Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.09.2015, 22:44   #1
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden



Hallo.

Ich wurde auf einen Teamspeak Server eingeladen. Ich wurde sofort getrennt und ein Fenster ging auf das ein ClientQuery problem besteht. In diesem Fenster war ein Link auf wo ich ein patch runterladen sollte damit es wieder funktioniert. In meinem Leichtsin tat ich es. Es wurde im nachinein auf mein Steam zugegriffen und meine Gegentsände verkauft. Ich lies Antivir durchlaufen. Es wurde ein Fund gemeldet: BDS/DakKom

PHP-Code:
 Exportierte Ereignisse:

10.09.2015 22:52 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\AppData\Roaming\svcost\svcost.exe'
      
wurde ein Virus oder unerwünschtes Programm 'BDS/DarkKomet.GR' [backdoor
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\$Recycle.Bin\S-1-5-21-3595809947-3267569526-1819159511-1000\$RGUMQUQ.exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionÜbergeben an Scanner

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\$Recycle.Bin\S-1-5-21-3595809947-3267569526-1819159511-1000\$RDOJ8NP.exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionÜbergeben an Scanner

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\$Recycle.Bin\S-1-5-21-3595809947-3267569526-1819159511-1000\$RHNB9GC.exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionÜbergeben an Scanner

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-ii-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-(v1(1).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_digimon-world-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-ii-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_digimon-world-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-(v1(1).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-(v1(1).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-ii-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-(v1(1).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_digimon-world-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
      
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-ii-(germany).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:50 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\Downloads\CR_Downloader_fuer_suikoden-(v1(1).exe'
      
wurde ein Virus oder unerwünschtes Programm 'PUA/InstallCore.diur' [riskware
      
gefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 22
:25 [PlanerAuftrag gestartet
      Auftrag 
"Vollständige Prüfung"
      
wurde erfolgreich gestartet.

10.09.2015 22:22 [UpdaterUpdate erfolgreich durchgeführt
      Update auf Computer STEFFEN 
(192.168.2.104von 
      
"hxxp://personal.avira-update.com/update" wurde erfolgreich durchgeführt.
      
Es sind keine neuen Engine/VDF Dateien verfügbar.

10.09.2015 22:22 [PlanerAuftrag gestartet
      Auftrag 
"Automatisches Update Free"
      
wurde erfolgreich gestartet.

10.09.2015 21:56 [PlanerAuftrag gestartet
      Auftrag 
"Vollständige Prüfung"
      
wurde erfolgreich gestartet.

10.09.2015 21:54 [Echtzeit-ScannerDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version:    15.0.12.420
      Engine Version
:    
      
VDF Version:    

10.09.2015 21:54 [HilfsdienstDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version:    15.0.12.398
      Engine Version
:    8.3.34.22
      VDF Version
:    8.12.7.250

10.09.2015 21
:53 [PlanerDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version 15.0.12.420

10.09.2015 21
:52 [Echtzeit-ScannerDienst gestoppt
      Der Dienst wurde gestoppt
.

10.09.2015 21:52 [PlanerDienst gestoppt
      Der Dienst wurde gestoppt
.

10.09.2015 21:51 [Echtzeit-ScannerDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version:    15.0.12.420
      Engine Version
:    
      
VDF Version:    

10.09.2015 21:51 [HilfsdienstDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version:    15.0.12.398
      Engine Version
:    8.3.34.22
      VDF Version
:    8.12.7.250

10.09.2015 21
:50 [PlanerDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version 15.0.12.420

10.09.2015 21
:49 [Echtzeit-ScannerDienst gestoppt
      Der Dienst wurde gestoppt
.

10.09.2015 21:49 [PlanerDienst gestoppt
      Der Dienst wurde gestoppt
.

10.09.2015 21:49 [Echtzeit-ScannerRegistry blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf 
die Registry 
      blockiert
.

10.09.2015 21:41 [Echtzeit-ScannerEchtzeit-Scanner deaktiviert
      Echtzeit
-Scanner wurde deaktiviert.

10.09.2015 21:41 [FireWallDienst deaktiviert
      Der Dienst ist deaktiviert
.

10.09.2015 21:39 [Echtzeit-ScannerMalware gefunden
      In der Datei 
'C:\Users\Agando\Downloads\ClientQuery Plugin TeamSpeak 3.exe'
      
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.MSIL.Gen (Cloud)' 
      
[TR/Dropper.MSIL.Gengefunden.
      
Ausgeführte AktionZugriff verweigern

10.09.2015 21
:32 [System-ScannerSuche
      Suchlauf beendet 
[Der Suchlauf wurde vollständig durchgeführt.].
      
Anzahl Dateien:    14461
      Anzahl Verzeichnisse
:    0
      Anzahl Malware
:    0
      Anzahl Warnungen
:    0

10.09.2015 21
:31 [PlanerAuftrag gestartet
      Auftrag 
"Schnelle Systemprüfung"
      
wurde erfolgreich gestartet.

10.09.2015 20:23 [UpdaterUpdate erfolgreich durchgeführt
      Update von Avira Free Antivirus auf Computer STEFFEN 
(192.168.2.104
      
erfolgreich durchgeführt.
      
Folgende Dateien wurden von "hxxp://personal.avira-update.com/update" 
      
aktualisiert:
      
repair.rdf 1.0.10.48

10.09.2015 20
:22 [PlanerAuftrag gestartet
      Auftrag 
"Automatisches Update Free"
      
wurde erfolgreich gestartet.

10.09.2015 20:13 [Echtzeit-ScannerDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version:    15.0.12.420
      Engine Version
:    
      
VDF Version:    

10.09.2015 20:13 [HilfsdienstDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version:    15.0.12.398
      Engine Version
:    8.3.34.22
      VDF Version
:    8.12.7.250

10.09.2015 20
:12 [PlanerDienst gestartet
      Der Dienst wurde gestartet
.
      
Dienst Version 15.0.12.420 
et.GR


Der Suchlauf läuft noch. Werde aber erstmal ins Bett gehn.

Ich benutze Win7 Home Premium. Intel Core i5-4430 3.00GHz 4GB Ram 64Bit

Danke für jeden der mir Hilft.

Alt 11.09.2015, 05:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 11.09.2015, 08:36   #3
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Die FRST Textdatei




FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
durchgeführt von Agando (Administrator) auf STEFFEN (11-09-2015 09:28:09)
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando (Verfügbare Profile: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\Agando\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Agando\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Akamai Technologies, Inc.) C:\Users\Agando\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nota Inc.) C:\Users\Agando\AppData\Roaming\ZtnbTaR\JURvmkth8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Spotify Ltd) C:\Users\Agando\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Agando\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Agando\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Agando\AppData\Roaming\Spotify\Spotify.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-09-09] (MSI)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Agando\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Spotify Web Helper] => C:\Users\Agando\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Amazon Music] => C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
Startup: C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qNeO4WFY.lnk [2015-09-10]
ShortcutTarget: qNeO4WFY.lnk -> C:\Users\Agando\AppData\Roaming\ZtnbTaR\JURvmkth8.exe (Nota Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-04-02]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
GroupPolicy: Gruppenrichtline auf Chrome erkannt <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E5E922C8-6D4C-4632-92A5-4E2FF645FF62}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9PzptTu3U64PB1tRMoyLP8I4VpSyUZvklsTKGNuW1CH1gOr4iY9yuZOsl0nQKlsOYL1MCDPl6egEdCzhnTLD7M2dh49BLTIZJTafjGvkJPwtHGeSvtNtDqI5p3biNZ&q={searchTerms}
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1411053412&from=exp&uid=ST1000DM003-1CH162_S1DH6RJEXXXXS1DH6RJE
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9PzptTu3U64PB1tRMoyLP8I4VpSyUZvklsTKGNuW1CH1gOr4iY9yuZOsl0nQKlsOYL1MCDPl6egEdCzhnTLD7M2dh49BLTIZJTafjGvkJPwtHGeSvtNtDqI5p3biNZ&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9PzptTu3U64PB1tRMoyLP8I4VpSyUZvklsTKGNuW1CH1gOr4iY9yuZOsl0nQKlsOYL1MCDPl6egEdCzhnTLD7M2dh49BLTIZJTafjGvkJPwtHGeSvtNtDqI5p3biNZ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000 -> DefaultScope {C1CE2D7F-DF76-46DD-8227-D72EA1B7B09E} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000 -> {C1CE2D7F-DF76-46DD-8227-D72EA1B7B09E} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
Toolbar: HKLM - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  Keine Datei
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1411053412&from=exp&uid=ST1000DM003-1CH162_S1DH6RJEXXXXS1DH6RJE

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: Yahoo Web
FF SelectedSearchEngine: webssearches
FF Homepage: hxxps://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\google-images.xml [2014-10-06]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\google-maps.xml [2014-10-06]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\trovi-search.xml [2014-07-10]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\yahoo-web.xml [2015-09-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-09-18]
FF Extension: New Tab by Yahoo - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\extensions\faststartff@gmail.com

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
CHR Extension: (Google Sheets) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Google Docs Offline) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (agar.io server browser) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-06-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
CHR Extension: (Yahoo Web) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-07-20]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1125888 2015-07-22] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-06-15] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 pmem; \??\C:\Users\Agando\AppData\Local\Temp\_MEI56482\drivers\winpmem64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-11 09:28 - 2015-09-11 09:29 - 00025176 _____ C:\Users\Agando\Downloads\FRST.txt
2015-09-11 09:27 - 2015-09-11 09:27 - 02190848 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-09-11 08:48 - 2015-09-11 08:48 - 00058408 _____ C:\Users\Agando\Desktop\AVSCAN-20150910-222514-53A49D69.LOG
2015-09-10 23:38 - 2015-09-10 23:38 - 00243712 _____ C:\Users\Agando\Desktop\Ereignisse.txt
2015-09-10 23:06 - 2015-09-10 23:06 - 01660416 _____ C:\Users\Agando\Downloads\AdwCleaner_5.007.exe
2015-09-10 23:06 - 2015-09-10 23:06 - 00000000 ___DC C:\AdwCleaner
2015-09-10 21:54 - 2015-09-10 22:05 - 00605953 _____ C:\Users\Agando\AppData\Roaming\2.txt
2015-09-10 21:54 - 2015-09-10 22:05 - 00204403 _____ C:\Users\Agando\AppData\Roaming\1.zip
2015-09-10 21:41 - 2015-09-11 08:48 - 00000000 __SHD C:\Users\Agando\AppData\Roaming\svcost
2015-09-10 21:41 - 2015-09-10 21:41 - 00000000 ____D C:\Users\Agando\AppData\Roaming\ZtnbTaR
2015-09-10 21:38 - 2015-09-10 21:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-09-10 20:21 - 2015-09-10 20:21 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Sun
2015-09-10 20:21 - 2015-09-10 20:21 - 00000000 ____D C:\Users\Agando\.oracle_jre_usage
2015-09-09 20:08 - 2015-09-09 20:09 - 00000000 ____D C:\Users\Agando\Desktop\Trailerpark
2015-09-09 09:02 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 09:02 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 09:02 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 09:02 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 09:02 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 09:02 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 09:02 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 09:02 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 09:02 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 09:02 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 09:02 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 09:02 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 09:02 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 09:02 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 09:02 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 09:02 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 09:02 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 09:02 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 09:02 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 09:02 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 09:02 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 09:02 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 09:02 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 09:02 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 09:02 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 09:02 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 09:02 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 09:02 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 09:02 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 09:02 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 09:02 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 09:02 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 09:02 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 09:02 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 09:02 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 09:02 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 09:02 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 09:02 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 09:02 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 09:02 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 09:02 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 09:02 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 09:02 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 09:02 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 09:02 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 09:02 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 09:02 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 09:02 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 09:02 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 09:02 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 09:02 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 09:02 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 09:02 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 09:02 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 09:02 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 09:02 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 09:02 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 09:02 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 09:02 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 09:02 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 08:57 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 08:57 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 08:57 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 08:57 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 08:57 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 08:57 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 08:57 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 08:57 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 08:57 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 08:57 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 08:53 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 08:53 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 08:53 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 08:53 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 08:53 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 08:53 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 08:53 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 08:53 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 08:53 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 08:53 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 08:53 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 08:53 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 08:53 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 08:53 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 08:53 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 08:53 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 08:53 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 08:53 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 08:53 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 08:53 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 08:53 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 08:53 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 08:53 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 08:53 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:52 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 08:52 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 08:52 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 08:52 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 08:52 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 08:52 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 08:52 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 08:52 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 08:52 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 08:52 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 08:52 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 08:52 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 08:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 08:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 08:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 08:51 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 08:51 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 08:51 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 08:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 08:51 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 08:51 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 08:51 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 08:51 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 08:51 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 08:51 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 08:51 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 08:51 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 08:51 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 08:51 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 08:51 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 08:51 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 08:51 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 08:51 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 11:33 - 2015-09-08 11:33 - 00000000 ____D C:\Users\Agando\AppData\Local\Disc_Soft_Ltd
2015-09-08 11:18 - 2015-09-08 11:18 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-09-08 10:55 - 2015-09-08 11:19 - 00000000 ____D C:\Users\Agando\AppData\Roaming\DAEMON Tools Lite
2015-09-08 10:55 - 2015-09-08 10:55 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-09-08 10:55 - 2015-09-08 10:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-09-03 00:23 - 2015-09-08 11:05 - 00001138 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-31 14:48 - 2015-08-31 14:48 - 00000000 ____D C:\Users\Agando\Desktop\Train
2015-08-29 17:11 - 2015-08-29 17:11 - 00000000 ____D C:\Users\Agando\AppData\Local\FalloutNV
2015-08-28 16:47 - 2015-08-29 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 05:16 - 2015-09-08 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-23 20:29 - 2015-08-23 20:29 - 00000000 ____D C:\Users\Agando\AppData\Local\Daybreak Game Company
2015-08-21 00:29 - 2015-08-23 22:07 - 00000000 ____D C:\Users\Agando\AppData\Local\Ubisoft Game Launcher
2015-08-21 00:29 - 2015-08-21 00:29 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-08-21 00:29 - 2015-08-21 00:29 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-08-19 19:25 - 2015-08-19 19:25 - 00000565 _____ C:\Windows\Cm108.ini.cfl
2015-08-19 19:25 - 2015-08-19 19:25 - 00000133 _____ C:\Windows\system\Dlap.pfx
2015-08-19 19:25 - 2015-08-19 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust GXT Gaming Headset
2015-08-19 19:25 - 2013-04-26 13:05 - 12935168 ____N (C-Media Corporation) C:\Windows\SysWOW64\CM108.dll
2015-08-19 19:25 - 2013-04-26 13:05 - 04533760 ____N C:\Windows\system32\CM108.cpl
2015-08-19 19:25 - 2013-04-26 12:40 - 00820224 ____N C:\Windows\system32\Cmeau108.exe
2015-08-19 19:25 - 2013-04-26 12:40 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\cmpa108.dll
2015-08-19 19:25 - 2013-04-26 12:40 - 00143360 ____N C:\Windows\Vmix108.dll
2015-08-19 19:24 - 2015-08-19 19:25 - 00001196 _____ C:\Windows\Cm108.ini.imi
2015-08-19 19:24 - 2013-04-28 11:08 - 00002697 ____N C:\Windows\Cm108.ini.cfg
2015-08-19 19:24 - 2013-04-26 13:04 - 04326912 _____ (C-Media Electronics Inc) C:\Windows\system32\Drivers\CM10864.sys
2015-08-19 19:24 - 2013-04-26 12:40 - 00524768 ____R (Microsoft Corporation) C:\Windows\difxapi.dll
2015-08-19 19:24 - 2013-04-26 12:40 - 00359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2015-08-19 19:24 - 2013-04-26 12:40 - 00315392 _____ (C-Media Electronics Inc.) C:\Windows\system\fltr108.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-11 09:29 - 2014-04-05 21:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-11 09:28 - 2014-09-18 12:40 - 00000000 ____D C:\FRST
2015-09-11 09:25 - 2014-04-06 14:17 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Spotify
2015-09-11 09:25 - 2014-04-06 14:17 - 00000000 ____D C:\Users\Agando\AppData\Local\Spotify
2015-09-11 09:24 - 2014-04-02 16:56 - 01450105 _____ C:\Windows\WindowsUpdate.log
2015-09-11 09:07 - 2009-07-14 06:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-11 09:07 - 2009-07-14 06:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-11 09:02 - 2014-04-07 02:25 - 00000000 ____D C:\Users\Agando\AppData\Local\CrashDumps
2015-09-11 08:59 - 2014-10-13 20:53 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-11 08:59 - 2009-07-14 06:51 - 00818007 _____ C:\Windows\setupact.log
2015-09-11 08:57 - 2014-07-08 00:58 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 08:57 - 2014-04-05 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-11 08:57 - 2014-04-02 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-11 08:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 08:56 - 2015-02-11 12:28 - 00000711 _____ C:\Users\Agando\Desktop\Neues Textdokument.txt
2015-09-11 08:52 - 2010-11-21 05:47 - 00393282 _____ C:\Windows\PFRO.log
2015-09-11 08:44 - 2014-07-08 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 23:19 - 2014-04-05 20:52 - 00000000 ____D C:\Users\Agando\AppData\Roaming\TS3Client
2015-09-10 21:54 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-10 20:22 - 2014-11-05 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-10 20:22 - 2014-11-05 12:57 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-10 20:22 - 2014-04-05 21:02 - 00000000 ____D C:\ProgramData\Oracle
2015-09-10 20:21 - 2014-04-02 16:56 - 00000000 ____D C:\Users\Agando
2015-09-10 20:20 - 2014-11-05 12:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-10 09:24 - 2014-04-15 13:16 - 00000000 ___RD C:\Users\Agando\Desktop\Games
2015-09-09 20:09 - 2014-08-08 19:48 - 00000000 ___RD C:\Users\Agando\Desktop\Youtube
2015-09-09 19:29 - 2011-04-12 09:43 - 00699544 _____ C:\Windows\system32\perfh007.dat
2015-09-09 19:29 - 2011-04-12 09:43 - 00149426 _____ C:\Windows\system32\perfc007.dat
2015-09-09 19:29 - 2009-07-14 07:13 - 01620900 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 19:23 - 2009-07-14 06:45 - 00271440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 19:21 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 19:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 13:29 - 2014-04-06 18:44 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 11:05 - 2014-05-04 00:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-04 02:45 - 2015-07-11 13:23 - 00000000 ____D C:\Users\Agando\AppData\Roaming\OBS
2015-09-04 02:22 - 2015-07-11 13:22 - 00000000 ____D C:\Program Files (x86)\OBS
2015-09-03 21:45 - 2015-06-08 22:43 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 21:23 - 2014-04-15 13:17 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-08-31 14:41 - 2014-04-16 11:16 - 00000000 ____D C:\Users\Agando\AppData\Roaming\DVDVideoSoft
2015-08-30 21:39 - 2014-07-08 00:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 21:39 - 2014-07-08 00:58 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 17:11 - 2014-10-02 17:30 - 00000000 ____D C:\Users\Agando\Documents\My Games
2015-08-29 17:11 - 2014-04-05 22:02 - 00366359 _____ C:\Windows\DirectX.log
2015-08-29 17:03 - 2014-04-05 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-29 05:18 - 2014-04-11 19:15 - 00000000 ____D C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-08-28 18:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-28 16:06 - 2015-01-22 16:22 - 00000000 ___RD C:\Users\Agando\Desktop\Programme
2015-08-28 16:04 - 2014-04-05 22:12 - 00000000 ____D C:\Users\Agando\Desktop\Screenshots
2015-08-28 15:59 - 2015-07-24 21:44 - 00000000 ____D C:\Users\Agando\Desktop\ArmA 3
2015-08-28 15:33 - 2014-12-11 14:53 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-08-28 15:32 - 2014-08-30 19:00 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-28 15:31 - 2014-12-11 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-08-28 15:31 - 2014-12-11 19:59 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2015-08-28 15:29 - 2014-09-21 18:08 - 00000000 ____D C:\Users\Agando\AppData\Local\Glyph
2015-08-28 15:29 - 2014-09-21 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-08-28 15:29 - 2014-09-21 18:08 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-08-28 15:28 - 2014-12-07 20:23 - 00000000 ____D C:\Gamigo
2015-08-28 15:26 - 2014-04-15 14:55 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-08-28 15:26 - 2014-04-15 14:26 - 00000000 ___DC C:\AeriaGames
2015-08-28 15:24 - 2014-04-05 22:49 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-08-27 17:54 - 2014-07-27 01:05 - 00000000 ____D C:\Users\Agando\AppData\Local\Arma 3 Launcher
2015-08-27 16:50 - 2014-04-28 20:54 - 00000000 ____D C:\Users\Agando\AppData\Local\Arma 3
2015-08-27 14:40 - 2014-04-02 17:34 - 00000000 ____D C:\ProgramData\Avira
2015-08-27 14:40 - 2014-04-02 17:34 - 00000000 ____D C:\Program Files (x86)\Avira
2015-08-27 05:15 - 2014-04-02 17:34 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-27 05:15 - 2014-04-02 17:34 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-26 18:37 - 2014-04-06 18:44 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-21 00:36 - 2015-07-07 23:45 - 00001132 _____ C:\Users\Agando\Desktop\Amazon Music.lnk
2015-08-19 19:25 - 2014-04-02 17:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-19 19:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2015-08-19 19:24 - 2013-04-26 12:38 - 00001145 _____ C:\Windows\system\Cm108.ini
2015-08-18 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 21:34 - 2014-07-08 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-12 01:13 - 2014-04-15 14:26 - 00000000 ____D C:\Users\Agando\AppData\Local\Akamai
2015-08-12 01:07 - 2014-12-11 21:07 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 01:07 - 2014-05-06 20:03 - 00000000 ___SD C:\Windows\system32\CompatTel

