:13.0026 0x0994  RasPppoe - ok
12:10:13.0026 0x0994  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:10:13.0046 0x0994  RasSstp - ok
12:10:13.0056 0x0994  [ 90F489A0A6BC302AEDCEDABFBC7952F8, 46E5065811A584209E84F2E39606EA9A355CF178BCD4D6CFFA83C2B45D740559 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:10:13.0066 0x0994  rdbss - ok
12:10:13.0066 0x0994  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:10:13.0076 0x0994  rdpbus - ok
12:10:13.0076 0x0994  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:13.0096 0x0994  RDPCDD - ok
12:10:13.0096 0x0994  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:10:13.0116 0x0994  RDPENCDD - ok
12:10:13.0116 0x0994  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:10:13.0136 0x0994  RDPREFMP - ok
12:10:13.0136 0x0994  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:10:13.0146 0x0994  RDPWD - ok
12:10:13.0146 0x0994  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:10:13.0156 0x0994  rdyboost - ok
12:10:13.0156 0x0994  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:10:13.0176 0x0994  RemoteAccess - ok
12:10:13.0186 0x0994  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:10:13.0206 0x0994  RemoteRegistry - ok
12:10:13.0206 0x0994  [ B60F58F175DE20A6739194E85B035178, 6E66D6041AF0B69896E4556F9FF3A3AA70CF4B09FFBE68E14E60313C5E3FFDDB ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
12:10:13.0216 0x0994  rpcapd - ok
12:10:13.0216 0x0994  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:10:13.0236 0x0994  RpcEptMapper - ok
12:10:13.0236 0x0994  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:10:13.0246 0x0994  RpcLocator - ok
12:10:13.0256 0x0994  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:10:13.0276 0x0994  RpcSs - ok
12:10:13.0276 0x0994  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:10:13.0296 0x0994  rspndr - ok
12:10:13.0316 0x0994  [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:10:13.0326 0x0994  RTL8167 - ok
12:10:13.0336 0x0994  [ 5F8423E7FDA0EB902C6D156F6121E094, DFAAD493E41A1545258FF6B4F64C32852B2E58D9E709921B5812DE75C6BD3745 ] SamSs           C:\Windows\system32\lsass.exe
12:10:13.0336 0x0994  SamSs - ok
12:10:13.0346 0x0994  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:10:13.0346 0x0994  sbp2port - ok
12:10:13.0356 0x0994  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:10:13.0376 0x0994  SCardSvr - ok
12:10:13.0376 0x0994  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:10:13.0386 0x0994  scfilter - ok
12:10:13.0406 0x0994  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:10:13.0436 0x0994  Schedule - ok
12:10:13.0446 0x0994  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:10:13.0456 0x0994  SCPolicySvc - ok
12:10:13.0466 0x0994  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:10:13.0476 0x0994  SDRSVC - ok
12:10:13.0476 0x0994  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:10:13.0496 0x0994  secdrv - ok
12:10:13.0496 0x0994  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:10:13.0516 0x0994  seclogon - ok
12:10:13.0516 0x0994  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:10:13.0536 0x0994  SENS - ok
12:10:13.0536 0x0994  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:10:13.0546 0x0994  SensrSvc - ok
12:10:13.0546 0x0994  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:10:13.0556 0x0994  Serenum - ok
12:10:13.0556 0x0994  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:10:13.0566 0x0994  Serial - ok
12:10:13.0566 0x0994  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:10:13.0566 0x0994  sermouse - ok
12:10:13.0576 0x0994  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:10:13.0596 0x0994  SessionEnv - ok
12:10:13.0596 0x0994  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:10:13.0606 0x0994  sffdisk - ok
12:10:13.0606 0x0994  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:10:13.0616 0x0994  sffp_mmc - ok
12:10:13.0616 0x0994  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:10:13.0616 0x0994  sffp_sd - ok
12:10:13.0626 0x0994  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:10:13.0626 0x0994  sfloppy - ok
12:10:13.0636 0x0994  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:10:13.0656 0x0994  SharedAccess - ok
12:10:13.0666 0x0994  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:13.0686 0x0994  ShellHWDetection - ok
12:10:13.0686 0x0994  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:10:13.0696 0x0994  SiSRaid2 - ok
12:10:13.0696 0x0994  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:10:13.0706 0x0994  SiSRaid4 - ok
12:10:13.0706 0x0994  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:10:13.0716 0x0994  SkypeUpdate - ok
12:10:13.0726 0x0994  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:10:13.0736 0x0994  Smb - ok
12:10:13.0746 0x0994  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:10:13.0746 0x0994  SNMPTRAP - ok
12:10:13.0756 0x0994  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:10:13.0756 0x0994  spldr - ok
12:10:13.0766 0x0994  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:10:13.0776 0x0994  Spooler - ok
12:10:13.0826 0x0994  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:10:13.0896 0x0994  sppsvc - ok
12:10:13.0906 0x0994  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:10:13.0926 0x0994  sppuinotify - ok