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-10 21:54 - 2015-09-10 22:05 - 0204403 _____ () C:\Users\Agando\AppData\Roaming\1.zip
2015-09-10 21:54 - 2015-09-10 22:05 - 0605953 _____ () C:\Users\Agando\AppData\Roaming\2.txt
2014-05-04 01:35 - 2014-12-31 00:38 - 0000294 _____ () C:\Users\Agando\AppData\Roaming\BreakingPoint_Login.ini
2014-05-04 02:36 - 2014-12-31 00:51 - 0001664 _____ () C:\Users\Agando\AppData\Roaming\BreakingPoint_Options.ini
2015-03-25 09:32 - 2015-03-25 09:32 - 0000097 _____ () C:\Users\Agando\AppData\Roaming\LauncherSettings_live.cfg
2015-06-28 20:03 - 2015-06-28 20:03 - 0000863 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2014-04-02 17:06 - 2014-04-02 17:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\avgnt.exe
C:\Users\Agando\AppData\Local\Temp\devcon64.exe
C:\Users\Agando\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Agando\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Agando\AppData\Local\Temp\SRLDetectionLibrary3298030064700200405.dll
C:\Users\Agando\AppData\Local\Temp\SRLDetectionLibrary3617913169969879884.dll
C:\Users\Agando\AppData\Local\Temp\SRLDetectionLibrary383872312478108281.dll
C:\Users\Agando\AppData\Local\Temp\SRLDetectionLibrary4042876331591493692.dll
C:\Users\Agando\AppData\Local\Temp\SRLDetectionLibrary6398977547396629249.dll
C:\Users\Agando\AppData\Local\Temp\tmd_34012248.exe
C:\Users\Agando\AppData\Local\Temp\tmd_34018070.exe
C:\Users\Agando\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-11 02:04

==================== Ende von FRST.txt ============================
         
--- --- ---
__________________

Alt 11.09.2015, 08:37   #4
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Und die Addition Textdatei



Code:
ATTFilter
 Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
durchgeführt von Agando (2015-09-11 09:29:22)
Gestartet von C:\Users\Agando\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-04-02 14:56:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3595809947-3267569526-1819159511-500 - Administrator - Disabled)
Agando (S-1-5-21-3595809947-3267569526-1819159511-1000 - Administrator - Enabled) => C:\Users\Agando
Gast (S-1-5-21-3595809947-3267569526-1819159511-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3595809947-3267569526-1819159511-1004 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version:  - Rockstar New England)
CCGLauncher version 0.0.0.9 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.0.0.9 - Custom Combat Gaming)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{668B7711-6DAF-465F-9BE2-F3C07C962131}) (Version: 0.92.117 - Dotjosh Studios)
DayZLauncher version 0.0.0.13 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1) (Version: 0.0.0.13 - Maca134)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.56.324 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PhotoFiltre (HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\PhotoFiltre) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Reign Of Kings (HKLM-x32\...\Steam App 344760) (Version:  - Code}{atch)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Spotify (HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.020 - MSI)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Trust GXT Gaming Headset (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
Trust GXT Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 2.0.01.13 - Trust)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
ZOMBI (HKLM-x32\...\Steam App 339230) (Version:  - Straight Right)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

08-09-2015 10:56:02 Gerätetreiber-Paketinstallation: Disc Soft Ltd Speichercontroller
09-09-2015 08:47:26 Windows Update
09-09-2015 13:19:25 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {082E6DBA-BC5A-422D-ADFE-3B32C2B2F1E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {7F01EF7F-804E-4142-9DBF-CCDBF5866BEE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {960E5164-BCE9-426A-8BA1-F4E8EDAFF3A3} - System32\Tasks\{37809151-D147-436A-B03F-33B202F3F254} => pcalua.exe -a C:\Users\Agando\Downloads\BP_Installer.exe -d C:\Users\Agando\Downloads
Task: {B269D2E5-8A63-4098-805C-9137C347595A} - System32\Tasks\{B68054E3-F58C-4F9D-8DAD-6EDF6893DEB6} => pcalua.exe -a C:\Users\Agando\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp <==== ACHTUNG
Task: {D8A99FD4-ED33-401B-B982-C8BEF63926F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DD2FC4D6-3206-4A4E-8DC3-7037FA988A88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-04-02 17:31 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 17:31 - 2013-08-01 17:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-04-02 17:32 - 2015-07-14 21:06 - 00708240 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-02 17:32 - 2015-07-14 21:06 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-12-16 21:49 - 2015-07-21 07:02 - 05887808 _____ () C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-05-06 23:48 - 2015-07-14 21:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-05 20:48 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 23:51 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 23:51 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 23:51 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 23:06 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 12:12 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 12:12 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 12:12 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 12:12 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 12:12 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-04-05 20:48 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-04-05 20:48 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-04-02 17:07 - 2013-09-16 21:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-11 20:29 - 2015-08-11 20:29 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
2015-03-11 20:23 - 2015-09-03 00:21 - 45067320 _____ () C:\Users\Agando\AppData\Roaming\Spotify\libcef.dll
2015-03-11 20:23 - 2015-09-03 00:21 - 01649208 _____ () C:\Users\Agando\AppData\Roaming\Spotify\libglesv2.dll
2015-03-11 20:23 - 2015-09-03 00:21 - 00080952 _____ () C:\Users\Agando\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\sony.com -> sony.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{47B6B2F5-E14C-4FB9-880A-EE3FC9FE2710}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB290D69-4C17-4D8A-9888-D4BEFEDE24C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{94E2CE65-7B1D-44AF-A933-44309219F1C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{890A263F-9329-46FE-B4E9-3126B99BC549}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C71A9B60-55A2-4AC8-89DA-4158B9F9E85C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{5A4F5481-1945-4969-9AB7-32134A763129}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [TCP Query User{E1CA35FC-5ACC-4484-8047-A73E1A7BE903}C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{116B7E5D-88D7-417F-A908-F0DC036B29EB}C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{0072F7F3-915F-4FC6-8DAA-6A22EE63A506}C:\users\agando\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\agando\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{82DAD535-3258-4B6C-8C3B-1873923BC934}C:\users\agando\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\agando\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3108C1D9-2298-421C-B83A-DEC3E158BE84}C:\users\agando\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\agando\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{95F4ED3B-8A3A-43A9-B6EF-B72D9CFE4335}C:\users\agando\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\agando\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3E93DAAD-1397-4454-927D-E47841A4D857}C:\users\agando\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\agando\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{919B6812-CA93-45EE-A26A-CFBE29772626}C:\users\agando\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\agando\appdata\local\akamai\netsession_win.exe
FirewallRules: [{3112047A-9148-40F7-93D9-A521051A9A68}] => (Allow) C:\AeriaGames\EdenEternal-DE\_Launcher.exe
FirewallRules: [{0B84B2FC-3238-4AF0-8AEE-FE13C144F31D}] => (Allow) C:\AeriaGames\EdenEternal-DE\_Launcher.exe
FirewallRules: [TCP Query User{29E21803-60E7-4843-93E1-6BFE6222D290}C:\users\agando\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\agando\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{900FCA02-0C1F-446D-BB9C-72867F0B3463}C:\users\agando\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\agando\appdata\local\akamai\netsession_win.exe
FirewallRules: [{58BD4EFE-8888-4BDC-B0FB-D3C6DF5558A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{0BC20CA4-E370-4D4B-888C-1BF5BD874970}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [TCP Query User{57EA912B-83AC-448C-B295-E92F89C8646D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5146AE4E-3C30-43EF-8780-F9DAB292B292}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B7B266DF-3A09-4A64-8114-27DF374C844F}C:\breaking point\breakingpoint.exe] => (Allow) C:\breaking point\breakingpoint.exe
FirewallRules: [UDP Query User{6EE0C9BF-68F3-4798-9547-E03F5C558E22}C:\breaking point\breakingpoint.exe] => (Allow) C:\breaking point\breakingpoint.exe
FirewallRules: [{AE37D269-17E8-4775-8CF4-7A254D38A778}] => (Allow) C:\Breaking Point\BTSync.exe
FirewallRules: [{B063C461-66E9-44D6-8892-9A5A505C3AEB}] => (Allow) C:\Breaking Point\BTSync.exe
FirewallRules: [{B802C074-F6E7-4FCC-9E82-95CE2F820571}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{E0833B8F-D6EF-4972-9646-AD9AA5E39E3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [TCP Query User{1E06655E-9D75-46F6-A038-F10D4E7EC295}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{5224F309-AB4C-4B7E-AE99-059BB46FD76A}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{1A7B328E-7FF1-43D2-8BEF-BABE757C344D}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{E5FE516D-2E17-4174-A486-E3BDE5457E81}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{E9663646-E4B2-4B1D-BC83-5A9084B6721C}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{C04EDE9C-63D4-4696-9679-CF16F629D7C3}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{55FFA82B-9D5C-44DD-B709-C192D14E9A57}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2OA.exe
FirewallRules: [{4BD7256F-1EA3-438B-A1B7-0BBF5C1F1549}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2\arma2OA.exe
FirewallRules: [TCP Query User{55FC11DF-C441-4805-9BBE-2BE5677639C0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{C2357544-0CE4-479C-B09A-556A712F5FFB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{C11448A3-DF87-46B6-91A4-26A763CCE22E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{D4BEE8B2-FC7B-4DF2-B5E2-16AC4BBE0416}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{E94C9CD7-5B4E-4DF1-AE65-45714EE06773}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{C3A058A3-1051-4E47-8419-A48D690688A0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{19D80451-EF15-4D5A-863C-F3E1AC382570}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{10813B3E-97F2-4675-A5C1-0171DEBB3494}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{BDF4EC89-FF65-4800-87C7-9CB37BB8572B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C576F840-6DB0-4A2A-9DAC-3EAB85DBE1FD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{92740467-6D0D-45BF-B6AD-570DF1765662}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{61B18E1D-BFDA-407F-A810-3C9F852C7B43}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{666B8D33-8BB7-4A23-B90A-D1BE523F09B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3245CCEF-10E0-4F05-A38E-716D55524219}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{148B5482-E4E4-4934-864D-AAE8167C6B61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{7168EA76-8D09-42DE-ABD7-F5FA74EC057D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{6A2365DF-F21A-450E-A7DD-BF0515C6A29D}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [UDP Query User{4D60D622-6679-421B-A387-519F78E09F20}C:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) C:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [{42AFB426-88DE-4BE8-B89D-88FA8B5A8E83}] => (Block) C:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [{4A8D9125-7631-499F-853E-4CC9E50964BA}] => (Block) C:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [TCP Query User{CA918F71-6D0A-4D60-AD70-D0B7AFD067F0}C:\users\agando\appdata\local\apps\2.0\6d16cm8m.tea\w33ack90.4o5\epoc..tion_0000000000000000_0000.0000_bc6a6885d7815792\epoch launcher.exe] => (Allow) C:\users\agando\appdata\local\apps\2.0\6d16cm8m.tea\w33ack90.4o5\epoc..tion_0000000000000000_0000.0000_bc6a6885d7815792\epoch launcher.exe
FirewallRules: [UDP Query User{F8216C01-6380-442E-BF2C-BB582756051D}C:\users\agando\appdata\local\apps\2.0\6d16cm8m.tea\w33ack90.4o5\epoc..tion_0000000000000000_0000.0000_bc6a6885d7815792\epoch launcher.exe] => (Allow) C:\users\agando\appdata\local\apps\2.0\6d16cm8m.tea\w33ack90.4o5\epoc..tion_0000000000000000_0000.0000_bc6a6885d7815792\epoch launcher.exe
FirewallRules: [{FEEC1316-7F6E-4F64-A7C1-241F3637DD8B}] => (Block) C:\users\agando\appdata\local\apps\2.0\6d16cm8m.tea\w33ack90.4o5\epoc..tion_0000000000000000_0000.0000_bc6a6885d7815792\epoch launcher.exe
FirewallRules: [{0B07BCB6-6B66-4067-A49D-581E3197368D}] => (Block) C:\users\agando\appdata\local\apps\2.0\6d16cm8m.tea\w33ack90.4o5\epoc..tion_0000000000000000_0000.0000_bc6a6885d7815792\epoch launcher.exe
FirewallRules: [{D3616E6F-329C-4B22-8521-FFBAAB79AAC0}] => (Allow) C:\Users\Agando\Desktop\Loadscreen.txt_downloader.exe
FirewallRules: [{BE78AB94-D7E5-437E-9BA5-4AC2C70A0E3B}] => (Allow) C:\Users\Agando\Desktop\Loadscreen.txt_downloader.exe
FirewallRules: [{FD71418C-6E5D-42AF-98B5-F87ED2AE2462}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{E74F80CD-732A-4DB1-8BF8-5F0E4264EE94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\experimental\Rust.exe
FirewallRules: [{D31A0B3F-F4F9-4BF7-AF00-44344F74E856}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{04B0D62C-96D2-454A-A46C-AB8E93EDBBA5}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{A4614A82-C4AD-409B-BEC9-6423CFD265A2}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{6B2D6458-2043-4AF2-9D02-CB4B306010DE}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{3C089C54-7BFE-4369-B186-DD015D94947B}] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{37F905D3-6462-47B5-82A5-7E5549B39707}] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{F45BEDFF-C639-4E90-AB32-9D65A5A22FDD}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{AB728B8E-A5CF-4419-8F85-D7C19FAB2E83}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{CB585C94-683A-4BD5-8E0C-AB00A377609F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{BD14927C-F4A7-4898-BA44-1FA0A516ED4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{AF2EB68C-B941-460A-9A84-D9965EE453D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{CC691516-8771-49BC-AEFE-A2209A09AF70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{00CF2A3C-9848-433B-B118-AF85A82A389B}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{BBE9E506-AD68-48EA-84B6-CFDBE8B585C0}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{57A70B89-F960-4300-B0C9-808275169D53}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{51D52921-399A-4737-9062-ABBDF4F7C05B}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{80D7F47C-7B84-4F6A-B627-9A75F08606DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{EE4BBF1F-51B7-405A-87DD-48C237D28D8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [TCP Query User{251155BE-E6C4-43E1-A3F7-4F4FCCD684DB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F5DBC3A4-8BD5-40AA-BD30-00666A7B0F2A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{B64BD610-F573-41D0-9E32-26D4DB841A7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5746CFA9-2E55-4D09-B9E9-050FDC61E613}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{597E7B38-3CED-4362-8F4A-C76F82E385B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{34C154A6-78D2-4168-B84D-DC43265D1F7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{CFA84211-319C-4680-B480-065008E0D984}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{D6025169-648A-4B5F-A5FC-026E5FA387CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1ED1DAB6-BD82-4F00-97DA-A1017A4032B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{CE73CAB0-282A-4DC7-97EA-EE1CED8708FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{8864CB88-3E8E-48F5-80C4-8A2A67BA81BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{795C7923-D16D-4E1B-A284-76A2F55B1C04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{6DCB9C48-47DD-407C-A351-F19C7D434EBB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A9984332-DBFB-4BCB-8CB6-C7769F340124}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{9BD9F65F-0C69-414E-B70D-88F9BA41335F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{5E986308-5543-4804-ADE1-341C8B4FC23B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{771311C7-319E-4A55-9F5E-056530E47DEC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{59434CA7-FF5A-41FE-BB38-8FCEE91B065E}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{C58627D1-7CF9-4FED-9010-B9C83693F839}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{723A0113-9C2E-4297-B9D5-784361F20703}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [TCP Query User{6DB1262E-6680-4985-BA7A-554F6ED65D5F}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{E3E4E5FE-927A-458F-A7C1-55189ACC18C1}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{05AC7C33-71C2-4110-AAB5-29A062BC32BA}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{5B5ADCCB-AD2F-4B30-8A43-F4B5E684A105}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{CDAD707B-7DC6-4486-B0ED-6BC9E40D5F87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C4369AF8-BEAA-4612-BBA3-DCA0CE69CF24}] => (Allow) LPort=2869
FirewallRules: [{AA2DD4C7-F73E-4DB9-A49B-C11B62AC0591}] => (Allow) LPort=1900
FirewallRules: [{07AE66B9-1462-44BA-AA59-52CE95466582}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{CED6652D-1EE7-4624-BAFF-E65ED0E81C53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{FE0BF9C2-23CB-488C-BB64-A0890187CC0A}C:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe
FirewallRules: [UDP Query User{B762A45B-5F35-4B6F-BC7E-E71B15BBE23F}C:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3server.exe
FirewallRules: [{9B47BBDA-59EC-462A-8A73-F27AE9CB680A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{FC4151A6-51D5-4CBA-A7E7-99E0FEA6A0EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{A9EA9F49-EBA0-47B8-BB31-31D9A7F9AEAD}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{B113C155-39CF-485F-A64E-65F0F3F30827}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F8160948-D806-4997-9DFD-684DAC578539}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [{7415EC23-E5D2-46C3-89E3-871C51B908B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{12F3C2AC-1197-4D45-9456-0A36791ECF2B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{A37C4BB1-CB3C-4671-85F1-CF751CEA211F}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{AE216856-D1C7-498D-B884-CDEF83332C25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37C14E3E-AC46-487D-B547-4B59532804AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E5B7615-6DE6-40B0-B2E4-6116CB760527}] => (Allow) C:\AeriaGames\AuraKingdom\game.bin
FirewallRules: [{391A9A35-8BDE-42D2-9365-B4C085E0DCC9}] => (Allow) C:\AeriaGames\AuraKingdom\game.bin
FirewallRules: [{345C426D-124E-4D1E-9464-8B899F76966C}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{C06FB3CA-1CFD-466A-A6AA-9BE63067C5FE}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{8E8079AB-A925-44A6-97A7-30C73FEFE4FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{111DC4B4-593A-4315-92CE-08DF6D4CB077}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [TCP Query User{9B16D6D7-A538-4B3E-A61B-FCA5EB7E4B3A}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [UDP Query User{4DBE1CEB-4806-4FF7-A89A-86F8498C0478}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [TCP Query User{7386C0A3-B715-4401-99E2-DAF68EDD6475}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{887654E9-2968-435B-A8B9-98F29CCB736B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{09C02602-3F4D-45DC-BD68-7A096E23BEEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{C36A91CB-43DC-4C69-B3FD-75F32639833C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{BF5E4754-450F-46E5-9973-63EA84833DC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{98EE1FC0-F93D-418A-8A46-27B96C51DBB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{DE292688-CDB0-4880-9E7A-AD45F5D2358A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{42FFC372-8629-4F89-9308-4AC2D3E3AB27}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{982F8B77-A863-418E-BC45-0B85977FAF53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{C288225C-EAEF-4D5E-AC50-86F8145A103B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{8B272059-C564-4712-B3DE-1BEA6E03CC7A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{0BC7F33A-A65D-44F6-AB30-50E9A7013148}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{AAF082CC-61BC-4B0E-9437-7F761E94D6BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{5831184B-F331-46B6-824D-00E7D63449B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [TCP Query User{47FF252C-DC03-434B-910C-DF16CCF69336}C:\users\agando\desktop\originslauncher\originslauncher.exe] => (Allow) C:\users\agando\desktop\originslauncher\originslauncher.exe
FirewallRules: [UDP Query User{77CADF8B-1ABE-485F-B1C3-EB702089F6E7}C:\users\agando\desktop\originslauncher\originslauncher.exe] => (Allow) C:\users\agando\desktop\originslauncher\originslauncher.exe
FirewallRules: [{C220BA5D-35CC-45FD-B54E-3B1D1028E27A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{C0A10CFF-03AD-4E78-9371-8E165DE96846}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{7C8077D7-B2AA-43D6-BBC9-72557BC2A87E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{DD89A599-DA44-4E33-B283-F80B828EA571}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{5EB156F4-AAEE-4B76-A748-DE141D24B12E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{216C475D-E975-4EBC-A7D7-BFD046EB2B42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [TCP Query User{82F27C6D-A6E6-47B0-BE00-7B19BB61BB87}C:\users\agando\appdata\local\temp\rar$exa0.601\originslauncher\originslauncher.exe] => (Allow) C:\users\agando\appdata\local\temp\rar$exa0.601\originslauncher\originslauncher.exe
FirewallRules: [UDP Query User{2CDD7156-32B3-4B17-9127-EA13B875CD91}C:\users\agando\appdata\local\temp\rar$exa0.601\originslauncher\originslauncher.exe] => (Allow) C:\users\agando\appdata\local\temp\rar$exa0.601\originslauncher\originslauncher.exe
FirewallRules: [{61248803-48CB-4A1C-8610-B84C25E8CC97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{A79178D3-35CD-4847-8A5A-3315D45B4F8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{DB8F0F16-25B4-46AC-B5FA-503E1FF9FB72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{878D6459-5B51-40E0-BF91-B59131AB3885}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{366DA5D8-E762-429D-AF86-167AAA37C823}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{D21AF26D-3E08-4D93-AEA9-72AF573629CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{B3AB804F-5A82-4930-85FB-26D895C0F396}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{588A13DB-38B7-4F01-9C36-31C6D91ADFD3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{B6F0BE63-699B-4F39-BF0E-28C8098323F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{AC922D7D-5991-4457-B145-2504220251B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{8D66EB95-4A3A-4FA6-A5AA-EC7022F7D7CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{951ED1F1-3E36-418E-B064-4BEEC5E6512C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{31FF696F-6282-43BC-B471-7C50F9FE0624}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{2FF43D0E-6A2C-4D93-85DD-0DD40FE25511}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{B96D90DE-1A61-4DB9-89B9-BFBD9508D46A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{F8511F42-C4FE-477C-BE6D-1B3AE0F09BE2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{49D53805-842D-49C4-81E2-2D1E39415C68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B25CEE25-2478-4F51-8974-9A49E8F15F2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F21A6DFB-4A34-4C2D-940E-942432424A0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D278622B-8E83-47F6-A7DC-FC45DCE5E16B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F11FC65B-926C-453A-A95E-3D52D97E6546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6863BF5F-1D19-4A42-B6D4-3CCDDEC37933}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{8D80E8F5-32D3-4A8D-8DE4-6868AADFA9A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{B0B94926-4837-4868-B0D4-04BA4EDCC7B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ZOMBI\ZOMBI.exe
FirewallRules: [{94ED8318-9E1C-429C-8FF6-65360443B206}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ZOMBI\ZOMBI.exe
FirewallRules: [{FF3FB3FA-E7C0-4B04-B6F9-BFC64A5E9BB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{50B8D2EC-3F81-470A-AAEA-1BD73605F011}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{2823E326-B862-4777-BCE9-AF07310EB15F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{1756DB46-8D60-422A-9296-B3E28FA3EED0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{A788DEAB-0990-4ED8-9173-8904FDDC979B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{059EE14B-3437-422F-B12D-E6213A8AC072}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{6C5FF78D-295E-4490-9E2F-9E0E27A3E579}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{E2C3DD50-08AD-4290-8D0A-575D1E8400DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{8C8D214D-0613-44BC-B955-030648EA3394}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8FB0D8B1-E675-463A-8A65-2F3A1F561DDE}C:\program files (x86)\teamspeak 3 client\ts3client_win32.exe] => (Block) C:\program files (x86)\teamspeak 3 client\ts3client_win32.exe
FirewallRules: [UDP Query User{5932C062-FF8D-4A7C-9487-5D11E0522048}C:\program files (x86)\teamspeak 3 client\ts3client_win32.exe] => (Block) C:\program files (x86)\teamspeak 3 client\ts3client_win32.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/11/2015 09:07:33 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (09/11/2015 09:02:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Name des fehlerhaften Moduls: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0x17d4
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3