12:10:13.0926 0x0994  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:10:13.0946 0x0994  srv - ok
12:10:13.0946 0x0994  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:10:13.0956 0x0994  srv2 - ok
12:10:13.0966 0x0994  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:10:13.0976 0x0994  srvnet - ok
12:10:13.0976 0x0994  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:10:13.0996 0x0994  SSDPSRV - ok
12:10:13.0996 0x0994  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:10:14.0016 0x0994  SstpSvc - ok
12:10:14.0026 0x0994  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:10:14.0026 0x0994  ssudmdm - ok
12:10:14.0046 0x0994  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
12:10:14.0056 0x0994  ss_conn_service - ok
12:10:14.0076 0x0994  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:10:14.0086 0x0994  Steam Client Service - ok
12:10:14.0086 0x0994  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:10:14.0096 0x0994  stexstor - ok
12:10:14.0106 0x0994  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:10:14.0126 0x0994  stisvc - ok
12:10:14.0126 0x0994  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:10:14.0126 0x0994  swenum - ok
12:10:14.0136 0x0994  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:10:14.0166 0x0994  swprv - ok
12:10:14.0186 0x0994  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:10:14.0226 0x0994  SysMain - ok
12:10:14.0226 0x0994  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:14.0246 0x0994  TabletInputService - ok
12:10:14.0246 0x0994  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:10:14.0266 0x0994  TapiSrv - ok
12:10:14.0276 0x0994  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:10:14.0296 0x0994  TBS - ok
12:10:14.0316 0x0994  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:10:14.0356 0x0994  Tcpip - ok
12:10:14.0386 0x0994  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:10:14.0416 0x0994  TCPIP6 - ok
12:10:14.0416 0x0994  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:10:14.0426 0x0994  tcpipreg - ok
12:10:14.0426 0x0994  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:10:14.0436 0x0994  TDPIPE - ok
12:10:14.0436 0x0994  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:10:14.0436 0x0994  TDTCP - ok
12:10:14.0446 0x0994  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:10:14.0446 0x0994  tdx - ok
12:10:14.0556 0x0994  [ FC8DC5DB5F707C96FEBC526AA4CE562A, AB97B53EA9E8C55A18733A6A3DE42E6EBC8BA9150796338DF04AB2DDA5124E1A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
12:10:14.0626 0x0994  TeamViewer - ok
12:10:14.0636 0x0994  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:10:14.0646 0x0994  TermDD - ok
12:10:14.0656 0x0994  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:10:14.0666 0x0994  TermService - ok
12:10:14.0676 0x0994  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:10:14.0686 0x0994  Themes - ok
12:10:14.0686 0x0994  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:10:14.0706 0x0994  THREADORDER - ok
12:10:14.0706 0x0994  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:10:14.0726 0x0994  TrkWks - ok
12:10:14.0736 0x0994  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:14.0746 0x0994  TrustedInstaller - ok
12:10:14.0756 0x0994  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:14.0756 0x0994  tssecsrv - ok
12:10:14.0766 0x0994  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:10:14.0766 0x0994  TsUsbFlt - ok
12:10:14.0776 0x0994  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:10:14.0786 0x0994  tunnel - ok
12:10:14.0796 0x0994  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:10:14.0796 0x0994  uagp35 - ok
12:10:14.0806 0x0994  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:10:14.0826 0x0994  udfs - ok
12:10:14.0826 0x0994  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:10:14.0836 0x0994  UI0Detect - ok
12:10:14.0836 0x0994  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:10:14.0846 0x0994  uliagpkx - ok
12:10:14.0846 0x0994  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:10:14.0856 0x0994  umbus - ok
12:10:14.0856 0x0994  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:10:14.0856 0x0994  UmPass - ok
12:10:14.0866 0x0994  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
12:10:14.0866 0x0994  UnlockerDriver5 - ok
12:10:14.0876 0x0994  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:10:14.0896 0x0994  upnphost - ok
12:10:14.0906 0x0994  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:10:14.0906 0x0994  usbaudio - ok
12:10:14.0916 0x0994  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:14.0926 0x0994  usbccgp - ok
12:10:14.0926 0x0994  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:10:14.0936 0x0994  usbcir - ok
12:10:14.0936 0x0994  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:10:14.0946 0x0994  usbehci - ok
12:10:14.0946 0x0994  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:10:14.0956 0x0994  usbhub - ok
12:10:14.0966 0x0994  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:10:14.0966 0x0994  usbohci - ok
12:10:14.0966 0x0994  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:10:14.0976 0x0994  usbprint - ok
12:10:14.0986 0x0994  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:14.0986 0x0994  USBSTOR - ok
12:10:14.0996 0x0994  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:10:14.0996 0x0994  usbuhci - ok
12:10:15.0006 0x0994  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:10:15.0016 0x0994  usbvideo - ok
12:10:15.0016 0x0994  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:10:15.0036 0x0994  UxSms - ok
12:10:15.0036 0x0994  [ 5F8423E7FDA0EB902C6D156F6121E094, DFAAD493E41A1545258FF6B4F64C32852B2E58D9E709921B5812DE75C6BD3745 ] VaultSvc        C:\Windows\system32\lsass.exe
12:10:15.0046 0x0994  VaultSvc - ok
12:10:15.0056 0x0994  [ 774E0B5708EC5F8FE3FAE063AD741D1E, 2392DF6EA79634F842B6B1E96988D58ECCE456361C03BB691D4002D5370D57F0 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:10:15.0076 0x0994  VBoxDrv - ok
12:10:15.0086 0x0994  [ 348A3A2F65CFF137440127A98C307102, 4152AAE06F4A992FBD57F7BB86D5ACFF3FA0A41AB0E68B0A457ECAAF83088D3E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:10:15.0086 0x0994  VBoxNetAdp - ok
12:10:15.0096 0x0994  [ C9232E8BC7DE065C88586A6A8089C94E, DC1C7812F4D014B1106ED8E2FDBAC0D12622C75365B22E0D770F412265F52C77 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:10:15.0096 0x0994  VBoxNetFlt - ok
12:10:15.0106 0x0994  [ 7CA9F135666CE16742547271CD399557, 3BEAD11758DE731600088D2A5F0FAA6C38719DCC8B101F4B2BFDF3C0067C0751 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
12:10:15.0106 0x0994  VBoxUSB - ok
12:10:15.0116 0x0994  [ 79B223A37527EF773621F656310CE525, 8E0252CEC55F4D06849C13EBFA931D40C22BC3EB3D5092764F057C4DE77935E1 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:10:15.0116 0x0994  VBoxUSBMon - ok
12:10:15.0116 0x0994  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:10:15.0126 0x0994  vdrvroot - ok
12:10:15.0136 0x0994  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:10:15.0156 0x0994  vds - ok
12:10:15.0166 0x0994  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:15.0166 0x0994  vga - ok
12:10:15.0166 0x0994  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:10:15.0186 0x0994  VgaSave - ok
12:10:15.0196 0x0994  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:10:15.0206 0x0994  vhdmp - ok
12:10:15.0206 0x0994  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:10:15.0206 0x0994  viaide - ok
12:10:15.0216 0x0994  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:10:15.0216 0x0994  volmgr - ok
12:10:15.0226 0x0994  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:10:15.0236 0x0994  volmgrx - ok
12:10:15.0246 0x0994  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:10:15.0256 0x0994  volsnap - ok
12:10:15.0256 0x0994  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:10:15.0266 0x0994  vsmraid - ok
12:10:15.0286 0x0994  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:10:15.0326 0x0994  VSS - ok
12:10:15.0326 0x0994  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:10:15.0336 0x0994  vwifibus - ok
12:10:15.0336 0x0994  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:10:15.0346 0x0994  vwififlt - ok
12:10:15.0356 0x0994  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:10:15.0376 0x0994  W32Time - ok
12:10:15.0386 0x0994  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:10:15.0396 0x0994  WacomPen - ok
12:10:15.0396 0x0994  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:10:15.0416 0x0994  WANARP - ok
12:10:15.0416 0x0994  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:10:15.0436 0x0994  Wanarpv6 - ok
12:10:15.0456 0x0994  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:10:15.0486 0x0994  wbengine - ok
12:10:15.0486 0x0994  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:10:15.0506 0x0994  WbioSrvc - ok
12:10:15.0506 0x0994  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:10:15.0526 0x0994  wcncsvc - ok
12:10:15.0526 0x0994  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:15.0536 0x0994  WcsPlugInService - ok
12:10:15.0536 0x0994  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:10:15.0536 0x0994  Wd - ok
12:10:15.0556 0x0994  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:10:15.0576 0x0994  Wdf01000 - ok
12:10:15.0576 0x0994  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:10:15.0586 0x0994  WdiServiceHost - ok
12:10:15.0586 0x0994  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:10:15.0596 0x0994  WdiSystemHost - ok
12:10:15.0596 0x0994  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:10:15.0606 0x0994  WebClient - ok
12:10:15.0616 0x0994  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:10:15.0636 0x0994  Wecsvc - ok
12:10:15.0636 0x0994  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:10:15.0656 0x0994  wercplsupport - ok
12:10:15.0656 0x0994  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:10:15.0676 0x0994  WerSvc - ok
12:10:15.0686 0x0994  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:10:15.0696 0x0994  WfpLwf - ok
12:10:15.0706 0x0994  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:10:15.0706 0x0994  WIMMount - ok
12:10:15.0706 0x0994  WinDefend - ok
12:10:15.0706 0x0994  WinHttpAutoProxySvc - ok
12:10:15.0716 0x0994  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:10:15.0736 0x0994  Winmgmt - ok
12:10:15.0766 0x0994  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:10:15.0806 0x0994  WinRM - ok