Error: (09/11/2015 08:58:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2015 08:57:40 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/11/2015 08:54:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2015 08:53:12 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/10/2015 10:23:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FreeYTVDownloader.exe, Version 3.2.56.324 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 478

Startzeit: 01d0ec041bd594e8

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

Berichts-ID:

Error: (09/10/2015 09:55:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2015 09:55:46 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (09/10/2015 09:53:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (09/11/2015 09:22:01 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/11/2015 08:57:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (09/11/2015 08:53:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (09/10/2015 10:04:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (09/10/2015 09:58:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/10/2015 09:58:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/10/2015 09:58:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/10/2015 09:58:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/10/2015 09:58:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "RAS-Verbindungsverwaltung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (09/10/2015 09:56:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056


Microsoft Office:
=========================
Error: (09/11/2015 09:07:33 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (09/11/2015 09:02:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d2417d401d0ec5fddb49d55C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe1f61a24f-5853-11e5-bf3c-d43d7effc1e3

Error: (09/11/2015 08:58:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2015 08:57:40 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/11/2015 08:54:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2015 08:53:12 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/10/2015 10:23:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FreeYTVDownloader.exe3.2.56.32447801d0ec041bd594e816C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

Error: (09/10/2015 09:55:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2015 09:55:46 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: 

Error: (09/10/2015 09:53:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 4040.02 MB
Verfügbarer physikalischer RAM: 1698.73 MB
Summe virtueller Speicher: 8078.25 MB
Verfügbarer virtueller Speicher: 4757.05 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:503.77 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD9E8466)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 11.09.2015, 18:24   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2015, 22:03   #6
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Die Logs zur Mbar.exe



Code:
ATTFilter
 ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.2.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18015

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 4236271616, free: 2323218432

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.2.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18015

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 4236271616, free: 2260987904

Downloaded database version: v2015.09.11.06
Downloaded database version: v2015.08.16.01
Downloaded database version: v2015.09.11.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     09/11/2015 21:49:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\System32\Drivers\INETMON.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.09.11.06
  rootkit: v2015.08.16.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004838060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004838b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004838060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004579060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FD9E8466

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.83" is compressed (flags = 1)
File C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf will be destroyed
Infected: C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf --> [PUP.Optional.WebInstr]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.2.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18015

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 4236271616, free: 2153697280

=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     09/11/2015 22:36:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\System32\Drivers\INETMON.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.09.11.06
  rootkit: v2015.08.16.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004416060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80042f19d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004416060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041b9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FD9E8466

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6A692E8ADADFB2F4B0DA08D3432C86CA60EFC0E4.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
         

Alt 11.09.2015, 22:04   #7
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Die Logs zur TDSSkiller.exe