12:10:15.0816 0x0994  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:10:15.0816 0x0994  WinUsb - ok
12:10:15.0836 0x0994  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:10:15.0856 0x0994  Wlansvc - ok
12:10:15.0856 0x0994  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:10:15.0866 0x0994  WmiAcpi - ok
12:10:15.0866 0x0994  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:10:15.0876 0x0994  wmiApSrv - ok
12:10:15.0876 0x0994  WMPNetworkSvc - ok
12:10:15.0887 0x0994  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:10:15.0895 0x0994  WPCSvc - ok
12:10:15.0899 0x0994  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:10:15.0910 0x0994  WPDBusEnum - ok
12:10:15.0913 0x0994  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:10:15.0933 0x0994  ws2ifsl - ok
12:10:15.0936 0x0994  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:10:15.0947 0x0994  wscsvc - ok
12:10:15.0948 0x0994  WSearch - ok
12:10:15.0988 0x0994  [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:10:16.0036 0x0994  wuauserv - ok
12:10:16.0036 0x0994  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:10:16.0046 0x0994  WudfPf - ok
12:10:16.0046 0x0994  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:16.0056 0x0994  WUDFRd - ok
12:10:16.0066 0x0994  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:10:16.0066 0x0994  wudfsvc - ok
12:10:16.0076 0x0994  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:10:16.0086 0x0994  WwanSvc - ok
12:10:16.0096 0x0994  X6va029 - ok
12:10:16.0096 0x0994  ================ Scan global ===============================
12:10:16.0096 0x0994  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:10:16.0106 0x0994  [ 7B3C10D38F84D2D534E1565A8B17018C, C31601B922795E4236E0A86FDACA3BA757982F79FF3F73A05047275064F2F4A1 ] C:\Windows\system32\winsrv.dll
12:10:16.0106 0x0994  [ 7B3C10D38F84D2D534E1565A8B17018C, C31601B922795E4236E0A86FDACA3BA757982F79FF3F73A05047275064F2F4A1 ] C:\Windows\system32\winsrv.dll
12:10:16.0116 0x0994  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:10:16.0116 0x0994  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:10:16.0130 0x0994  [ Global ] - ok
12:10:16.0130 0x0994  ================ Scan MBR ==================================
12:10:16.0131 0x0994  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:10:16.0463 0x0994  \Device\Harddisk1\DR1 - ok
12:10:16.0468 0x0994  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:10:16.0494 0x0994  \Device\Harddisk0\DR0 - ok
12:10:16.0494 0x0994  ================ Scan VBR ==================================
12:10:16.0497 0x0994  [ DBF184695103F4B1AC86789A0A375D35 ] \Device\Harddisk1\DR1\Partition1
12:10:16.0528 0x0994  \Device\Harddisk1\DR1\Partition1 - ok
12:10:16.0531 0x0994  [ 9FD3283EE5A4EDF706D93743F9F477A0 ] \Device\Harddisk1\DR1\Partition2
12:10:16.0573 0x0994  \Device\Harddisk1\DR1\Partition2 - ok
12:10:16.0576 0x0994  [ 05781E75DB2BD2BF98B80FE3E2926EF1 ] \Device\Harddisk0\DR0\Partition1
12:10:16.0578 0x0994  \Device\Harddisk0\DR0\Partition1 - ok
12:10:16.0578 0x0994  ================ Scan generic autorun ======================
12:10:16.0716 0x0994  [ E1026B2975D308D43E896A108C92F1BD, 562903C88BC3CBD86E9A813001C72576181F2470286040240BAC92E5BF1F1583 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
12:10:16.0806 0x0994  RTHDVCPL - ok
12:10:16.0896 0x0994  [ EEF85F53AB2B172D10629CAE1A491EC2, C0787C1F8C193BCC0577F13A503E939056AD41BC4D34BD4B62DADA7F3D0AF429 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
12:10:16.0976 0x0994  ISCT Tray - ok
12:10:16.0976 0x0994  winDL - ok
12:10:16.0996 0x0994  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:10:17.0016 0x0994  Sidebar - ok
12:10:17.0026 0x0994  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:10:17.0036 0x0994  mctadmin - ok
12:10:17.0046 0x0994  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:10:17.0076 0x0994  Sidebar - ok
12:10:17.0076 0x0994  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:10:17.0086 0x0994  mctadmin - ok
12:10:17.0086 0x0994  winDL - ok
12:10:17.0086 0x0994  Waiting for KSN requests completion. In queue: 398
12:10:18.0086 0x0994  Waiting for KSN requests completion. In queue: 85
12:10:19.0086 0x0994  Waiting for KSN requests completion. In queue: 85
12:10:20.0116 0x0994  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.12.402 ), 0x40000 ( disabled : updated )
12:10:20.0126 0x0994  Win FW state via NFP2: enabled ( trusted )
12:10:22.0566 0x0994  ============================================================
12:10:22.0566 0x0994  Scan finished
12:10:22.0566 0x0994  ============================================================
12:10:22.0576 0x10c4  Detected object count: 0
12:10:22.0576 0x10c4  Actual detected object count: 0
12:10:39.0342 0x0bf4  Deinitialize success
         

Alt 03.08.2015, 16:19   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.08.2015, 16:45   #6
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Code:
ATTFilter
ComboFix 15-08-03.01 - Administrator 03.08.2015  17:41:05.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8120.6298 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\b446e5a15ad88b537dfc54bdd16426afd09c1664
c:\users\Administrator\AppData\Roaming\Default Folder
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-07-03 bis 2015-08-03  ))))))))))))))))))))))))))))))
.