Code:
ATTFilter
 22:56:50.0406 0x067c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
22:56:54.0666 0x067c  ============================================================
22:56:54.0666 0x067c  Current date / time: 2015/09/11 22:56:54.0666
22:56:54.0666 0x067c  SystemInfo:
22:56:54.0666 0x067c  
22:56:54.0666 0x067c  OS Version: 6.1.7601 ServicePack: 1.0
22:56:54.0666 0x067c  Product type: Workstation
22:56:54.0666 0x067c  ComputerName: STEFFEN
22:56:54.0666 0x067c  UserName: Agando
22:56:54.0666 0x067c  Windows directory: C:\Windows
22:56:54.0666 0x067c  System windows directory: C:\Windows
22:56:54.0666 0x067c  Running under WOW64
22:56:54.0667 0x067c  Processor architecture: Intel x64
22:56:54.0667 0x067c  Number of processors: 4
22:56:54.0667 0x067c  Page size: 0x1000
22:56:54.0667 0x067c  Boot type: Normal boot
22:56:54.0667 0x067c  ============================================================
22:56:56.0303 0x067c  KLMD registered as C:\Windows\system32\drivers\13815544.sys
22:56:56.0884 0x067c  System UUID: {CAE60C6D-F993-2853-ADDC-A9E07E76C7D8}
22:56:58.0057 0x067c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:58.0072 0x067c  ============================================================
22:56:58.0072 0x067c  \Device\Harddisk0\DR0:
22:56:58.0073 0x067c  MBR partitions:
22:56:58.0073 0x067c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:56:58.0073 0x067c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:56:58.0073 0x067c  ============================================================
22:56:58.0094 0x067c  C: <-> \Device\Harddisk0\DR0\Partition2
22:56:58.0094 0x067c  ============================================================
22:56:58.0094 0x067c  Initialize success
22:56:58.0094 0x067c  ============================================================
22:57:47.0404 0x0528  ============================================================
22:57:47.0404 0x0528  Scan started
22:57:47.0404 0x0528  Mode: Manual; SigCheck; TDLFS; 
22:57:47.0404 0x0528  ============================================================
22:57:47.0404 0x0528  KSN ping started
22:57:49.0767 0x0528  KSN ping finished: true
22:57:50.0557 0x0528  ================ Scan system memory ========================
22:57:50.0557 0x0528  System memory - ok
22:57:50.0557 0x0528  ================ Scan services =============================
22:57:50.0674 0x0528  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:57:50.0732 0x0528  1394ohci - ok
22:57:50.0754 0x0528  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:57:50.0769 0x0528  ACPI - ok
22:57:50.0781 0x0528  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:57:50.0798 0x0528  AcpiPmi - ok
22:57:50.0887 0x0528  [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:57:50.0907 0x0528  AdobeFlashPlayerUpdateSvc - ok
22:57:50.0935 0x0528  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:57:50.0950 0x0528  adp94xx - ok
22:57:50.0974 0x0528  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:57:50.0986 0x0528  adpahci - ok
22:57:51.0000 0x0528  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:57:51.0009 0x0528  adpu320 - ok
22:57:51.0068 0x0528  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:57:51.0102 0x0528  AeLookupSvc - ok
22:57:51.0154 0x0528  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:57:51.0188 0x0528  AFD - ok
22:57:51.0257 0x0528  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:57:51.0277 0x0528  agp440 - ok
22:57:51.0325 0x0528  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:57:51.0357 0x0528  ALG - ok
22:57:51.0379 0x0528  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:57:51.0386 0x0528  aliide - ok
22:57:51.0391 0x0528  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:57:51.0400 0x0528  amdide - ok
22:57:51.0412 0x0528  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:57:51.0437 0x0528  AmdK8 - ok
22:57:51.0455 0x0528  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:57:51.0469 0x0528  AmdPPM - ok
22:57:51.0492 0x0528  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:57:51.0505 0x0528  amdsata - ok
22:57:51.0522 0x0528  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:57:51.0536 0x0528  amdsbs - ok
22:57:51.0547 0x0528  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:57:51.0557 0x0528  amdxata - ok
22:57:51.0649 0x0528  [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
22:57:51.0732 0x0528  AntiVirMailService - ok
22:57:51.0776 0x0528  [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:57:51.0796 0x0528  AntiVirSchedulerService - ok
22:57:51.0814 0x0528  [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:57:51.0828 0x0528  AntiVirService - ok
22:57:51.0876 0x0528  [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
22:57:51.0905 0x0528  AntiVirWebService - ok
22:57:51.0940 0x0528  [ A0711D119BA4B48A1470C768D301013E, 536366F809125D2C2171597C8C2CB3271BE5C6B373152112E0D970749776E00A ] AppID           C:\Windows\system32\drivers\appid.sys
22:57:51.0972 0x0528  AppID - ok
22:57:51.0994 0x0528  [ 173C90AF5B243B4DD86F95CA154CB58A, 349F566DADC96B31FDC34C4F26545FB880844DBF84E5821AA0D0CAA91FB837E1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:57:52.0027 0x0528  AppIDSvc - ok
22:57:52.0041 0x0528  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
22:57:52.0065 0x0528  Appinfo - ok
22:57:52.0086 0x0528  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:57:52.0099 0x0528  arc - ok
22:57:52.0107 0x0528  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:57:52.0117 0x0528  arcsas - ok
22:57:52.0204 0x0528  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:57:52.0233 0x0528  aspnet_state - ok
22:57:52.0243 0x0528  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:57:52.0277 0x0528  AsyncMac - ok
22:57:52.0304 0x0528  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:57:52.0310 0x0528  atapi - ok
22:57:52.0353 0x0528  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:57:52.0383 0x0528  AudioEndpointBuilder - ok
22:57:52.0396 0x0528  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:57:52.0415 0x0528  AudioSrv - ok
22:57:52.0453 0x0528  [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:57:52.0476 0x0528  avgntflt - ok
22:57:52.0484 0x0528  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:57:52.0496 0x0528  avipbb - ok
22:57:52.0562 0x0528  [ 24680B56D862F1DE30C13FC64B80F568, 4B30EB73369691B915F5615E1BF6C95B070E184BC42BCC505C94410014A04EB3 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
22:57:52.0591 0x0528  Avira.ServiceHost - ok
22:57:52.0602 0x0528  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:57:52.0611 0x0528  avkmgr - ok
22:57:52.0657 0x0528  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
22:57:52.0679 0x0528  avnetflt - ok
22:57:52.0708 0x0528  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:57:52.0748 0x0528  AxInstSV - ok
22:57:52.0784 0x0528  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:57:52.0814 0x0528  b06bdrv - ok
22:57:52.0853 0x0528  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:57:52.0880 0x0528  b57nd60a - ok
22:57:52.0913 0x0528  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:57:52.0933 0x0528  BDESVC - ok
22:57:52.0948 0x0528  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:57:52.0985 0x0528  Beep - ok
22:57:53.0083 0x0528  [ 56805606D40B1EC96AE8442E21318C13, 3CBCB50EA8D2124B5E322D38F721670B4997F5F6865D3C7D5F819B9EF9620394 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
22:57:53.0111 0x0528  BEService - ok
22:57:53.0154 0x0528  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:57:53.0176 0x0528  BFE - ok
22:57:53.0214 0x0528  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:57:53.0258 0x0528  BITS - ok
22:57:53.0276 0x0528  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:57:53.0285 0x0528  blbdrive - ok
22:57:53.0307 0x0528  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:57:53.0329 0x0528  bowser - ok
22:57:53.0340 0x0528  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:57:53.0350 0x0528  BrFiltLo - ok
22:57:53.0360 0x0528  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:57:53.0383 0x0528  BrFiltUp - ok
22:57:53.0406 0x0528  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:57:53.0421 0x0528  Browser - ok
22:57:53.0437 0x0528  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:57:53.0459 0x0528  Brserid - ok
22:57:53.0466 0x0528  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:57:53.0477 0x0528  BrSerWdm - ok
22:57:53.0487 0x0528  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:57:53.0497 0x0528  BrUsbMdm - ok
22:57:53.0504 0x0528  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:57:53.0513 0x0528  BrUsbSer - ok
22:57:53.0616 0x0528  [ FE2EB0B2A4128251E0B8E3DAA86267B5, C666AD4D7A77BAD9BB6461A0FF099F07F404467901B1532F7734BD904B5BC992 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
22:57:53.0651 0x0528  BstHdAndroidSvc - ok
22:57:53.0684 0x0528  [ DD275B81B72C41DA26BECCBFB131B17B, DFCB2A1246EFF6186F8D1D88D25390DA310EC3AC021EE6AE5551C8D684022CF6 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
22:57:53.0711 0x0528  BstHdDrv - ok
22:57:53.0736 0x0528  [ 721B05BF298C2F96BDDEA8DD2CCF66A4, 2AA3528B1E22654A41EE8659D1802B962BF5F80C4993F902DF4BD79C7F7B0FE9 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
22:57:53.0753 0x0528  BstHdLogRotatorSvc - ok
22:57:53.0773 0x0528  [ E5CC74B9B4369DF42D3895D45B0EC062, C870736A85EA9F170163C8DABB7335CADEA525302CAF2C4575BD659B462D34B6 ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
22:57:53.0793 0x0528  BstHdUpdaterSvc - ok
22:57:53.0809 0x0528  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:57:53.0840 0x0528  BTHMODEM - ok
22:57:53.0877 0x0528  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:57:53.0933 0x0528  bthserv - ok
22:57:53.0944 0x0528  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:57:53.0968 0x0528  cdfs - ok
22:57:53.0994 0x0528  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:57:54.0016 0x0528  cdrom - ok
22:57:54.0037 0x0528  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:57:54.0073 0x0528  CertPropSvc - ok
22:57:54.0086 0x0528  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:57:54.0104 0x0528  circlass - ok
22:57:54.0149 0x0528  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
22:57:54.0164 0x0528  CLFS - ok
22:57:54.0232 0x0528  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:57:54.0254 0x0528  clr_optimization_v2.0.50727_32 - ok
22:57:54.0276 0x0528  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:57:54.0299 0x0528  clr_optimization_v2.0.50727_64 - ok
22:57:54.0360 0x0528  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:57:54.0385 0x0528  clr_optimization_v4.0.30319_32 - ok
22:57:54.0412 0x0528  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:57:54.0440 0x0528  clr_optimization_v4.0.30319_64 - ok
22:57:54.0458 0x0528  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:57:54.0476 0x0528  CmBatt - ok
22:57:54.0498 0x0528  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:57:54.0512 0x0528  cmdide - ok
22:57:54.0594 0x0528  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
22:57:54.0620 0x0528  CNG - ok
22:57:54.0632 0x0528  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:57:54.0640 0x0528  Compbatt - ok
22:57:54.0665 0x0528  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:57:54.0679 0x0528  CompositeBus - ok
22:57:54.0686 0x0528  COMSysApp - ok
22:57:54.0698 0x0528  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:57:54.0706 0x0528  crcdisk - ok
22:57:54.0749 0x0528  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:57:54.0769 0x0528  CryptSvc - ok
22:57:54.0884 0x0528  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:57:54.0914 0x0528  cvhsvc - ok
22:57:54.0953 0x0528  [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
22:57:54.0968 0x0528  dc3d - ok
22:57:55.0014 0x0528  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:57:55.0050 0x0528  DcomLaunch - ok
22:57:55.0079 0x0528  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:57:55.0109 0x0528  defragsvc - ok
22:57:55.0119 0x0528  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:57:55.0142 0x0528  DfsC - ok
22:57:55.0156 0x0528  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:57:55.0174 0x0528  Dhcp - ok
22:57:55.0302 0x0528  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
22:57:55.0366 0x0528  DiagTrack - ok
22:57:55.0390 0x0528  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:57:55.0423 0x0528  discache - ok
22:57:55.0457 0x0528  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:57:55.0465 0x0528  Disk - ok
22:57:55.0495 0x0528  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:57:55.0524 0x0528  Dnscache - ok
22:57:55.0548 0x0528  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:57:55.0585 0x0528  dot3svc - ok
22:57:55.0599 0x0528  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:57:55.0633 0x0528  DPS - ok
22:57:55.0655 0x0528  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:57:55.0676 0x0528  drmkaud - ok
22:57:55.0748 0x0528  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\Windows\system32\DRIVERS\dtlitescsibus.sys
22:57:55.0773 0x0528  dtlitescsibus - ok
22:57:55.0844 0x0528  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:57:55.0875 0x0528  DXGKrnl - ok
22:57:55.0893 0x0528  EagleX64 - ok
22:57:55.0897 0x0528  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:57:55.0927 0x0528  EapHost - ok
22:57:55.0938 0x0528  EasyAntiCheat - ok
22:57:56.0014 0x0528  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:57:56.0115 0x0528  ebdrv - ok
22:57:56.0151 0x0528  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] EFS             C:\Windows\System32\lsass.exe
22:57:56.0170 0x0528  EFS - ok
22:57:56.0231 0x0528  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:57:56.0265 0x0528  ehRecvr - ok
22:57:56.0284 0x0528  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:57:56.0303 0x0528  ehSched - ok
22:57:56.0335 0x0528  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:57:56.0354 0x0528  elxstor - ok
22:57:56.0370 0x0528  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:57:56.0380 0x0528  ErrDev - ok
22:57:56.0408 0x0528  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:57:56.0453 0x0528  EventSystem - ok
22:57:56.0482 0x0528  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:57:56.0508 0x0528  exfat - ok
22:57:56.0523 0x0528  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:57:56.0550 0x0528  fastfat - ok
22:57:56.0574 0x0528  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:57:56.0594 0x0528  Fax - ok
22:57:56.0607 0x0528  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:57:56.0624 0x0528  fdc - ok
22:57:56.0637 0x0528  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:57:56.0660 0x0528  fdPHost - ok
22:57:56.0668 0x0528  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:57:56.0691 0x0528  FDResPub - ok
22:57:56.0697 0x0528  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:57:56.0704 0x0528  FileInfo - ok
22:57:56.0719 0x0528  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:57:56.0741 0x0528  Filetrace - ok
22:57:56.0755 0x0528  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:57:56.0764 0x0528  flpydisk - ok
22:57:56.0778 0x0528  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:57:56.0789 0x0528  FltMgr - ok
22:57:56.0862 0x0528  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
22:57:56.0893 0x0528  FontCache - ok
22:57:56.0938 0x0528  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:57:56.0945 0x0528  FontCache3.0.0.0 - ok
22:57:56.0955 0x0528  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:57:56.0964 0x0528  FsDepends - ok
22:57:56.0986 0x0528  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:57:56.0993 0x0528  Fs_Rec - ok
22:57:57.0014 0x0528  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:57:57.0026 0x0528  fvevol - ok
22:57:57.0042 0x0528  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:57:57.0050 0x0528  gagp30kx - ok
22:57:57.0175 0x0528  [ EECE18D068A5DCE3D3EC468FC6921672, FD6D70269DFECD9A97BD97C1AFE9BAE28897489B2590F2B4BCF240376E740EBD ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
22:57:57.0202 0x0528  GfExperienceService - ok
22:57:57.0228 0x0528  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:57:57.0263 0x0528  gpsvc - ok
22:57:57.0329 0x0528  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:57:57.0346 0x0528  gupdate - ok
22:57:57.0354 0x0528  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:57:57.0369 0x0528  gupdatem - ok
22:57:57.0414 0x0528  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
22:57:57.0427 0x0528  hamachi - ok
22:57:57.0440 0x0528  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:57:57.0469 0x0528  hcw85cir - ok
22:57:57.0501 0x0528  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:57:57.0534 0x0528  HdAudAddService - ok
22:57:57.0552 0x0528  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:57:57.0578 0x0528  HDAudBus - ok
22:57:57.0592 0x0528  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:57:57.0612 0x0528  HidBatt - ok
22:57:57.0631 0x0528  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:57:57.0652 0x0528  HidBth - ok
22:57:57.0672 0x0528  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:57:57.0701 0x0528  HidIr - ok
22:57:57.0719 0x0528  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:57:57.0752 0x0528  hidserv - ok
22:57:57.0770 0x0528  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:57:57.0778 0x0528  HidUsb - ok
22:57:57.0795 0x0528  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:57:57.0819 0x0528  hkmsvc - ok
22:57:57.0840 0x0528  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:57:57.0852 0x0528  HomeGroupListener - ok
22:57:57.0861 0x0528  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:57:57.0873 0x0528  HomeGroupProvider - ok
22:57:57.0892 0x0528  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:57:57.0900 0x0528  HpSAMD - ok
22:57:57.0964 0x0528  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:57:57.0984 0x0528  HTTP - ok
22:57:57.0997 0x0528  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:57:58.0003 0x0528  hwpolicy - ok
22:57:58.0030 0x0528  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:57:58.0039 0x0528  i8042prt - ok
22:57:58.0057 0x0528  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:57:58.0070 0x0528  iaStorV - ok
22:57:58.0149 0x0528  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:57:58.0180 0x0528  idsvc - ok
22:57:58.0207 0x0528  IEEtwCollectorService - ok
22:57:58.0224 0x0528  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:57:58.0231 0x0528  iirsp - ok
22:57:58.0256 0x0528  [ 39F3C7E218CE9118106D166F09AE1352, B78ADFC87AACF868D62A7FB0971B8786C1315A9B4D34D3E3159AD3F24D78AD62 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
22:57:58.0264 0x0528  ikbevent - ok
22:57:58.0326 0x0528  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:57:58.0361 0x0528  IKEEXT - ok
22:57:58.0365 0x0528  [ 404906005D768E48BF16218B420249C7, 78409A077F244FCAC806180384C240F3BB1FF7ECF02EDB5E5D3188F458AB23D1 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
22:57:58.0371 0x0528  imsevent - ok
22:57:58.0390 0x0528  [ 3F2BB021CB280880F8C1B7A6FEF9B447, CEC0BF9D6C9CF6E6A9F9B4E656BD47208AC977EDDC11C1C3BCD07EB50BABC017 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
22:57:58.0397 0x0528  INETMON - ok
22:57:58.0483 0x0528  [ 07E34A18AB9DAD1F680B1066D9782BFB, 62285189743CAA57B0108D8D4A197E5BB22143311026AD4AC5BA7BBEA7DC4299 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:57:58.0577 0x0528  IntcAzAudAddService - ok
22:57:58.0619 0x0528  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:57:58.0648 0x0528  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
22:58:01.0110 0x0528  Detect skipped due to KSN trusted
22:58:01.0111 0x0528  Intel(R) Capability Licensing Service Interface - ok
22:58:01.0176 0x0528  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
22:58:01.0210 0x0528  Intel(R) Capability Licensing Service TCP IP Interface - ok
22:58:01.0243 0x0528  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:58:01.0250 0x0528  intelide - ok
22:58:01.0258 0x0528  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:58:01.0274 0x0528  intelppm - ok
22:58:01.0384 0x0528  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:58:01.0418 0x0528  IPBusEnum - ok
22:58:01.0435 0x0528  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:58:01.0470 0x0528  IpFilterDriver - ok
22:58:01.0507 0x0528  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:58:01.0532 0x0528  iphlpsvc - ok
22:58:01.0545 0x0528  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:58:01.0562 0x0528  IPMIDRV - ok
22:58:01.0579 0x0528  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:58:01.0603 0x0528  IPNAT - ok
22:58:01.0614 0x0528  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:58:01.0625 0x0528  IRENUM - ok
22:58:01.0634 0x0528  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:58:01.0641 0x0528  isapnp - ok
22:58:01.0664 0x0528  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:58:01.0675 0x0528  iScsiPrt - ok
22:58:01.0703 0x0528  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
22:58:01.0711 0x0528  ISCT - ok
22:58:01.0771 0x0528  [ 5215D12B13FC2BC7717AA4884846D34F, B97B8FFC6FB212398BF772C08B318411EA70B683B816906F30EF35DEB5B1C130 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
22:58:01.0788 0x0528  ISCTAgent - ok
22:58:01.0832 0x0528  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:58:01.0852 0x0528  iusb3hcs - ok
22:58:01.0881 0x0528  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:58:01.0911 0x0528  iusb3hub - ok
22:58:01.0942 0x0528  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:58:01.0965 0x0528  iusb3xhc - ok
22:58:02.0064 0x0528  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:58:02.0090 0x0528  jhi_service - ok
22:58:02.0130 0x0528  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:58:02.0148 0x0528  kbdclass - ok
22:58:02.0172 0x0528  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:58:02.0199 0x0528  kbdhid - ok
22:58:02.0212 0x0528  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] KeyIso          C:\Windows\system32\lsass.exe
22:58:02.0238 0x0528  KeyIso - ok
22:58:02.0267 0x0528  [ A405647429DE231CD954D93F792CFBA2, EDE6095A20FE10EB26B3018457A44807A120508E6C514F2EAC12F5BA1F74841E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:58:02.0284 0x0528  KSecDD - ok
22:58:02.0298 0x0528  [ E4DC0909B5EACB5BF50F6252095BCFF2, 18779648B7FD9D3DFFD8F314E2197962DF98884CC9F025BC5D884984C1C0759D ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:58:02.0316 0x0528  KSecPkg - ok
22:58:02.0319 0x0528  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:58:02.0346 0x0528  ksthunk - ok
22:58:02.0369 0x0528  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:58:02.0406 0x0528  KtmRm - ok
22:58:02.0432 0x0528  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:58:02.0465 0x0528  LanmanServer - ok
22:58:02.0493 0x0528  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:58:02.0560 0x0528  LanmanWorkstation - ok
22:58:02.0584 0x0528  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:58:02.0607 0x0528  lltdio - ok
22:58:02.0632 0x0528  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:58:02.0671 0x0528  lltdsvc - ok
22:58:02.0683 0x0528  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:58:02.0706 0x0528  lmhosts - ok
22:58:02.0728 0x0528  LMIGuardianSvc - ok
22:58:02.0752 0x0528  [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:58:02.0765 0x0528  LMS - ok
22:58:02.0799 0x0528  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:58:02.0816 0x0528  LSI_FC - ok
22:58:02.0830 0x0528  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:58:02.0838 0x0528  LSI_SAS - ok
22:58:02.0850 0x0528  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:58:02.0858 0x0528  LSI_SAS2 - ok
22:58:02.0879 0x0528  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:58:02.0888 0x0528  LSI_SCSI - ok
22:58:02.0904 0x0528  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:58:02.0935 0x0528  luafv - ok
22:58:02.0959 0x0528  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:58:02.0969 0x0528  Mcx2Svc - ok
22:58:02.0983 0x0528  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:58:02.0990 0x0528  megasas - ok
22:58:03.0019 0x0528  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:58:03.0030 0x0528  MegaSR - ok
22:58:03.0046 0x0528  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
22:58:03.0054 0x0528  MEIx64 - ok
22:58:03.0062 0x0528  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:58:03.0094 0x0528  MMCSS - ok
22:58:03.0116 0x0528  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:58:03.0139 0x0528  Modem - ok
22:58:03.0159 0x0528  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:58:03.0179 0x0528  monitor - ok
22:58:03.0191 0x0528  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:58:03.0199 0x0528  mouclass - ok
22:58:03.0207 0x0528  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:58:03.0222 0x0528  mouhid - ok
22:58:03.0265 0x0528  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:58:03.0272 0x0528  mountmgr - ok
22:58:03.0327 0x0528  [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:58:03.0342 0x0528  MozillaMaintenance - ok
22:58:03.0357 0x0528  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:58:03.0369 0x0528  mpio - ok
22:58:03.0386 0x0528  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:58:03.0411 0x0528  mpsdrv - ok
22:58:03.0435 0x0528  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:58:03.0471 0x0528  MpsSvc - ok
22:58:03.0502 0x0528  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:58:03.0512 0x0528  MRxDAV - ok
22:58:03.0533 0x0528  [ 43E1F4B0EFDC244D2A83995CCD7846F7, B8FB3CB6C736E20399AF3164197B14E977DDEC8FD164564501A328A8A3A30267 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:58:03.0551 0x0528  mrxsmb - ok
22:58:03.0574 0x0528  [ 62CEA59FF56B66154E08BD51D87392C2, 5DC63583E417659139FACD2365C2F8F3C9867E331F7374BD4F6C6E2386B5F746 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:58:03.0594 0x0528  mrxsmb10 - ok
22:58:03.0611 0x0528  [ 7D65B5E9573A26C204AA547457DBF544, CE88A733D031DEDBA6ADADB7D9911B3D151A2DDB566A65E0C9E1F07B1A4364AF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:58:03.0627 0x0528  mrxsmb20 - ok
22:58:03.0643 0x0528  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:58:03.0651 0x0528  msahci - ok
22:58:03.0666 0x0528  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:58:03.0675 0x0528  msdsm - ok
22:58:03.0692 0x0528  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:58:03.0704 0x0528  MSDTC - ok
22:58:03.0724 0x0528  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:58:03.0754 0x0528  Msfs - ok
22:58:03.0773 0x0528  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:58:03.0822 0x0528  mshidkmdf - ok
22:58:03.0829 0x0528  MSICDSetup - ok
22:58:03.0841 0x0528  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:58:03.0858 0x0528  msisadrv - ok
22:58:03.0883 0x0528  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:58:03.0919 0x0528  MSiSCSI - ok
22:58:03.0921 0x0528  msiserver - ok
22:58:03.0958 0x0528  [ 48EC03865CEE3EA81926789AA06F3A0D, BA0721DAA29BEB1D9EC1CD4D71CC2D294CEF1DFEF70AB699C921DF450828E081 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
22:58:03.0967 0x0528  MSI_SuperCharger - ok
22:58:03.0991 0x0528  [ A7EDADFB0AE38AE6F0488F0F2448D8B5, 7DC08FF24CC4E2071BF8E876976B22E810A8A407FADE403D119F75AD50088105 ] MSI_Trigger_Service C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
22:58:03.0997 0x0528  MSI_Trigger_Service - ok
22:58:04.0004 0x0528  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:58:04.0027 0x0528  MSKSSRV - ok
22:58:04.0031 0x0528  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:58:04.0053 0x0528  MSPCLOCK - ok
22:58:04.0061 0x0528  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:58:04.0084 0x0528  MSPQM - ok
22:58:04.0103 0x0528  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:58:04.0115 0x0528  MsRPC - ok
22:58:04.0128 0x0528  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:58:04.0135 0x0528  mssmbios - ok
22:58:04.0146 0x0528  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:58:04.0173 0x0528  MSTEE - ok
22:58:04.0189 0x0528  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:58:04.0196 0x0528  MTConfig - ok
22:58:04.0206 0x0528  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:58:04.0213 0x0528  Mup - ok
22:58:04.0244 0x0528  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:58:04.0282 0x0528  napagent - ok
22:58:04.0307 0x0528  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:58:04.0323 0x0528  NativeWifiP - ok
22:58:04.0387 0x0528  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:58:04.0418 0x0528  NDIS - ok
22:58:04.0434 0x0528  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:58:04.0456 0x0528  NdisCap - ok
22:58:04.0477 0x0528  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:58:04.0498 0x0528  NdisTapi - ok
22:58:04.0511 0x0528  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:58:04.0533 0x0528  Ndisuio - ok
22:58:04.0547 0x0528  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:58:04.0580 0x0528  NdisWan - ok
22:58:04.0596 0x0528  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:58:04.0618 0x0528  NDProxy - ok
22:58:04.0640 0x0528  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:58:04.0663 0x0528  NetBIOS - ok
22:58:04.0678 0x0528  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:58:04.0714 0x0528  NetBT - ok
22:58:04.0728 0x0528  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] Netlogon        C:\Windows\system32\lsass.exe
22:58:04.0735 0x0528  Netlogon - ok
22:58:04.0761 0x0528  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:58:04.0789 0x0528  Netman - ok