.
2015-08-03 15:42 . 2015-08-03 15:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-08-03 15:38 . 2015-08-03 15:38	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2015-08-03 09:57 . 2015-08-03 15:37	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-03 09:57 . 2015-08-03 10:05	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-03 09:56 . 2015-08-03 10:04	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-08-02 22:19 . 2015-08-02 22:19	--------	d-----w-	c:\programdata\AVAST Software
2015-08-02 21:50 . 2015-08-03 09:58	--------	d-----w-	c:\programdata\Malwarebytes
2015-08-02 21:46 . 2015-08-02 21:46	--------	d-----w-	C:\FRST
2015-08-02 21:44 . 2015-08-02 21:44	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-08-02 21:35 . 2015-03-14 03:21	82944	----a-w-	c:\windows\system32\dwmapi.dll
2015-08-02 21:35 . 2015-03-14 03:21	1632768	----a-w-	c:\windows\system32\dwmcore.dll
2015-08-02 21:35 . 2015-03-14 03:04	67584	----a-w-	c:\windows\SysWow64\dwmapi.dll
2015-08-02 21:35 . 2015-03-14 03:04	1372160	----a-w-	c:\windows\SysWow64\dwmcore.dll
2015-08-02 21:34 . 2015-05-09 18:26	493504	----a-w-	c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-02 20:41 . 2015-08-03 10:02	--------	d-sh--w-	c:\programdata\208992
2015-08-02 20:41 . 2015-08-02 20:41	--------	d-sh--w-	c:\programdata\209092
2015-08-02 20:37 . 2015-08-03 10:02	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Imminent
2015-08-02 20:37 . 2015-08-02 20:37	--------	d-----w-	C:\Default Folder
2015-08-02 20:36 . 2015-08-02 20:47	--------	d-----w-	c:\users\Administrator\AppData\Roaming\zSILlzC
2015-08-02 18:16 . 2015-08-02 18:16	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Mirillis
2015-08-02 18:16 . 2015-08-02 18:16	--------	d-----w-	c:\programdata\Mirillis
2015-08-02 18:16 . 2015-08-02 18:16	--------	d-----w-	c:\users\Administrator\AppData\Local\Mirillis
2015-08-02 18:16 . 2013-05-28 20:23	652288	----a-w-	c:\windows\system32\ficvdec_x64.dll
2015-08-02 18:16 . 2013-05-28 20:22	641024	----a-w-	c:\windows\SysWow64\ficvdec_x86.dll
2015-08-01 09:39 . 2015-08-02 19:16	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Audacity
2015-07-28 08:29 . 2015-07-25 18:04	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-07-28 08:29 . 2015-07-25 18:07	17856	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-07-28 08:29 . 2015-07-25 18:04	765440	----a-w-	c:\windows\system32\invagent.dll
2015-07-28 08:29 . 2015-07-25 18:03	433664	----a-w-	c:\windows\system32\devinv.dll
2015-07-28 08:29 . 2015-07-25 18:03	1085440	----a-w-	c:\windows\system32\appraiser.dll
2015-07-28 08:29 . 2015-07-25 18:03	67584	----a-w-	c:\windows\system32\acmigration.dll
2015-07-28 08:29 . 2015-07-25 18:03	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-07-28 08:29 . 2015-07-25 17:55	1145856	----a-w-	c:\windows\system32\aeinv.dll
2015-07-27 18:15 . 2015-04-09 03:23	1069056	----a-w-	c:\windows\system32\cryptui.dll
2015-07-27 18:15 . 2015-04-09 03:09	1005056	----a-w-	c:\windows\SysWow64\cryptui.dll
2015-07-27 18:15 . 2013-02-27 05:25	180584	----a-w-	c:\windows\system32\drivers\Classpnp.sys
2015-07-27 18:15 . 2012-07-30 18:38	254464	----a-w-	c:\windows\system32\dot3svc.dll
2015-07-27 18:15 . 2012-07-30 18:38	103936	----a-w-	c:\windows\system32\dot3msm.dll
2015-07-27 18:15 . 2012-07-30 17:40	115200	----a-w-	c:\windows\SysWow64\dot3msm.dll
2015-07-27 18:15 . 2015-03-20 03:21	2048	----a-w-	c:\windows\system32\tzres.dll
2015-07-27 18:15 . 2015-03-20 03:04	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2015-07-27 18:15 . 2013-07-05 02:53	316416	----a-w-	c:\windows\system32\drivers\rdbss.sys
2015-07-27 18:15 . 2014-09-09 22:16	377784	----a-w-	c:\windows\system32\drivers\netio.sys
2015-07-25 16:22 . 2015-07-25 16:22	--------	d-----w-	c:\users\Administrator\AppData\Local\CEF
2015-07-25 13:33 . 2015-07-04 18:07	2087424	----a-w-	c:\windows\system32\ole32.dll
2015-07-25 13:26 . 2015-08-03 10:12	33856	---ha-w-	c:\windows\system32\hamachi.sys
2015-07-10 17:28 . 2015-08-02 15:02	--------	d-----w-	C:\$Windows.~BT
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-02 21:44 . 2015-05-22 15:18	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-30 11:04 . 2015-05-26 15:29	162528	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-07-30 11:04 . 2015-05-26 15:29	141416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-07-03 06:43 . 2015-05-26 17:38	130333168	----a-w-	c:\windows\system32\MRT.exe
2015-06-20 12:41 . 2015-06-20 12:41	715038	----a-w-	c:\windows\unins000.exe
2015-05-29 17:25 . 2015-05-29 17:25	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2015-05-29 17:25 . 2015-05-29 17:25	942592	----a-w-	c:\windows\system32\jsIntl.dll
2015-05-29 17:25 . 2015-05-29 17:25	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2015-05-29 17:25 . 2015-05-29 17:25	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2015-05-29 17:25 . 2015-05-29 17:25	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2015-05-29 17:25 . 2015-05-29 17:25	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2015-05-29 17:25 . 2015-05-29 17:25	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-05-29 17:25 . 2015-05-29 17:25	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2015-05-29 17:25 . 2015-05-29 17:25	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2015-05-29 17:25 . 2015-05-29 17:25	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2015-05-29 17:25 . 2015-05-29 17:25	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2015-05-29 17:25 . 2015-05-29 17:25	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2015-05-29 17:25 . 2015-05-29 17:25	247808	----a-w-	c:\windows\system32\msls31.dll
2015-05-29 17:25 . 2015-05-29 17:25	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2015-05-29 17:25 . 2015-05-29 17:25	235008	----a-w-	c:\windows\system32\elshyph.dll
2015-05-29 17:25 . 2015-05-29 17:25	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2015-05-29 17:25 . 2015-05-29 17:25	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2015-05-29 17:25 . 2015-05-29 17:25	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2015-05-29 17:25 . 2015-05-29 17:25	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2015-05-29 17:25 . 2015-05-29 17:25	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2015-05-29 17:25 . 2015-05-29 17:25	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2015-05-29 17:25 . 2015-05-29 17:25	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2015-05-29 17:25 . 2015-05-29 17:25	81408	----a-w-	c:\windows\system32\icardie.dll
2015-05-29 17:25 . 2015-05-29 17:25	77312	----a-w-	c:\windows\system32\tdc.ocx
2015-05-29 17:25 . 2015-05-29 17:25	62464	----a-w-	c:\windows\system32\pngfilt.dll
2015-05-29 17:25 . 2015-05-29 17:25	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2015-05-29 17:25 . 2015-05-29 17:25	48640	----a-w-	c:\windows\system32\mshtmler.dll
2015-05-29 17:25 . 2015-05-29 17:25	48128	----a-w-	c:\windows\system32\imgutil.dll
2015-05-29 17:25 . 2015-05-29 17:25	30208	----a-w-	c:\windows\system32\licmgr10.dll
2015-05-29 17:25 . 2015-05-29 17:25	243200	----a-w-	c:\windows\system32\webcheck.dll
2015-05-29 17:25 . 2015-05-29 17:25	235520	----a-w-	c:\windows\system32\url.dll
2015-05-29 17:25 . 2015-05-29 17:25	167424	----a-w-	c:\windows\system32\iexpress.exe
2015-05-29 17:25 . 2015-05-29 17:25	147968	----a-w-	c:\windows\system32\occache.dll
2015-05-29 17:25 . 2015-05-29 17:25	143872	----a-w-	c:\windows\system32\wextract.exe
2015-05-29 17:25 . 2015-05-29 17:25	13824	----a-w-	c:\windows\system32\mshta.exe
2015-05-29 17:25 . 2015-05-29 17:25	135680	----a-w-	c:\windows\system32\iepeers.dll
2015-05-29 17:25 . 2015-05-29 17:25	105984	----a-w-	c:\windows\system32\iesysprep.dll
2015-05-29 17:25 . 2015-05-29 17:25	101376	----a-w-	c:\windows\system32\inseng.dll
2015-05-29 17:22 . 2015-05-29 17:22	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2015-05-29 17:22 . 2015-05-29 17:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2015-05-29 17:22 . 2015-05-29 17:22	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2015-05-29 17:22 . 2015-05-29 17:22	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2015-05-29 17:22 . 2015-05-29 17:22	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-05-29 17:22 . 2015-05-29 17:22	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2015-05-29 17:22 . 2015-05-29 17:22	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2015-05-29 17:22 . 2015-05-29 17:22	363008	----a-w-	c:\windows\system32\dxgi.dll
2015-05-29 17:22 . 2015-05-29 17:22	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2015-05-29 17:22 . 2015-05-29 17:22	296960	----a-w-	c:\windows\system32\d3d10core.dll
2015-05-29 17:22 . 2015-05-29 17:22	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2015-05-29 17:22 . 2015-05-29 17:22	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2015-05-29 17:22 . 2015-05-29 17:22	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2015-05-29 17:22 . 2015-05-29 17:22	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2015-05-29 17:22 . 2015-05-29 17:22	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2015-05-29 17:22 . 2015-05-29 17:22	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2015-05-29 17:22 . 2015-05-29 17:22	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2015-05-29 17:22 . 2015-05-29 17:22	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2015-05-29 17:22 . 2015-05-29 17:22	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2015-05-29 17:22 . 2015-05-29 17:22	1238528	----a-w-	c:\windows\system32\d3d10.dll
2015-05-29 17:22 . 2015-05-29 17:22	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2015-05-26 17:37 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2015-05-26 17:37 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2015-05-25 18:26 . 2015-06-10 13:24	706496	----a-w-	c:\windows\system32\winload.efi
2015-05-25 18:26 . 2015-06-10 13:24	5550528	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:25 . 2015-06-10 13:24	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:24 . 2015-06-10 13:24	631384	----a-w-	c:\windows\system32\winresume.efi