22:58:04.0814 0x0528  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:58:04.0825 0x0528  NetMsmqActivator - ok
22:58:04.0838 0x0528  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:58:04.0847 0x0528  NetPipeActivator - ok
22:58:04.0864 0x0528  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:58:04.0904 0x0528  netprofm - ok
22:58:04.0909 0x0528  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:58:04.0919 0x0528  NetTcpActivator - ok
22:58:04.0923 0x0528  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:58:04.0932 0x0528  NetTcpPortSharing - ok
22:58:04.0953 0x0528  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:58:04.0961 0x0528  nfrd960 - ok
22:58:04.0992 0x0528  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:58:05.0005 0x0528  NlaSvc - ok
22:58:05.0017 0x0528  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:58:05.0040 0x0528  Npfs - ok
22:58:05.0060 0x0528  npggsvc - ok
22:58:05.0068 0x0528  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:58:05.0091 0x0528  nsi - ok
22:58:05.0102 0x0528  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:58:05.0126 0x0528  nsiproxy - ok
22:58:05.0190 0x0528  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:58:05.0226 0x0528  Ntfs - ok
22:58:05.0273 0x0528  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
22:58:05.0279 0x0528  NTIOLib_1_0_3 - ok
22:58:05.0289 0x0528  NTIOLib_1_0_C - ok
22:58:05.0306 0x0528  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:58:05.0353 0x0528  Null - ok
22:58:05.0388 0x0528  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:58:05.0398 0x0528  NVHDA - ok
22:58:05.0646 0x0528  [ ED4D88A04D22E6B00DB6BC8FACDBAFED, 38DDB9B353D3A24DD8390C6FB58FD513B46F9F715BC7E68D0958E78EACC3D3FA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:58:05.0906 0x0528  nvlddmkm - ok
22:58:06.0014 0x0528  [ 0D8FD1F6DCD537D97D9072D04DFC56A7, DAB608E8AE3000B2B32DD9DCD621E44F9466D8CCAA15AAE31CC53CA747355C95 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
22:58:06.0050 0x0528  NvNetworkService - ok
22:58:06.0092 0x0528  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:58:06.0116 0x0528  nvraid - ok
22:58:06.0133 0x0528  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:58:06.0147 0x0528  nvstor - ok
22:58:06.0217 0x0528  [ B9B0A76E8AA23E7FF4645D64C0238CE2, F6D0AF1FA63285ADC984991ED989DB4EB0CED34520B3078CDD27F9C8CC02C737 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
22:58:06.0237 0x0528  NvStreamKms - ok
22:58:06.0402 0x0528  [ CFCEFB5EAB2B196A0E5E7F3D89FC13DE, FF7B031334A97F67546705B1385B6625D8BBA53E9FBB64E4A4C57DC363CDBDCF ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
22:58:06.0496 0x0528  NvStreamSvc - ok
22:58:06.0541 0x0528  [ B7CD89EFA562A991F2864EFD3147473A, D38BAE7883BC073562C3C77DF59663B820CFE8305A3319C6E5CF8E48752E18C1 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:58:06.0563 0x0528  nvsvc - ok
22:58:06.0572 0x0528  [ 4F00008B513F4019623ED61159363888, A1047FF1FCF3ED405C3426C8959AD10426F30E3F58E95BFD6ADF1DBC947AB379 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
22:58:06.0581 0x0528  nvvad_WaveExtensible - ok
22:58:06.0608 0x0528  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:58:06.0617 0x0528  nv_agp - ok
22:58:06.0624 0x0528  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:58:06.0635 0x0528  ohci1394 - ok
22:58:06.0749 0x0528  [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
22:58:06.0788 0x0528  Origin Client Service - ok
22:58:06.0819 0x0528  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:58:06.0827 0x0528  ose - ok
22:58:06.0997 0x0528  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:58:07.0133 0x0528  osppsvc - ok
22:58:07.0163 0x0528  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:58:07.0189 0x0528  p2pimsvc - ok
22:58:07.0216 0x0528  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:58:07.0237 0x0528  p2psvc - ok
22:58:07.0253 0x0528  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:58:07.0268 0x0528  Parport - ok
22:58:07.0282 0x0528  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:58:07.0292 0x0528  partmgr - ok
22:58:07.0338 0x0528  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:58:07.0370 0x0528  PcaSvc - ok
22:58:07.0388 0x0528  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:58:07.0402 0x0528  pci - ok
22:58:07.0424 0x0528  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:58:07.0431 0x0528  pciide - ok
22:58:07.0437 0x0528  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:58:07.0447 0x0528  pcmcia - ok
22:58:07.0463 0x0528  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:58:07.0471 0x0528  pcw - ok
22:58:07.0487 0x0528  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:58:07.0513 0x0528  PEAUTH - ok
22:58:07.0564 0x0528  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:58:07.0598 0x0528  PerfHost - ok
22:58:07.0648 0x0528  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:58:07.0696 0x0528  pla - ok
22:58:07.0727 0x0528  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:58:07.0741 0x0528  PlugPlay - ok
22:58:07.0807 0x0528  pmem - ok
22:58:07.0824 0x0528  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:58:07.0861 0x0528  PNRPAutoReg - ok
22:58:07.0885 0x0528  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:58:07.0905 0x0528  PNRPsvc - ok
22:58:07.0943 0x0528  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:58:07.0976 0x0528  PolicyAgent - ok
22:58:07.0994 0x0528  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:58:08.0018 0x0528  Power - ok
22:58:08.0041 0x0528  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:58:08.0063 0x0528  PptpMiniport - ok
22:58:08.0087 0x0528  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:58:08.0104 0x0528  Processor - ok
22:58:08.0132 0x0528  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:58:08.0153 0x0528  ProfSvc - ok
22:58:08.0179 0x0528  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:58:08.0210 0x0528  ProtectedStorage - ok
22:58:08.0239 0x0528  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:58:08.0276 0x0528  Psched - ok
22:58:08.0327 0x0528  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:58:08.0362 0x0528  ql2300 - ok
22:58:08.0380 0x0528  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:58:08.0389 0x0528  ql40xx - ok
22:58:08.0417 0x0528  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:58:08.0432 0x0528  QWAVE - ok
22:58:08.0446 0x0528  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:58:08.0475 0x0528  QWAVEdrv - ok
22:58:08.0492 0x0528  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:58:08.0522 0x0528  RasAcd - ok
22:58:08.0548 0x0528  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:58:08.0594 0x0528  RasAgileVpn - ok
22:58:08.0610 0x0528  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:58:08.0647 0x0528  RasAuto - ok
22:58:08.0661 0x0528  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:58:08.0685 0x0528  Rasl2tp - ok
22:58:08.0709 0x0528  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:58:08.0737 0x0528  RasMan - ok
22:58:08.0748 0x0528  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:58:08.0773 0x0528  RasPppoe - ok
22:58:08.0785 0x0528  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:58:08.0809 0x0528  RasSstp - ok
22:58:08.0820 0x0528  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:58:08.0847 0x0528  rdbss - ok
22:58:08.0859 0x0528  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:58:08.0868 0x0528  rdpbus - ok
22:58:08.0876 0x0528  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:58:08.0910 0x0528  RDPCDD - ok
22:58:08.0921 0x0528  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:58:08.0952 0x0528  RDPENCDD - ok
22:58:08.0966 0x0528  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:58:08.0998 0x0528  RDPREFMP - ok
22:58:09.0064 0x0528  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:58:09.0088 0x0528  RdpVideoMiniport - ok
22:58:09.0134 0x0528  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:58:09.0178 0x0528  RDPWD - ok
22:58:09.0197 0x0528  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:58:09.0212 0x0528  rdyboost - ok
22:58:09.0236 0x0528  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:58:09.0277 0x0528  RemoteAccess - ok
22:58:09.0302 0x0528  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:58:09.0328 0x0528  RemoteRegistry - ok
22:58:09.0342 0x0528  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:58:09.0365 0x0528  RpcEptMapper - ok
22:58:09.0390 0x0528  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:58:09.0406 0x0528  RpcLocator - ok
22:58:09.0431 0x0528  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:58:09.0465 0x0528  RpcSs - ok
22:58:09.0473 0x0528  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:58:09.0495 0x0528  rspndr - ok
22:58:09.0532 0x0528  [ 130DD683DCC902F47A4AC35201D07E2F, A1E7082D93C170CF5855007B26F96E8F8183B15126D34A9DB16CBF190BD8EF53 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:58:09.0554 0x0528  RTL8167 - ok
22:58:09.0562 0x0528  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] SamSs           C:\Windows\system32\lsass.exe
22:58:09.0570 0x0528  SamSs - ok
22:58:09.0586 0x0528  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:58:09.0595 0x0528  sbp2port - ok
22:58:09.0611 0x0528  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:58:09.0649 0x0528  SCardSvr - ok
22:58:09.0657 0x0528  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:58:09.0689 0x0528  scfilter - ok
22:58:09.0729 0x0528  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
22:58:09.0757 0x0528  Schedule - ok
22:58:09.0781 0x0528  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:58:09.0803 0x0528  SCPolicySvc - ok
22:58:09.0821 0x0528  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:58:09.0832 0x0528  SDRSVC - ok
22:58:10.0004 0x0528  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:58:10.0043 0x0528  SDScannerService - ok
22:58:10.0132 0x0528  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:58:10.0171 0x0528  SDUpdateService - ok
22:58:10.0189 0x0528  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:58:10.0197 0x0528  SDWSCService - ok
22:58:10.0215 0x0528  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:58:10.0233 0x0528  secdrv - ok
22:58:10.0239 0x0528  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:58:10.0261 0x0528  seclogon - ok
22:58:10.0278 0x0528  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:58:10.0308 0x0528  SENS - ok
22:58:10.0332 0x0528  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:58:10.0347 0x0528  SensrSvc - ok
22:58:10.0371 0x0528  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:58:10.0386 0x0528  Serenum - ok
22:58:10.0411 0x0528  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:58:10.0426 0x0528  Serial - ok
22:58:10.0453 0x0528  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:58:10.0485 0x0528  sermouse - ok
22:58:10.0517 0x0528  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:58:10.0630 0x0528  SessionEnv - ok
22:58:10.0665 0x0528  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:58:10.0718 0x0528  sffdisk - ok
22:58:10.0740 0x0528  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:58:10.0752 0x0528  sffp_mmc - ok
22:58:10.0760 0x0528  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:58:10.0770 0x0528  sffp_sd - ok
22:58:10.0781 0x0528  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:58:10.0790 0x0528  sfloppy - ok
22:58:10.0866 0x0528  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:58:10.0894 0x0528  Sftfs - ok
22:58:10.0980 0x0528  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:58:11.0004 0x0528  sftlist - ok
22:58:11.0020 0x0528  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:58:11.0031 0x0528  Sftplay - ok
22:58:11.0044 0x0528  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:58:11.0053 0x0528  Sftredir - ok
22:58:11.0064 0x0528  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:58:11.0074 0x0528  Sftvol - ok
22:58:11.0083 0x0528  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:58:11.0095 0x0528  sftvsa - ok
22:58:11.0123 0x0528  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:58:11.0154 0x0528  SharedAccess - ok
22:58:11.0170 0x0528  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:58:11.0198 0x0528  ShellHWDetection - ok
22:58:11.0219 0x0528  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:58:11.0226 0x0528  SiSRaid2 - ok
22:58:11.0237 0x0528  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:58:11.0245 0x0528  SiSRaid4 - ok
22:58:11.0324 0x0528  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:58:11.0353 0x0528  SkypeUpdate - ok
22:58:11.0378 0x0528  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:58:11.0409 0x0528  Smb - ok
22:58:11.0432 0x0528  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:58:11.0441 0x0528  SNMPTRAP - ok
22:58:11.0452 0x0528  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:58:11.0460 0x0528  spldr - ok
22:58:11.0488 0x0528  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:58:11.0507 0x0528  Spooler - ok
22:58:11.0583 0x0528  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:58:11.0703 0x0528  sppsvc - ok
22:58:11.0730 0x0528  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:58:11.0754 0x0528  sppuinotify - ok
22:58:11.0783 0x0528  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:58:11.0810 0x0528  srv - ok
22:58:11.0827 0x0528  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:58:11.0850 0x0528  srv2 - ok
22:58:11.0864 0x0528  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:58:11.0884 0x0528  srvnet - ok
22:58:11.0910 0x0528  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:58:11.0935 0x0528  SSDPSRV - ok
22:58:11.0944 0x0528  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:58:11.0967 0x0528  SstpSvc - ok
22:58:12.0041 0x0528  [ 2A6EDC2FBB4B9C11BB21BE3881C7A692, 74482CA4EC2B98C069A32C224BA5449AE10A8B41BFC053A4C23B6F65113A97A4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:58:12.0065 0x0528  Steam Client Service - ok
22:58:12.0176 0x0528  [ E7AF8F82C69A5E9B2CC46633BCBBAAEE, D7FC81DB72A1A96219335AFF861ADD82BEC115CBCB70C6765058E1D76702403C ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:58:12.0216 0x0528  Stereo Service - ok
22:58:12.0238 0x0528  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:58:12.0248 0x0528  stexstor - ok
22:58:12.0286 0x0528  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:58:12.0318 0x0528  stisvc - ok
22:58:12.0330 0x0528  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:58:12.0338 0x0528  swenum - ok
22:58:12.0352 0x0528  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:58:12.0384 0x0528  swprv - ok
22:58:12.0466 0x0528  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
22:58:12.0506 0x0528  SysMain - ok
22:58:12.0526 0x0528  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:58:12.0538 0x0528  TabletInputService - ok
22:58:12.0583 0x0528  [ BCF5E78E87D258088346E399E406E501, FD75AC5A7085E08AB00A2D0CE01970873598E381B6542DC5EBAC240D727AF6D7 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
22:58:12.0591 0x0528  taphss6 - ok
22:58:12.0604 0x0528  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:58:12.0631 0x0528  TapiSrv - ok
22:58:12.0641 0x0528  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:58:12.0670 0x0528  TBS - ok
22:58:12.0727 0x0528  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:58:12.0768 0x0528  Tcpip - ok
22:58:12.0813 0x0528  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:58:12.0849 0x0528  TCPIP6 - ok
22:58:12.0876 0x0528  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:58:12.0904 0x0528  tcpipreg - ok
22:58:12.0928 0x0528  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:58:12.0940 0x0528  TDPIPE - ok
22:58:12.0967 0x0528  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:58:12.0978 0x0528  TDTCP - ok
22:58:13.0012 0x0528  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:58:13.0033 0x0528  tdx - ok
22:58:13.0047 0x0528  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:58:13.0058 0x0528  TermDD - ok
22:58:13.0103 0x0528  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
22:58:13.0138 0x0528  TermService - ok
22:58:13.0156 0x0528  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:58:13.0188 0x0528  Themes - ok
22:58:13.0207 0x0528  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:58:13.0244 0x0528  THREADORDER - ok
22:58:13.0253 0x0528  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:58:13.0277 0x0528  TrkWks - ok
22:58:13.0325 0x0528  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:58:13.0370 0x0528  TrustedInstaller - ok
22:58:13.0402 0x0528  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:58:13.0437 0x0528  tssecsrv - ok
22:58:13.0471 0x0528  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:58:13.0490 0x0528  TsUsbFlt - ok
22:58:13.0506 0x0528  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:58:13.0516 0x0528  TsUsbGD - ok
22:58:13.0534 0x0528  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:58:13.0565 0x0528  tunnel - ok
22:58:13.0576 0x0528  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:58:13.0584 0x0528  uagp35 - ok
22:58:13.0602 0x0528  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:58:13.0638 0x0528  udfs - ok
22:58:13.0652 0x0528  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:58:13.0663 0x0528  UI0Detect - ok
22:58:13.0681 0x0528  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:58:13.0688 0x0528  uliagpkx - ok
22:58:13.0705 0x0528  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:58:13.0713 0x0528  umbus - ok
22:58:13.0727 0x0528  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:58:13.0742 0x0528  UmPass - ok
22:58:13.0761 0x0528  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:58:13.0800 0x0528  upnphost - ok
22:58:13.0825 0x0528  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:58:13.0856 0x0528  usbaudio - ok
22:58:13.0894 0x0528  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:58:13.0923 0x0528  usbccgp - ok
22:58:13.0943 0x0528  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:58:13.0955 0x0528  usbcir - ok
22:58:13.0980 0x0528  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:58:14.0004 0x0528  usbehci - ok
22:58:14.0032 0x0528  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:58:14.0052 0x0528  usbhub - ok
22:58:14.0069 0x0528  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:58:14.0082 0x0528  usbohci - ok
22:58:14.0227 0x0528  [ A3FD7E087957D765DF5575EF10AE0E96, 47A03B460A119ABC64D651588003279E4DC9FA2C4FCF10C899EBD13479F11DF7 ] USBPNPA         C:\Windows\system32\drivers\CM10864.sys
22:58:14.0356 0x0528  USBPNPA - ok
22:58:14.0374 0x0528  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:58:14.0384 0x0528  usbprint - ok
22:58:14.0403 0x0528  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:58:14.0437 0x0528  USBSTOR - ok
22:58:14.0452 0x0528  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:58:14.0461 0x0528  usbuhci - ok
22:58:14.0484 0x0528  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:58:14.0534 0x0528  UxSms - ok
22:58:14.0547 0x0528  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] VaultSvc        C:\Windows\system32\lsass.exe
22:58:14.0568 0x0528  VaultSvc - ok
22:58:14.0579 0x0528  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:58:14.0586 0x0528  vdrvroot - ok
22:58:14.0611 0x0528  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:58:14.0644 0x0528  vds - ok
22:58:14.0660 0x0528  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:58:14.0669 0x0528  vga - ok
22:58:14.0683 0x0528  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:58:14.0717 0x0528  VgaSave - ok
22:58:14.0736 0x0528  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:58:14.0745 0x0528  vhdmp - ok
22:58:14.0764 0x0528  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:58:14.0771 0x0528  viaide - ok
22:58:14.0799 0x0528  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:58:14.0807 0x0528  volmgr - ok
22:58:14.0819 0x0528  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:58:14.0832 0x0528  volmgrx - ok
22:58:14.0840 0x0528  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:58:14.0852 0x0528  volsnap - ok
22:58:14.0857 0x0528  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:58:14.0867 0x0528  vsmraid - ok
22:58:14.0901 0x0528  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:58:14.0986 0x0528  VSS - ok
22:58:15.0003 0x0528  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:58:15.0014 0x0528  vwifibus - ok
22:58:15.0040 0x0528  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:58:15.0077 0x0528  W32Time - ok
22:58:15.0091 0x0528  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:58:15.0108 0x0528  WacomPen - ok
22:58:15.0123 0x0528  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:58:15.0152 0x0528  WANARP - ok
22:58:15.0156 0x0528  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:58:15.0181 0x0528  Wanarpv6 - ok
22:58:15.0217 0x0528  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:58:15.0259 0x0528  wbengine - ok
22:58:15.0274 0x0528  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:58:15.0288 0x0528  WbioSrvc - ok
22:58:15.0310 0x0528  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:58:15.0328 0x0528  wcncsvc - ok
22:58:15.0337 0x0528  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:58:15.0346 0x0528  WcsPlugInService - ok
22:58:15.0360 0x0528  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:58:15.0367 0x0528  Wd - ok
22:58:15.0402 0x0528  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:58:15.0424 0x0528  Wdf01000 - ok
22:58:15.0452 0x0528  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:58:15.0461 0x0528  WdiServiceHost - ok
22:58:15.0464 0x0528  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:58:15.0474 0x0528  WdiSystemHost - ok
22:58:15.0508 0x0528  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
22:58:15.0521 0x0528  WebClient - ok
22:58:15.0536 0x0528  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:58:15.0573 0x0528  Wecsvc - ok
22:58:15.0590 0x0528  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:58:15.0614 0x0528  wercplsupport - ok
22:58:15.0635 0x0528  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:58:15.0671 0x0528  WerSvc - ok
22:58:15.0688 0x0528  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:58:15.0710 0x0528  WfpLwf - ok
22:58:15.0722 0x0528  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:58:15.0729 0x0528  WIMMount - ok
22:58:15.0792 0x0528  WinDefend - ok
22:58:15.0815 0x0528  WinHttpAutoProxySvc - ok
22:58:15.0872 0x0528  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:58:15.0915 0x0528  Winmgmt - ok
22:58:15.0976 0x0528  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
22:58:16.0025 0x0528  WinRM - ok
22:58:16.0080 0x0528  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:58:16.0107 0x0528  WinUsb - ok
22:58:16.0145 0x0528  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:58:16.0188 0x0528  Wlansvc - ok
22:58:16.0307 0x0528  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:58:16.0349 0x0528  wlidsvc - ok
22:58:16.0363 0x0528  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:58:16.0381 0x0528  WmiAcpi - ok
22:58:16.0405 0x0528  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:58:16.0417 0x0528  wmiApSrv - ok
22:58:16.0427 0x0528  WMPNetworkSvc - ok
22:58:16.0438 0x0528  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:58:16.0454 0x0528  WPCSvc - ok
22:58:16.0468 0x0528  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:58:16.0479 0x0528  WPDBusEnum - ok
22:58:16.0492 0x0528  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:58:16.0514 0x0528  ws2ifsl - ok
22:58:16.0530 0x0528  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:58:16.0542 0x0528  wscsvc - ok
22:58:16.0545 0x0528  WSearch - ok
22:58:16.0607 0x0528  [ 39D604E190DFE2E483B637D6796ABAFF, 52DCCEA0DB59F00C615D94CC2B70FC1C335E553E8FC79AAC8C8C7D9EE1F6111D ] wuauserv        C:\Windows\system32\wuaueng.dll
22:58:16.0687 0x0528  wuauserv - ok
22:58:16.0714 0x0528  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:58:16.0736 0x0528  WudfPf - ok
22:58:16.0767 0x0528  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:58:16.0778 0x0528  WUDFRd - ok
22:58:16.0798 0x0528  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:58:16.0809 0x0528  wudfsvc - ok
22:58:16.0830 0x0528  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:58:16.0842 0x0528  WwanSvc - ok
22:58:16.0856 0x0528  ================ Scan global ===============================
22:58:16.0891 0x0528  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
22:58:16.0914 0x0528  [ 8927015C999D55D9B4AC66000EE5343D, 2AC4896880BAD44192822063A31785F4A716D992201B3E6A590A2D75D9729A4A ] C:\Windows\system32\winsrv.dll
22:58:16.0930 0x0528  [ 8927015C999D55D9B4AC66000EE5343D, 2AC4896880BAD44192822063A31785F4A716D992201B3E6A590A2D75D9729A4A ] C:\Windows\system32\winsrv.dll
22:58:16.0954 0x0528  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:58:17.0006 0x0528  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:58:17.0018 0x0528  [ Global ] - ok
22:58:17.0019 0x0528  ================ Scan MBR ==================================
22:58:17.0030 0x0528  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:58:17.0234 0x0528  \Device\Harddisk0\DR0 - ok
22:58:17.0234 0x0528  ================ Scan VBR ==================================
22:58:17.0235 0x0528  [ 72590CC460A64C946182DDC2E1D580A9 ] \Device\Harddisk0\DR0\Partition1
22:58:17.0268 0x0528  \Device\Harddisk0\DR0\Partition1 - ok
22:58:17.0273 0x0528  [ 0AA8DBF8C5862B059557D162BEE681AC ] \Device\Harddisk0\DR0\Partition2
22:58:17.0314 0x0528  \Device\Harddisk0\DR0\Partition2 - ok
22:58:17.0315 0x0528  ================ Scan generic autorun ======================
22:58:17.0532 0x0528  [ E16C98951AF108CB5178A7BD2DD13660, 9A85D0CD2339A89C06EE476CD1394A15198F167318280D80BF32AD3615D8660B ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
22:58:17.0648 0x0528  RTHDVCPL - ok
22:58:17.0726 0x0528  [ 0FD818A72C3602A8FCFD5189F1FE094C, D3D74DD361E4728B0EDA3B49F746ED6D1D22BDDDEF4739DFA97AB61ECAA3727A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
22:58:17.0772 0x0528  NvBackend - ok
22:58:17.0785 0x0528  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
22:58:17.0803 0x0528  ShadowPlay - ok
22:58:17.0862 0x0528  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\syswow64\RunDll32.exe
22:58:17.0887 0x0528  Cm108Sound - ok
22:58:17.0958 0x0528  [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
22:58:17.0986 0x0528  USB3MON - ok
22:58:18.0023 0x0528  [ D80F3A9CD8CFFB2579338933749553B4, 3C65BB468012075389DFC6D7B365F63A769A30D22B6026B89C04165F3097FE0F ] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
22:58:18.0043 0x0528  Super-Charger - ok
22:58:18.0087 0x0528  [ 27F8A7A78773427E5D931628F89D6839, 61A312590322109BEA9EA70345E6FB40435D9BACE2B9CFF3ADF68C7B3D6FA163 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
22:58:18.0107 0x0528  avgnt - ok
22:58:18.0156 0x0528  [ F5060B034D37EA26D325A4319806E202, D43ACE85421DB29A6B6E8080D838152AB3858F83C2B373731945460E217C7D9F ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
22:58:18.0165 0x0528  Avira SystrayStartTrigger - ok
22:58:18.0188 0x0528  [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:58:18.0202 0x0528  SunJavaUpdateSched - ok
22:58:18.0384 0x0528  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
22:58:18.0453 0x0528  SDTray - ok
22:58:18.0539 0x0528  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:58:18.0569 0x0528  Sidebar - ok
22:58:18.0596 0x0528  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:58:18.0609 0x0528  mctadmin - ok
22:58:18.0630 0x0528  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:58:18.0660 0x0528  Sidebar - ok
22:58:18.0664 0x0528  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:58:18.0676 0x0528  mctadmin - ok
22:58:18.0891 0x0528  [ 5721B5C4CBEBBD0C85AE311366783386, C2A780D6F49A0F75CF53C6A032BC9C4494D6F0FB5A0B767845AE5052179C7C40 ] C:\Users\Agando\AppData\Local\Akamai\netsession_win.exe
22:58:18.0971 0x0528  Akamai NetSession Interface - ok
22:58:18.0990 0x0528  EA Core - ok
22:58:19.0085 0x0528  [ F34001FB7E4EA94D404339CD8B15D84C, 7E76FD43729CE6B6F29C2ED4F6B41BE3232390D9E6224F65AB506C0846BB557D ] C:\Users\Agando\AppData\Roaming\Spotify\SpotifyWebHelper.exe
22:58:19.0122 0x0528  Spotify Web Helper - ok
22:58:19.0267 0x0528  [ B0E08F135E64D4D9BE120E7236617875, B2DF285CD6A5C646614BBDA3655764DB67CA2F90F8B423484B15D095D70F099D ] C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe
22:58:19.0364 0x0528  Amazon Music - ok
22:58:19.0509 0x0528  [ 86BF17A265E1B4BA41325623EC132E66, 4414B5F01A78B76BFC1A7C39F595645A09E674FA6DE7991F31BA6673EEB23F9E ] C:\Program Files (x86)\Steam\steam.exe
22:58:19.0558 0x0528  Steam - ok
22:58:19.0612 0x0528  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
22:58:19.0634 0x0528  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
22:58:21.0978 0x0528  Detect skipped due to KSN trusted
22:58:21.0978 0x0528  SpybotPostWindows10UpgradeReInstall - ok
22:58:21.0979 0x0528  Waiting for KSN requests completion. In queue: 304
22:58:22.0979 0x0528  Waiting for KSN requests completion. In queue: 304
22:58:23.0979 0x0528  Waiting for KSN requests completion. In queue: 304
22:58:25.0074 0x0528  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.420 ), 0x40000 ( disabled : updated )
22:58:25.0124 0x0528  Win FW state via NFP2: enabled ( trusted )
22:58:27.0525 0x0528  ============================================================
22:58:27.0525 0x0528  Scan finished
22:58:27.0525 0x0528  ============================================================
22:58:27.0538 0x050c  Detected object count: 0
22:58:27.0538 0x050c  Actual detected object count: 0
         