2015-05-25 18:22 . 2015-06-10 13:24	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:22 . 2015-06-10 13:24	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:22 . 2015-06-10 13:24	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:22 . 2015-06-10 13:24	215552	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:22 . 2015-06-10 13:24	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:22 . 2015-06-10 13:24	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:22 . 2015-06-10 13:24	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:22 . 2015-06-10 13:24	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-05-25 18:22 . 2015-06-10 13:24	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:22 . 2015-06-10 13:24	421376	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:22 . 2015-06-10 13:24	1163776	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:21 . 2015-06-10 13:24	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:21 . 2015-06-10 13:24	58880	----a-w-	c:\windows\system32\appidapi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winDL"="c:\users\Administrator\AppData\Roaming\winDL" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"winDL"="c:\windows\system32\config\systemprofile\AppData\Roaming\winDL" [X]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-08-03 5579624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"winDL"="c:\windows\system32\config\systemprofile\AppData\Roaming\winDL" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEDaisy;BEDaisy;c:\program files (x86)\Common Files\BattlEye\BEDaisy.sys;c:\program files (x86)\Common Files\BattlEye\BEDaisy.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NTIOLIB_1_0_3
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-25 13:40	995144	----a-w-	c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22 13:54]
.
2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22 13:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-08-25 5860656]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G2t6bIXtKRzH.lnk - (no file)
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iXtKRzH.lnk - (no file)
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\z6bIXtK.lnk - (no file)
AddRemove-Avira Antivirus - c:\program files (x86)\Avira\Antivirus\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,58,8e,ec,d0,33,f5,4f,aa,00,d3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,58,8e,ec,d0,33,f5,4f,aa,00,d3,\
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2191931038-3256374100-2060679559-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-08-03  17:43:59
ComboFix-quarantined-files.txt  2015-08-03 15:43
.
Vor Suchlauf: 14 Verzeichnis(se), 32.432.422.912 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 31.927.496.704 Bytes frei
.
- - End Of File - - 4ACDF4AB42AC1629B2D4172B26CB90E7
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 04.08.2015, 07:12   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.08.2015, 10:14   #8
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Kann Malwarebytes Anti Malware nicht installieren.
Fehler 183: Eine Datei kann nicht erstellt werden , wenn sie bereits vorhanden ist.

Hier Adw Cleaner
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 04/08/2015 um 11:09:36
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Administrator - OLEG
# Gestarted von : C:\Users\Administrator\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Babylon

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v


-\\ Google Chrome v44.0.2403.107

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1410108744&from=ild&uid=ST1500DL003-9VT16L_5YD5MK67&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2014 Bytes] - [04/08/2015 11:09:17]
AdwCleaner[S0].txt - [1880 Bytes] - [04/08/2015 11:09:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1939  Bytes] ##########
         
und hier Junkware Remove Tool :
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on 04.08.2015 at 11:12:06,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\imminent
Successfully deleted: [Folder] C:\ProgramData\208992
Successfully deleted: [Folder] C:\ProgramData\209092



~~~ Chrome


[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.08.2015 at 11:13:36,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 04.08.2015, 14:59   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.08.2015, 12:17   #10
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Hier vom Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2919f98910b42244a5100572e8eeda3b
# end=init
# utc_time=2015-08-05 10:44:58
# local_time=2015-08-05 12:44:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25133
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2919f98910b42244a5100572e8eeda3b
# end=updated
# utc_time=2015-08-05 10:57:34
# local_time=2015-08-05 12:57:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2919f98910b42244a5100572e8eeda3b
# engine=25133
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-05 11:12:53
# local_time=2015-08-05 01:12:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2234 190403023 0 0
# scanned=174518
# found=9
# cleaned=0
# scan_time=919
sh=8EE2DAD15849DB1186792778FC96B40FEF1708BC ft=1 fh=3a8167d9191eb314 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Default Folder\Settings.exe"
sh=B4FA74A6F4DAB3A7BA702B6C8C129F889DB32CA6 ft=1 fh=18b6f0028e820e71 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Riot Games\League of Legends\RADS\system\rads_user_kernelSrv.exe"
sh=3CFED937A7E859E627EFC359AFA3A287D10E22FE ft=0 fh=0000000000000000 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\File System\003\p\00\00000001"
sh=0AB51F8B0DA603F8294B48F5CE37FADBF1DEAF7F ft=1 fh=1f6b05ea09b34590 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\VSILlzCwXBSr\1328.xml"
sh=0AB51F8B0DA603F8294B48F5CE37FADBF1DEAF7F ft=1 fh=1f6b05ea09b34590 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\VSILlzCwXBSr\1526.xml"
sh=0AB51F8B0DA603F8294B48F5CE37FADBF1DEAF7F ft=1 fh=1f6b05ea09b34590 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\VSILlzCwXBSr\5406.xml"
sh=0AB51F8B0DA603F8294B48F5CE37FADBF1DEAF7F ft=1 fh=1f6b05ea09b34590 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\VSILlzCwXBSr\7396.xml"
sh=0AB51F8B0DA603F8294B48F5CE37FADBF1DEAF7F ft=1 fh=1f6b05ea09b34590 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\VSILlzCwXBSr\7914.xml"
sh=0AB51F8B0DA603F8294B48F5CE37FADBF1DEAF7F ft=1 fh=1f6b05ea09b34590 vn="Variante von MSIL/Kryptik.DCM Trojaner" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\VSILlzCwXBSr\8230.xml"
         

Alt 06.08.2015, 05:37   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



und der Rest?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.08.2015, 11:08   #12
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Security Check sagt das hier :
Results of screen317's Security Check version 1.006
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 51
Google Chrome 31.0.1650.59 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivirus sched.exe -?-
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Mh Avira lässt sich trotzdem nicht öffnen oder starten. Und wenn ich mir dann Avast versuche als alternative Lösung zu installieren , habe ich keine Rechte.

Alt 07.08.2015, 08:15   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



das frischr FRST log?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.08.2015, 15:51   #14
was08king
 
Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



FRST log von was ? Sorry weiß nicht welches programm du damit meinst ?

Alt 08.08.2015, 09:38   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Standard

Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.



Das Toll wo du in deinem ersten Post Logfiles von gepostet hast, FRST, Farbar Recovery Scan Tool
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.
adobe, antivirus, avast, avira, bluescreen, defender, desktop, dnsapi.dll, explorer, fehlermeldung, google, helper, hijack, home, lizensierung, mozilla, prozesse, realtek, registry, scan, schutz, secur, services.exe, super, svchost.exe, usb, windows, öffnet



Ähnliche Themen: Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren.


  1. Windows 7: Fehlermeldung bei Systemstart und Avira lässt sich nicht mehr öffnen.
    Log-Analyse und Auswertung - 19.08.2015 (10)
  2. SPYHUNTER auf WIN 8.1 lässt sich nicht mehr deinstallieren
    Log-Analyse und Auswertung - 12.08.2015 (8)
  3. WIN 7: Malewarebytes lässt sich nicht mehr deinstallieren bzw updaten
    Log-Analyse und Auswertung - 23.06.2015 (3)
  4. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  5. AVG lässt sich nicht öffnen oder deinstallieren (Gruppenrichtlinien blockieren) , brauche Anweisung was zu tun ist
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (17)
  6. Zone Alarm Antivirus wird ausgeschaltet und lässt sich nicht einschalten/ Online Games und Webseiten mit Passwort lassen sich nicht besuchen
    Log-Analyse und Auswertung - 14.11.2014 (26)
  7. Avira Desktop lässt sich nicht öffnen/aktivieren
    Antiviren-, Firewall- und andere Schutzprogramme - 09.10.2014 (11)
  8. WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)
    Log-Analyse und Auswertung - 17.08.2014 (9)
  9. Avira Free Antivirus lässt sich nicht komplett deinstallieren
    Log-Analyse und Auswertung - 06.07.2014 (15)
  10. Windows Vista 32 bit: Avira lässt sich nicht mehr öffnen
    Log-Analyse und Auswertung - 06.06.2014 (7)
  11. Avira Antivir lässt sich nicht mehr öffnen, deinstallieren oder neu herunterladen
    Log-Analyse und Auswertung - 02.06.2014 (59)
  12. PC-Performer lässt sich nicht mehr deinstallieren
    Log-Analyse und Auswertung - 02.12.2013 (16)
  13. chatzum lässt sich nicht mehr deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  14. (2x) keinerlei Netzwerkverbindungen Windows lässt sich nicht mehr einschalten
    Mülltonne - 15.08.2012 (1)
  15. Trojaner, der Virenprogramm vorgaukelt eingefangen + Firewall lässt sich nicht mehr einschalten
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (2)
  16. PC lässt sich nicht mehr einschalten!
    Netzwerk und Hardware - 29.08.2011 (21)
  17. Avira / Spybot / hijackthis lässt sich nicht öffnen
    Log-Analyse und Auswertung - 19.12.2009 (4)

Zum Thema Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. - Hey Leute , heute ist plötzlich mein Rechner , mit einem kurzen Bluescreen abgestürzt . Was da alles stand konnte ich nicht lesen , da es zu schnell weg ging - Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren....
Archiv
Du betrachtest: Win 7 : Avira lässt sich nicht mehr öffnen und einschalten . Mir fehlen die Rechte zum deinstallieren. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.