Alt 12.09.2015, 13:52   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2015, 15:52   #9
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Logs von Combofix



Combofix Logfile:
Code:
ATTFilter
ComboFix 15-09-07.01 - Agando 12.09.2015  16:33:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4040.2085 [GMT 2:00]
ausgeführt von:: c:\users\Agando\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Agando\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\trovi-search.xml
c:\users\Agando\AppData\Roaming\svcost
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-08-12 bis 2015-09-12  ))))))))))))))))))))))))))))))
.
.
2015-09-12 14:39 . 2015-09-12 14:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-09-11 19:50 . 2015-09-11 19:50	--------	d-----w-	c:\programdata\Malwarebytes
2015-09-11 19:49 . 2015-09-12 10:12	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-09-11 19:49 . 2015-09-11 19:49	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-11 19:47 . 2015-09-11 19:48	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-09-11 16:18 . 2015-09-11 16:18	--------	d-----w-	c:\program files\Common Files\AV
2015-09-11 16:12 . 2013-09-20 08:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-09-11 16:12 . 2015-09-11 19:08	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-09-11 16:12 . 2015-09-11 16:27	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-09-11 07:23 . 2015-07-31 09:21	11745192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B39C1CEC-5416-4F2E-98B3-FCF398049FF0}\mpengine.dll
2015-09-10 21:06 . 2015-09-10 21:06	--------	dc----w-	C:\AdwCleaner
2015-09-10 19:41 . 2015-09-11 16:00	--------	d-----w-	c:\users\Agando\AppData\Roaming\ZtnbTaR
2015-09-10 19:38 . 2015-09-10 19:38	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2015-09-10 18:21 . 2015-09-10 18:21	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-09-10 18:21 . 2015-09-10 18:21	--------	d-----w-	c:\users\Agando\.oracle_jre_usage
2015-09-09 06:57 . 2015-08-05 17:56	169984	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2015-09-09 06:53 . 2015-07-23 00:02	1390592	----a-w-	c:\windows\system32\diagtrack.dll
2015-09-09 06:52 . 2015-06-25 10:06	115136	----a-w-	c:\windows\system32\consent.exe
2015-09-09 06:52 . 2015-06-25 10:01	1941504	----a-w-	c:\windows\system32\authui.dll
2015-09-09 06:52 . 2015-06-25 10:01	70656	----a-w-	c:\windows\system32\appinfo.dll
2015-09-09 06:52 . 2015-06-25 09:44	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2015-09-09 06:52 . 2015-08-27 18:18	2004480	----a-w-	c:\windows\system32\msxml6.dll
2015-09-09 06:52 . 2015-08-27 18:18	1887232	----a-w-	c:\windows\system32\msxml3.dll
2015-09-09 06:52 . 2015-08-27 18:13	2048	----a-w-	c:\windows\system32\msxml6r.dll
2015-09-09 06:52 . 2015-08-27 18:13	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-09-09 06:52 . 2015-08-27 17:58	1391104	----a-w-	c:\windows\SysWow64\msxml6.dll
2015-09-09 06:52 . 2015-08-27 17:58	1241088	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-09-09 06:52 . 2015-08-27 17:51	2048	----a-w-	c:\windows\SysWow64\msxml6r.dll
2015-09-09 06:52 . 2015-08-27 17:51	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-09-08 09:33 . 2015-09-08 09:33	--------	d-----w-	c:\users\Agando\AppData\Local\Disc_Soft_Ltd
2015-09-08 08:55 . 2015-09-08 08:55	30264	----a-w-	c:\windows\system32\drivers\dtlitescsibus.sys
2015-09-08 08:55 . 2015-09-08 09:19	--------	d-----w-	c:\users\Agando\AppData\Roaming\DAEMON Tools Lite
2015-09-08 08:55 . 2015-09-08 08:55	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2015-08-29 15:11 . 2015-08-29 15:11	--------	d-----w-	c:\users\Agando\AppData\Local\FalloutNV
2015-08-23 18:29 . 2015-08-23 18:29	--------	d-----w-	c:\users\Agando\AppData\Local\Daybreak Game Company
2015-08-20 22:29 . 2015-08-23 20:07	--------	d-----w-	c:\users\Agando\AppData\Local\Ubisoft Game Launcher
2015-08-20 22:29 . 2015-08-20 22:29	--------	d-----w-	c:\program files (x86)\Ubisoft
2015-08-19 17:25 . 2013-04-26 11:05	4533760	------w-	c:\windows\system32\CM108.cpl
2015-08-19 17:25 . 2013-04-26 10:40	143360	------w-	c:\windows\Vmix108.dll
2015-08-19 17:25 . 2013-04-26 11:05	12935168	------w-	c:\windows\SysWow64\CM108.dll
2015-08-19 17:25 . 2013-04-26 10:40	200704	------w-	c:\windows\SysWow64\cmpa108.dll
2015-08-19 17:25 . 2013-04-26 10:40	820224	------w-	c:\windows\system32\Cmeau108.exe
2015-08-19 17:24 . 2013-04-26 11:04	4326912	----a-w-	c:\windows\system32\drivers\CM10864.sys
2015-08-19 17:24 . 2013-04-26 10:40	315392	----a-w-	c:\windows\system\fltr108.dll
2015-08-19 17:24 . 2013-04-26 10:40	359424	------w-	c:\windows\system32\CmiInstallResAll64.dll
2015-08-19 17:24 . 2013-04-26 10:40	524768	----a-r-	c:\windows\difxapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-10 18:20 . 2014-11-05 10:57	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-27 03:15 . 2014-04-02 15:34	162528	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-08-27 03:15 . 2014-04-02 15:34	141416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-08-26 16:37 . 2014-04-06 16:44	134753440	----a-w-	c:\windows\system32\MRT.exe
2015-08-11 18:29 . 2014-04-05 19:05	778440	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-11 18:29 . 2014-04-05 19:05	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06 . 2015-08-11 17:54	1180160	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-11 17:54	1648128	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-11 17:54	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-11 17:54	1251328	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-11 17:54	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-11 18:44	103120	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-11 18:44	124624	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-11 17:55	17344	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-11 17:55	774656	----a-w-	c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-11 17:55	743424	----a-w-	c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-11 17:55	437760	----a-w-	c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-11 17:55	1116672	----a-w-	c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-11 17:55	69120	----a-w-	c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-11 17:55	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-11 17:55	1148416	----a-w-	c:\windows\system32\aeinv.dll
2015-07-27 14:09 . 2015-07-27 14:09	0	----a-w-	c:\windows\SysWow64\sho438.tmp
2015-07-22 17:53 . 2015-09-09 06:53	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-07-16 19:12 . 2015-08-11 17:55	856064	----a-w-	c:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-11 17:55	53248	----a-w-	c:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12 . 2015-08-11 17:55	6131200	----a-w-	c:\windows\SysWow64\mstscax.dll
2015-07-16 19:11 . 2015-08-11 17:55	62976	----a-w-	c:\windows\system32\tsgqec.dll
2015-07-16 19:11 . 2015-08-11 17:55	7077376	----a-w-	c:\windows\system32\mstscax.dll
2015-07-16 19:11 . 2015-08-11 17:55	1057792	----a-w-	c:\windows\system32\rdvidcrl.dll
2015-07-15 18:15 . 2015-08-11 17:55	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-11 17:55	1743360	----a-w-	c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-11 17:55	11264	----a-w-	c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-11 17:54	52736	----a-w-	c:\windows\system32\basesrv.dll
2015-07-14 19:06 . 2014-04-02 15:32	1423120	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-07-14 19:06 . 2014-06-02 21:48	1316184	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-07-14 19:05 . 2014-06-02 21:48	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-07-14 19:05 . 2014-04-02 15:32	1710056	----a-w-	c:\windows\system32\nvspcap64.dll
2015-07-11 13:15 . 2015-08-11 17:55	429568	----a-w-	c:\windows\system32\wksprt.exe
2015-07-10 17:51 . 2015-08-11 17:53	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-07-09 17:57 . 2015-08-11 17:53	193536	----a-w-	c:\windows\system32\notepad.exe
2015-07-09 17:57 . 2015-08-11 17:53	193536	----a-w-	c:\windows\notepad.exe
2015-07-09 17:42 . 2015-08-11 17:53	179712	----a-w-	c:\windows\SysWow64\notepad.exe
2015-07-04 18:07 . 2015-07-15 09:15	2087424	----a-w-	c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 09:15	1414656	----a-w-	c:\windows\SysWow64\ole32.dll
2015-07-03 04:28 . 2015-07-20 07:36	47976	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2015-07-03 04:28 . 2014-04-02 15:30	69992	----a-w-	c:\windows\system32\nvaudcap64v.dll
2015-07-03 04:28 . 2015-07-20 07:36	65896	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2015-07-01 20:49 . 2015-08-11 17:54	260096	----a-w-	c:\windows\system32\WebClnt.dll
2015-07-01 20:48 . 2015-08-11 17:54	102912	----a-w-	c:\windows\system32\davclnt.dll
2015-07-01 20:30 . 2015-08-11 17:54	206848	----a-w-	c:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30 . 2015-08-11 17:54	82432	----a-w-	c:\windows\SysWow64\davclnt.dll
2015-06-24 17:54 . 2015-06-24 17:54	0	----a-w-	c:\windows\SysWow64\shoC334.tmp
2015-06-23 11:30 . 2010-11-21 03:27	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 09:25	404992	----a-w-	c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 09:25	312320	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-06-15 21:45 . 2015-07-15 09:14	504320	----a-w-	c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 09:14	3242496	----a-w-	c:\windows\system32\msi.dll
2015-06-15 21:44 . 2015-07-15 09:14	128000	----a-w-	c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 09:14	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 09:14	2364416	----a-w-	c:\windows\SysWow64\msi.dll
2015-06-15 21:42 . 2015-07-15 09:14	73216	----a-w-	c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 09:14	25088	----a-w-	c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 09:14	25088	----a-w-	c:\windows\SysWow64\msimsg.dll
2015-06-15 18:41 . 2014-10-13 13:38	238376	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Agando\AppData\Local\Akamai\netsession_win.exe" [2015-07-23 4691384]
"Spotify Web Helper"="c:\users\Agando\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-09-02 2018360]
"Amazon Music"="c:\users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-07-21 5887808]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-08-19 2899136]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-09-09 490480]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-27 782008]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-08-13 66936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISCTSystray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-8-1 5545448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBPNPA;SADES 7.1 SOUND EFFECT GAMING HEADSET Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-03 19:45	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-05 18:29]
.
2015-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07 19:38]
.
2015-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07 19:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23	775496	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23	775496	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23	775496	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-09-05 7199448]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-14 2631824]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-07-14 1710056]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2013-04-26 12935168]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1 - c:\program files (x86)\DayZLauncher\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,df,6f,d4,2c,15,e8,63,bc,d2,bd,de,60,55,52,14,dc,bc,79,9b,4d,
   7c,89,b0,cb,ac,49,52,bf,7a,b6,0f,ea,e3,c0,ba,a9,96,cb,00,a1,12,ba,3c,10,cf,\
"rkeysecu"=hex:31,9e,d9,d1,5f,00,2d,ab,91,6e,1b,72,c5,78,48,4b
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-09-12  16:48:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-09-12 14:48
.
Vor Suchlauf: 19 Verzeichnis(se), 560.048.730.112 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 560.248.782.848 Bytes frei
.
- - End Of File - - 9A21A803BEEA302ECF9FE2397E2CB7F6
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]

Alt 13.09.2015, 09:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.09.2015, 14:15   #11
Sworn
 
Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Logs von Antimalwarebytes



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 13.09.2015
Suchlaufzeit: 13:21
Protokolldatei: Antimalwarebytes.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.13.01
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Agando

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372595
Abgelaufene Zeit: 15 Min., 39 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.WebSearch, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [13522d02adde44f2d2bb516eda2a11ef], 
PUP.Optional.WebSearches.ShrtCln, HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\SOFTWARE\SupHpUISoft, In Quarantäne, [164f33fc523951e555d9bf7a5aa9f20e], 
PUP.Optional.BlockAndSurf, HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [c4a19e917c0f3bfb5f21067beb1929d7], 

Registrierungswerte: 1
PUP.Optional.FastStart, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\extensions\faststartff@gmail.com, In Quarantäne, [b9acf13e9deecd69fc0f90027292aa56]

Registrierungsdaten: 3
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[b3b2dd522f5c53e33767aabe966f4cb4]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[6ff684ababe02214c3db3e2af90c8a76]
PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9PzptTu3U64PB1tRMoyLP8I4VpSyUZvklsTKGNuW1CH1gOr4iY9yuZOsl0nQKlsOYL1MCDPl6egEdCzhnTLD7M2dh49BLTIZJTafjGvkJPwtHGeSvtNtDqI5p3biNZ&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo9PzptTu3U64PB1tRMoyLP8I4VpSyUZvklsTKGNuW1CH1gOr4iY9yuZOsl0nQKlsOYL1MCDPl6egEdCzhnTLD7M2dh49BLTIZJTafjGvkJPwtHGeSvtNtDqI5p3biNZ&q={searchTerms}),Ersetzt,[0c591a15018aa59152e4610ba95c14ec]

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 5
PUP.Optional.WebInstr, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, In Quarantäne, [f96c62cd296242f44ed33d8229db956b], 
PUP.Optional.WebSearch, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [83e2eb44583358de790c7b44dc289d63], 
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi, In Quarantäne, [590ced42fb9082b4bb1ef6caa75d8d73], 
PUP.Optional.WinYahoo, C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html");), Ersetzt,[5d0887a805862d09ed2eb5eec63f936d]
PUP.Optional.FastStart, C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\prefs.js, Gut: (), Schlecht: (faststartff@gmail.com), Ersetzt,[ea7b4ee10d7e56e0c11e634540c5c63a]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.007 - Bericht erstellt am 13/09/2015 um 14:57:56
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-10.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Agando - STEFFEN
# Gestartet von : C:\Users\Agando\Desktop\AdwCleaner_5.007.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\ProgramData\MailUpdate
[-] Ordner Gelöscht : C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[-] Ordner Gelöscht : C:\Users\Agando\AppData\Local\YSearchUtil
[-] Ordner Gelöscht : C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Ordner Gelöscht : C:\Users\Agando\AppData\Roaming\337Games
[-] Ordner Gelöscht : C:\Users\Agando\AppData\Roaming\RHEng
[-] Ordner Gelöscht : C:\Users\Agando\AppData\Roaming\MailUpdate
[-] Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] Datei Gelöscht : C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\invalidprefs.js

***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Softonic
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Internetbrowser ] *****

[-] [C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : npdicihegicnhaangkdmcgbjceoemeoo

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3540 Bytes] ##########
         
--- --- ---

Code:
ATTFilter
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 7 Home Premium x64
Ran by Agando on 13.09.2015 at 15:04:02,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\sho147F.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho41C9.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho438.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho45D1.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho56DD.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoA277.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoABEE.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoC334.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoDB1C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoDF0A.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoEED1.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ FireFox

Successfully deleted the following from C:\Users\Agando\AppData\Roaming\mozilla\firefox\profiles\jiikxrx7.default\prefs.js

user_pref(browser.search.selectedEngine, webssearches);
user_pref(extensions.toolbar.mindspark._e5Members_.BUTTON_STRUCTURE, [{\b\:224509940,\c\:\mindspark.magnify\,\p\:\L.0\},{\b\:224509941,\c\:\mindspark.enterse
user_pref(extensions.toolbar.mindspark._e5Members_.browser.version.last, 40.0);
user_pref(extensions.toolbar.mindspark._e5Members_.firstKnownVersion, 7.18.8.3921);
user_pref(extensions.toolbar.mindspark._e5Members_.homepage, hxxp://home.tb.ask.com/index.jhtml?ptb=7EC9382E-2F4B-492D-A858-66D860344011&n=781bda67&p2=^BYM^xdm012^YYA^de);
user_pref(extensions.toolbar.mindspark._e5Members_.initialized, true);
user_pref(extensions.toolbar.mindspark._e5Members_.installKeysSource, Cookies);
user_pref(extensions.toolbar.mindspark._e5Members_.installType, XPI);
user_pref(extensions.toolbar.mindspark._e5Members_.installation.contextKey, );
user_pref(extensions.toolbar.mindspark._e5Members_.installation.dlpCountryCode, DE);
user_pref(extensions.toolbar.mindspark._e5Members_.installation.installDate, 2015091303);
user_pref(extensions.toolbar.mindspark._e5Members_.installation.partnerId, ^BYM^xdm012^YYA^de);
user_pref(extensions.toolbar.mindspark._e5Members_.installation.partnerSubId, );
user_pref(extensions.toolbar.mindspark._e5Members_.installation.pixelUrl, hxxp://www.productivityboss.com/install_pixels.jhtml?partner=^BYM^xdm012^YYA^de&coId=83bdbbc9052f4
user_pref(extensions.toolbar.mindspark._e5Members_.installation.success, true);
user_pref(extensions.toolbar.mindspark._e5Members_.installation.toolbarId, 7EC9382E-2F4B-492D-A858-66D860344011);
user_pref(extensions.toolbar.mindspark._e5Members_.isCompliantUninstallImplementation, true);
user_pref(extensions.toolbar.mindspark._e5Members_.lastActivePing, 1442149334554);
user_pref(extensions.toolbar.mindspark._e5Members_.lastKnownVersion, 7.18.8.3921);
user_pref(extensions.toolbar.mindspark._e5Members_.options.defaultSearch, false);
user_pref(extensions.toolbar.mindspark._e5Members_.options.homePageEnabled, false);
user_pref(extensions.toolbar.mindspark._e5Members_.options.keywordEnabled, false);
user_pref(extensions.toolbar.mindspark._e5Members_.options.tabEnabled, false);
user_pref(extensions.toolbar.mindspark._e5Members_.partnerPixelFired, true);
user_pref(extensions.toolbar.mindspark._e5Members_.successUrl, hxxp://www.productivityboss.com/installComplete.jhtml);
user_pref(extensions.toolbar.mindspark._e5Members_.toolbarCollapsed, false);
user_pref(extensions.toolbar.mindspark.lastInstalled, productivityboss@mindspark.com);
Emptied folder: C:\Users\Agando\AppData\Roaming\mozilla\firefox\profiles\jiikxrx7.default\minidumps [102 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo

[C:\Users\Agando\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Agando\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
npdicihegicnhaangkdmcgbjceoemeoo

[C:\Users\Agando\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Agando\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2015 at 15:06:54,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015
durchgeführt von Agando (Administrator) auf STEFFEN (13-09-2015 15:11:39)
Gestartet von C:\Users\Agando\Downloads
Geladene Profile: Agando (Verfügbare Profile: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-09-09] (MSI)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Agando\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Spotify Web Helper] => C:\Users\Agando\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Amazon Music] => C:\Users\Agando\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-04-02]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E5E922C8-6D4C-4632-92A5-4E2FF645FF62}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3595809947-3267569526-1819159511-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000 -> DefaultScope {C1CE2D7F-DF76-46DD-8227-D72EA1B7B09E} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3595809947-3267569526-1819159511-1000 -> {C1CE2D7F-DF76-46DD-8227-D72EA1B7B09E} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\google-images.xml [2014-10-06]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\google-maps.xml [2014-10-06]
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\searchplugins\yahoo-web.xml [2015-09-09]
FF Extension: ProductivityBoss - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\jiikxrx7.default\Extensions\e5ffxtbr@www.productivityboss.com [2015-09-13]

Chrome: 
=======
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
CHR Extension: (Google-Suche) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
CHR Extension: (Google Tabellen) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (agar.io server browser) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-06-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
CHR Extension: (Google Mail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1125888 2015-07-22] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-06-15] (EasyAntiCheat Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MSI)
S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5268336 2014-03-25] (INCA Internet Co., Ltd.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 pmem; \??\C:\Users\Agando\AppData\Local\Temp\_MEI56482\drivers\winpmem64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-13 15:11 - 2015-09-13 15:11 - 00000000 ____D C:\Users\Agando\Downloads\FRST-OlderVersion
2015-09-13 15:06 - 2015-09-13 15:06 - 00005007 _____ C:\Users\Agando\Desktop\JRT.txt
2015-09-13 15:03 - 2015-09-09 20:11 - 01800104 _____ (Malwarebytes Corporation) C:\Users\Agando\Desktop\JRT.exe
2015-09-13 15:02 - 2015-09-13 15:02 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Agando\Downloads\JRT_7600.exe
2015-09-13 14:59 - 2015-09-13 14:59 - 00003635 _____ C:\Users\Agando\Desktop\AdwCleaner[C1].txt
2015-09-13 14:50 - 2015-09-13 14:50 - 00003952 _____ C:\Users\Agando\Desktop\Antimalwarebytes.txt
2015-09-13 14:26 - 2015-09-13 14:26 - 01660416 _____ C:\Users\Agando\Downloads\AdwCleaner_5.007(1).exe
2015-09-13 13:20 - 2015-09-13 13:43 - 00001100 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-13 13:20 - 2015-09-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-13 13:20 - 2015-09-13 13:20 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-13 13:20 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-13 13:20 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-13 13:19 - 2015-09-13 13:19 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Agando\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-12 16:48 - 2015-09-12 16:48 - 00031185 ____C C:\ComboFix.txt
2015-09-12 16:32 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-12 16:32 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-12 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-12 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-12 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-12 16:32 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-12 16:32 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-12 16:32 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-12 16:31 - 2015-09-12 16:48 - 00000000 ___DC C:\Qoobox
2015-09-12 16:30 - 2015-09-12 16:46 - 00000000 ____D C:\Windows\erdnt
2015-09-12 16:29 - 2015-09-12 16:29 - 05635119 ____R (Swearware) C:\Users\Agando\Downloads\ComboFix.exe
2015-09-11 21:50 - 2015-09-13 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-11 21:49 - 2015-09-13 14:30 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 21:49 - 2015-09-13 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-11 21:47 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-11 21:46 - 2015-09-11 21:47 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Agando\Downloads\mbar-1.09.2.1008.exe
2015-09-11 18:18 - 2015-09-11 18:18 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-11 18:18 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-11 18:12 - 2015-09-13 13:43 - 00001383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-11 18:12 - 2015-09-13 13:43 - 00001377 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-11 18:12 - 2015-09-12 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-11 18:12 - 2015-09-11 21:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-11 18:12 - 2015-09-11 18:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-11 18:12 - 2015-09-11 18:12 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-09-11 18:12 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-09-11 18:02 - 2015-09-11 18:02 - 01162528 _____ C:\Users\Agando\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-09-11 09:29 - 2015-09-11 09:29 - 00061856 _____ C:\Users\Agando\Downloads\Addition.txt
2015-09-11 09:28 - 2015-09-13 15:11 - 00019908 _____ C:\Users\Agando\Downloads\FRST.txt
2015-09-11 09:27 - 2015-09-13 15:11 - 02190336 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-09-10 23:06 - 2015-09-13 14:57 - 00000000 ___DC C:\AdwCleaner
2015-09-10 23:06 - 2015-09-10 23:06 - 01660416 _____ C:\Users\Agando\Desktop\AdwCleaner_5.007.exe
2015-09-10 21:54 - 2015-09-10 22:05 - 00605953 _____ C:\Users\Agando\AppData\Roaming\2.txt
2015-09-10 21:54 - 2015-09-10 22:05 - 00204403 _____ C:\Users\Agando\AppData\Roaming\1.zip
2015-09-10 21:41 - 2015-09-11 18:00 - 00000000 ____D C:\Users\Agando\AppData\Roaming\ZtnbTaR
2015-09-10 21:38 - 2015-09-10 21:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-09-10 20:21 - 2015-09-10 20:21 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Sun
2015-09-10 20:21 - 2015-09-10 20:21 - 00000000 ____D C:\Users\Agando\.oracle_jre_usage
2015-09-09 20:08 - 2015-09-09 20:09 - 00000000 ____D C:\Users\Agando\Desktop\Trailerpark
2015-09-09 09:02 - 2015-08-18 03:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 09:02 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 09:02 - 2015-08-15 08:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 09:02 - 2015-08-15 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 09:02 - 2015-08-15 08:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 09:02 - 2015-08-15 08:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 09:02 - 2015-08-15 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 09:02 - 2015-08-15 08:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 09:02 - 2015-08-15 08:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 09:02 - 2015-08-15 08:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 09:02 - 2015-08-15 08:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 09:02 - 2015-08-15 08:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 09:02 - 2015-08-15 08:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 09:02 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 09:02 - 2015-08-15 08:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 09:02 - 2015-08-15 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 09:02 - 2015-08-15 08:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 09:02 - 2015-08-15 08:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 09:02 - 2015-08-15 08:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 09:02 - 2015-08-15 08:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 09:02 - 2015-08-15 07:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 09:02 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 09:02 - 2015-08-15 07:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 09:02 - 2015-08-15 07:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 09:02 - 2015-08-15 07:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 09:02 - 2015-08-15 07:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 09:02 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 09:02 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 09:02 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 09:02 - 2015-08-15 07:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 09:02 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 09:02 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 09:02 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 09:02 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 09:02 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 09:02 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 09:02 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 09:02 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 09:02 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 09:02 - 2015-08-15 07:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 09:02 - 2015-08-15 07:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 09:02 - 2015-08-15 07:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 09:02 - 2015-08-15 07:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 09:02 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 09:02 - 2015-08-15 07:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 09:02 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 09:02 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 09:02 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 09:02 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 09:02 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 09:02 - 2015-08-15 07:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 09:02 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 09:02 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 09:02 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 09:02 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 09:02 - 2015-08-15 06:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 09:02 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 09:02 - 2015-08-15 06:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 09:02 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 09:02 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 08:57 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 08:57 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 08:57 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 08:57 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 08:57 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 08:57 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 08:57 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 08:57 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 08:57 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 08:57 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 08:53 - 2015-07-23 02:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 08:53 - 2015-07-23 02:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 08:53 - 2015-07-23 02:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 08:53 - 2015-07-23 02:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 08:53 - 2015-07-23 02:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 08:53 - 2015-07-23 02:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 08:53 - 2015-07-23 02:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 08:53 - 2015-07-23 02:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 08:53 - 2015-07-23 02:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 08:53 - 2015-07-23 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 08:53 - 2015-07-23 02:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 08:53 - 2015-07-23 01:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 08:53 - 2015-07-23 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:53 - 2015-07-23 01:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 08:53 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 08:53 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 08:53 - 2015-07-22 19:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 08:53 - 2015-07-22 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 08:53 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 08:53 - 2015-07-22 19:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 08:53 - 2015-07-22 19:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 08:53 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 08:53 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 19:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 08:53 - 2015-07-22 18:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 08:53 - 2015-07-22 18:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 08:53 - 2015-07-22 18:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 08:53 - 2015-07-22 18:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 08:53 - 2015-07-22 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 08:53 - 2015-07-22 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 08:53 - 2015-07-22 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 08:52 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 08:52 - 2015-08-27 20:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 08:52 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 08:52 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 08:52 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 08:52 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 08:52 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 08:52 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 08:52 - 2015-06-25 12:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 08:52 - 2015-06-25 12:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 08:52 - 2015-06-25 12:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 08:52 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 08:51 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 08:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 08:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 08:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 08:51 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 08:51 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 08:51 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 08:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 08:51 - 2015-08-26 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 08:51 - 2015-08-26 20:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 08:51 - 2015-08-26 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 08:51 - 2015-08-26 20:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 08:51 - 2015-08-26 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 08:51 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 08:51 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 08:51 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 08:51 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 08:51 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 08:51 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 08:51 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 08:51 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 08:51 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 08:51 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 08:51 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 11:33 - 2015-09-08 11:33 - 00000000 ____D C:\Users\Agando\AppData\Local\Disc_Soft_Ltd
2015-09-08 11:18 - 2015-09-08 11:18 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-09-08 10:55 - 2015-09-08 11:19 - 00000000 ____D C:\Users\Agando\AppData\Roaming\DAEMON Tools Lite
2015-09-08 10:55 - 2015-09-08 10:55 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-09-08 10:55 - 2015-09-08 10:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-09-03 00:23 - 2015-09-13 13:43 - 00001106 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-31 14:48 - 2015-08-31 14:48 - 00000000 ____D C:\Users\Agando\Desktop\Train
2015-08-29 17:11 - 2015-08-29 17:11 - 00000000 ____D C:\Users\Agando\AppData\Local\FalloutNV
2015-08-28 16:47 - 2015-08-29 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 05:16 - 2015-09-08 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-23 20:29 - 2015-08-23 20:29 - 00000000 ____D C:\Users\Agando\AppData\Local\Daybreak Game Company
2015-08-21 00:29 - 2015-08-23 22:07 - 00000000 ____D C:\Users\Agando\AppData\Local\Ubisoft Game Launcher
2015-08-21 00:29 - 2015-08-21 00:29 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-08-21 00:29 - 2015-08-21 00:29 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-08-19 19:25 - 2015-08-19 19:25 - 00000565 _____ C:\Windows\Cm108.ini.cfl
2015-08-19 19:25 - 2015-08-19 19:25 - 00000133 _____ C:\Windows\system\Dlap.pfx
2015-08-19 19:25 - 2015-08-19 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust GXT Gaming Headset
2015-08-19 19:25 - 2013-04-26 13:05 - 12935168 ____N (C-Media Corporation) C:\Windows\SysWOW64\CM108.dll
2015-08-19 19:25 - 2013-04-26 13:05 - 04533760 ____N C:\Windows\system32\CM108.cpl
2015-08-19 19:25 - 2013-04-26 12:40 - 00820224 ____N C:\Windows\system32\Cmeau108.exe
2015-08-19 19:25 - 2013-04-26 12:40 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\cmpa108.dll
2015-08-19 19:25 - 2013-04-26 12:40 - 00143360 ____N C:\Windows\Vmix108.dll
2015-08-19 19:24 - 2015-08-19 19:25 - 00001196 _____ C:\Windows\Cm108.ini.imi
2015-08-19 19:24 - 2013-04-28 11:08 - 00002697 ____N C:\Windows\Cm108.ini.cfg
2015-08-19 19:24 - 2013-04-26 13:04 - 04326912 _____ (C-Media Electronics Inc) C:\Windows\system32\Drivers\CM10864.sys
2015-08-19 19:24 - 2013-04-26 12:40 - 00524768 ____R (Microsoft Corporation) C:\Windows\difxapi.dll
2015-08-19 19:24 - 2013-04-26 12:40 - 00359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2015-08-19 19:24 - 2013-04-26 12:40 - 00315392 _____ (C-Media Electronics Inc.) C:\Windows\system\fltr108.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-13 15:11 - 2014-09-18 12:40 - 00000000 ____D C:\FRST
2015-09-13 15:10 - 2009-07-14 06:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-13 15:10 - 2009-07-14 06:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-13 15:02 - 2014-10-13 20:53 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-13 15:02 - 2009-07-14 06:51 - 00825699 _____ C:\Windows\setupact.log
2015-09-13 14:59 - 2014-07-08 00:58 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 14:59 - 2014-04-05 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-13 14:59 - 2014-04-02 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-13 14:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-13 14:58 - 2014-04-02 16:56 - 01599472 _____ C:\Windows\WindowsUpdate.log
2015-09-13 14:53 - 2015-02-11 12:28 - 00000734 _____ C:\Users\Agando\Desktop\Neues Textdokument.txt
2015-09-13 14:44 - 2014-07-08 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 14:29 - 2014-04-05 21:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-13 14:24 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-13 14:23 - 2010-11-21 05:47 - 00395842 _____ C:\Windows\PFRO.log
2015-09-13 13:49 - 2011-04-12 09:54 - 00000000 ____D C:\Windows\ShellNew
2015-09-13 13:43 - 2015-07-07 23:45 - 00001106 _____ C:\Users\Agando\Desktop\Amazon Music.lnk
2015-09-13 13:43 - 2015-06-08 22:43 - 00002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-13 13:43 - 2015-04-05 22:51 - 00001434 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2015-09-13 13:43 - 2015-03-21 00:07 - 00001809 _____ C:\Users\Agando\Desktop\Spotify.lnk
2015-09-13 13:43 - 2014-12-14 22:44 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-13 13:43 - 2014-12-14 21:52 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-09-13 13:43 - 2014-09-18 12:45 - 00001164 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:43 - 2014-07-18 14:52 - 00001398 _____ C:\Users\Agando\Desktop\Fraps.lnk
2015-09-13 13:43 - 2014-04-16 11:19 - 00002104 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-13 13:43 - 2014-04-15 13:16 - 00000000 ___RD C:\Users\Agando\Desktop\Games
2015-09-13 13:43 - 2014-04-06 14:17 - 00001795 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-09-13 13:43 - 2014-04-05 20:52 - 00001263 _____ C:\Users\Agando\Desktop\TeamSpeak 3 Client.lnk
2015-09-13 13:43 - 2014-04-05 20:47 - 00000967 _____ C:\Users\Agando\Desktop\Steam.lnk
2015-09-13 13:43 - 2014-04-05 20:34 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:43 - 2014-04-05 20:34 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-13 13:43 - 2014-04-02 17:33 - 00001375 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-09-13 13:43 - 2014-04-02 17:11 - 00002061 _____ C:\Users\Public\Desktop\Super-Charger.lnk
2015-09-13 13:43 - 2014-04-02 16:56 - 00001425 _____ C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-13 13:43 - 2014-04-02 16:54 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-13 13:43 - 2014-04-02 16:54 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-13 13:43 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-13 13:43 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-13 13:43 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-13 13:43 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-09-13 13:43 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-09-13 13:43 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-13 13:43 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-13 13:43 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-13 13:28 - 2014-04-06 14:17 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Spotify
2015-09-13 12:28 - 2014-04-06 14:17 - 00000000 ____D C:\Users\Agando\AppData\Local\Spotify
2015-09-12 21:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-09-12 16:57 - 2015-04-04 19:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-12 16:57 - 2014-04-15 14:26 - 00000000 ____D C:\Users\Agando\AppData\Local\Akamai
2015-09-12 16:57 - 2014-04-02 17:11 - 00000000 ____D C:\SuperChargerProfile
2015-09-12 16:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-09-12 16:48 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-09-12 16:43 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2015-09-12 15:57 - 2014-04-02 16:56 - 00000000 ____D C:\Users\Agando
2015-09-11 23:37 - 2014-04-02 17:51 - 00000000 ____D C:\Windows\Panther
2015-09-11 23:32 - 2015-07-10 19:28 - 00000000 ____D C:\$Windows.~BT
2015-09-11 09:02 - 2014-04-07 02:25 - 00000000 ____D C:\Users\Agando\AppData\Local\CrashDumps
2015-09-10 23:19 - 2014-04-05 20:52 - 00000000 ____D C:\Users\Agando\AppData\Roaming\TS3Client
2015-09-10 20:22 - 2014-11-05 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-10 20:22 - 2014-11-05 12:57 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-10 20:22 - 2014-04-05 21:02 - 00000000 ____D C:\ProgramData\Oracle
2015-09-10 20:20 - 2014-11-05 12:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-09 20:09 - 2014-08-08 19:48 - 00000000 ___RD C:\Users\Agando\Desktop\Youtube
2015-09-09 19:29 - 2011-04-12 09:43 - 00699544 _____ C:\Windows\system32\perfh007.dat
2015-09-09 19:29 - 2011-04-12 09:43 - 00149426 _____ C:\Windows\system32\perfc007.dat
2015-09-09 19:29 - 2009-07-14 07:13 - 01620900 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 19:23 - 2009-07-14 06:45 - 00271440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 19:21 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 19:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 13:29 - 2014-04-06 18:44 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 11:05 - 2014-05-04 00:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-04 02:45 - 2015-07-11 13:23 - 00000000 ____D C:\Users\Agando\AppData\Roaming\OBS
2015-09-04 02:22 - 2015-07-11 13:22 - 00000000 ____D C:\Program Files (x86)\OBS
2015-09-02 21:23 - 2014-04-15 13:17 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-08-31 14:41 - 2014-04-16 11:16 - 00000000 ____D C:\Users\Agando\AppData\Roaming\DVDVideoSoft
2015-08-30 21:39 - 2014-07-08 00:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 21:39 - 2014-07-08 00:58 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 17:11 - 2014-10-02 17:30 - 00000000 ____D C:\Users\Agando\Documents\My Games
2015-08-29 17:11 - 2014-04-05 22:02 - 00366359 _____ C:\Windows\DirectX.log
2015-08-29 17:03 - 2014-04-05 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-29 05:18 - 2014-04-11 19:15 - 00000000 ____D C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-08-28 16:06 - 2015-01-22 16:22 - 00000000 ___RD C:\Users\Agando\Desktop\Programme
2015-08-28 16:04 - 2014-04-05 22:12 - 00000000 ____D C:\Users\Agando\Desktop\Screenshots
2015-08-28 15:59 - 2015-07-24 21:44 - 00000000 ____D C:\Users\Agando\Desktop\ArmA 3
2015-08-28 15:33 - 2014-12-11 14:53 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-08-28 15:32 - 2014-08-30 19:00 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-28 15:31 - 2014-12-11 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-08-28 15:31 - 2014-12-11 19:59 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2015-08-28 15:29 - 2014-09-21 18:08 - 00000000 ____D C:\Users\Agando\AppData\Local\Glyph
2015-08-28 15:29 - 2014-09-21 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-08-28 15:29 - 2014-09-21 18:08 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-08-28 15:28 - 2014-12-07 20:23 - 00000000 ____D C:\Gamigo
2015-08-28 15:26 - 2014-04-15 14:55 - 00000000 ____D C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-08-28 15:26 - 2014-04-15 14:26 - 00000000 ___DC C:\AeriaGames
2015-08-27 17:54 - 2014-07-27 01:05 - 00000000 ____D C:\Users\Agando\AppData\Local\Arma 3 Launcher
2015-08-27 16:50 - 2014-04-28 20:54 - 00000000 ____D C:\Users\Agando\AppData\Local\Arma 3
2015-08-27 14:40 - 2014-04-02 17:34 - 00000000 ____D C:\ProgramData\Avira
2015-08-27 14:40 - 2014-04-02 17:34 - 00000000 ____D C:\Program Files (x86)\Avira
2015-08-27 05:15 - 2014-04-02 17:34 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-27 05:15 - 2014-04-02 17:34 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-26 18:37 - 2014-04-06 18:44 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-19 19:25 - 2014-04-02 17:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-19 19:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2015-08-19 19:24 - 2013-04-26 12:38 - 00001145 _____ C:\Windows\system\Cm108.ini
2015-08-18 16:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 21:34 - 2014-07-08 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-10 21:54 - 2015-09-10 22:05 - 0204403 _____ () C:\Users\Agando\AppData\Roaming\1.zip
2015-09-10 21:54 - 2015-09-10 22:05 - 0605953 _____ () C:\Users\Agando\AppData\Roaming\2.txt
2014-05-04 01:35 - 2014-12-31 00:38 - 0000294 _____ () C:\Users\Agando\AppData\Roaming\BreakingPoint_Login.ini
2014-05-04 02:36 - 2014-12-31 00:51 - 0001664 _____ () C:\Users\Agando\AppData\Roaming\BreakingPoint_Options.ini
2015-03-25 09:32 - 2015-03-25 09:32 - 0000097 _____ () C:\Users\Agando\AppData\Roaming\LauncherSettings_live.cfg
2015-06-28 20:03 - 2015-06-28 20:03 - 0000863 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2014-04-02 17:06 - 2014-04-02 17:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\avgnt.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-11 02:04

==================== Ende von FRST.txt ============================
         
--- --- ---

Alt 14.09.2015, 06:18   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Standard

Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden
administrator, antivirus, auftrag, backdoor, bds/darkkomet.gr, computer, downloader, firewall, programm, pua/installcore.diur, pup.optional.blockandsurf, pup.optional.faststart, pup.optional.qone8, pup.optional.snapdo, pup.optional.webinstr, pup.optional.websearch, pup.optional.websearches.shrtcln, pup.optional.winyahoo, registry, teamspeak



Ähnliche Themen: Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden


  1. Windows 7: Steam Account durch Virus gehackt und entwendet, Steam infiziert : Win32:Malware-gen
    Log-Analyse und Auswertung - 14.09.2015 (16)
  2. Steam-Account schon 2 mal gehackt.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (11)
  3. Origin Account wird immer wieder gehackt+ Steam Anfragen?
    Log-Analyse und Auswertung - 03.02.2015 (4)
  4. Wurde gehackt
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (1)
  5. vermutlich von einem Trojaner infiziert - TR/Crypt.XPACK.Gen3 wurde von Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (9)
  6. Backdoor.Win32.DarkKomet.xyk Trojanisches Programm
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (5)
  7. boo/whistler.a - WoW/steam account gehackt
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (3)
  8. Darkkomet Virus
    Log-Analyse und Auswertung - 06.03.2013 (3)
  9. Antivir hat angeschlagen, jetzt beim start DLLRun: .../install_0_msi.exe "Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (2)
  10. Minütiger Fund von Antivir: TR/Sirefef.BP.1 wurde gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (32)
  11. Virus oder unerwünschtes Programm ' BOO/TDss.O' wurde von Antivir gefunden
    Log-Analyse und Auswertung - 19.02.2012 (29)
  12. Web.de Account gehackt inkl. Steam-& Originaccount // Logfiles
    Log-Analyse und Auswertung - 07.11.2011 (1)
  13. Steam acc wurde gehackt - keylogger?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2011 (15)
  14. wurde gehackt
    Log-Analyse und Auswertung - 05.08.2010 (3)
  15. Steam acc wurde gehackt
    Log-Analyse und Auswertung - 29.06.2009 (0)
  16. Steam Account wurde gehijacked
    Log-Analyse und Auswertung - 24.02.2009 (9)
  17. Acc wurde gehackt.......;-(
    Mülltonne - 12.12.2008 (0)

Zum Thema Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden - Hallo. Ich wurde auf einen Teamspeak Server eingeladen. Ich wurde sofort getrennt und ein Fenster ging auf das ein ClientQuery problem besteht. In diesem Fenster war ein Link auf wo - Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden...
Archiv
Du betrachtest: Steam wurde gehackt. Antivir hat BDS/DarkKomet.GR gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.