Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung (https://www.trojaner-board.de/162603-deutsche-telekom-brief-abuse-team-virus-trojaner-infizierung.html)

Hassel 09.01.2015 12:44
Deutsche Telekom Brief vom Abuse Team Virus/Trojaner infizierung
 
Guten Tag,

habe den Computer von meinem Bruder da stehen, dieser am 05.01.2015 Post von der Telekom erhalten hat.

"Wichtige Sicherheitswarnung zu Ihrem Internetzugang
Abuse ID : XXXXX
Zugangsnummer: XXX

Sehr geehrter Herr XXX

uns liegen Hinweise von Sicherheitsexperten vor, dass mindestens ein Rechner, der über Ihren Internetzugang sich mit dem Internet verbindet, mit einem Virus / Trojaner infiziert ist. ...."

jetzt habe ich seinen Computer bei mir stehen und soll mal danach schauen.
Könnte jetzt sämtliche programme wie Malwarebyte und ähnliches drüber laufen lassen und das Zeugs löschen. Dabei ist mir aber in dem Moment nicht geholfen, weil ich gern die Ursache wissen möchte wie schlimm der PC infiziert ist. In dieser Problematik kann ich nur hier geholfen bekommen, da ich mich dann soweit auch nicht damit auskenne.

Daher bitte ich um Hilfe um meinen PC zu gescheid zu Reinigen und vorallem die Ursache herauszufinden.

Wäre jemand so nett und würde mir helfen ?

Danke im vorraus

Hassel

PS: Da sich der PC nun bei mir befindet, kann es sein wenn ich diesen mit meinem Inet verbinde, dass danach mein System Infiziert ist oder irgendwie Passwörter ausgelesen werden?

cosinus 09.01.2015 13:16
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Hassel 09.01.2015 15:37
Habe vorher extra garnix dran gemacht um die Ursache zu finden.

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by DarkDragons (administrator) on SHOCKDRAGONS on 09-01-2015 15:33:36
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\nethtsrv.exe
() C:\Windows\score.exe
() C:\Windows\SysWOW64\netupdsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Time Lapse Solutions) C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [mbot_de_82] => [X]
HKLM-x32\...\Run: [ConvertAd] => C:\Users\DarkDragons\AppData\Local\ConvertAd\ConvertAd.exe
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Akamai NetSession Interface] => C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400262460&from=cor&uid=SAMSUNGXHD103SJ_S246J9BZ933539&q={searchTerms}
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GM,&q={searchTerms}
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=55&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D-D4C95A456D19&SSPV=
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GM,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GQ,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GQ,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=58&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D-D4C95A456D19&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_44_ff&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDzz0FtD0ByCtD0CzztBtBtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0B0CtA0A0DtAyDtG0A0Bzy0BtGtDtBzyzztG0CtCtA0DtGyD0FzyzytDtA0E0A0FtByEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByEyD0CtA0Azz0DtG0EyBtD0BtGyEtCtDyEtG0B0Bzy0EtGyDyCzy0E0EtAtCzy0FtByEyB2Q&cr=1149733925&ir=
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=58&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D-D4C95A456D19&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2357861172-224482980-2813433480-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30biahQCcpbUtWYzgg2wd_qpS1us1sjGo6dVvuci4rC6pjtf_94cGWzbziTImHCQo66MVbHLe_-P_EqGWWvTi-MCTDtg_szpx8TOm3qPleFkC7w7-PyMReQBmIKgTpm2vSWXzmR18SqS4GQ,&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF user.js: detected! => C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\DarkDragons\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml
FF HKLM-x32\...\Firefox\Extensions: [{d9a96531-b093-4d07-9e4c-9704a365c441}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\DarkDragons\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [315392 2015-01-01] () [File not signed]
R2 scores; C:\Windows\score.exe [4834816 2014-10-02] () [File not signed]
R2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [335360 2015-01-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-09-29] (NetFilterSDK.com)
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2015-01-01] (nethfdrv)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                          )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 wpnfd_1_10_0_2; system32\drivers\wpnfd_1_10_0_2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:33 - 2015-01-09 15:34 - 00014050 _____ () C:\Users\DarkDragons\Desktop\FRST.txt
2015-01-09 15:30 - 2015-01-09 15:33 - 00000000 ____D () C:\FRST
2015-01-09 15:29 - 2015-01-09 15:29 - 02124288 _____ (Farbar) C:\Users\DarkDragons\Desktop\FRST64.exe
2015-01-04 20:29 - 2015-01-04 20:29 - 00000687 _____ () C:\awh2A63.tmp
2015-01-03 14:54 - 2015-01-03 14:54 - 00000687 _____ () C:\awhB136.tmp
2015-01-01 10:39 - 2015-01-01 10:39 - 00335360 _____ () C:\Windows\SysWOW64\netupdsrv.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00325120 _____ () C:\Windows\SysWOW64\hfpapi.dll
2015-01-01 10:39 - 2015-01-01 10:39 - 00315392 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00128000 _____ () C:\Windows\SysWOW64\installd.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2015-01-01 10:39 - 2015-01-01 10:39 - 00046160 _____ (nethfdrv) C:\Windows\system32\Drivers\nethfdrv.sys
2014-12-24 13:16 - 2014-12-24 13:16 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Alien Isolation.url
2014-12-23 11:18 - 2014-12-23 11:18 - 00000687 _____ () C:\awh81D9.tmp
2014-12-21 20:45 - 2014-12-21 20:45 - 00000687 _____ () C:\awhEC60.tmp
2014-12-19 18:44 - 2014-12-19 18:44 - 00000687 _____ () C:\awh4855.tmp
2014-12-18 20:31 - 2014-12-18 20:32 - 00280752 _____ () C:\Windows\Minidump\121814-25093-01.dmp
2014-12-18 20:31 - 2014-12-18 20:31 - 696154421 _____ () C:\Windows\MEMORY.DMP
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 21:56 - 2014-12-16 21:56 - 00000687 _____ () C:\awhF7AA.tmp
2014-12-16 21:25 - 2014-12-16 21:25 - 00000687 _____ () C:\awh9CB.tmp
2014-12-15 23:06 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 23:06 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 16:33 - 2014-12-14 16:33 - 00000687 _____ () C:\awh966D.tmp
2014-12-12 14:03 - 2014-12-12 14:03 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Sacred 3.url
2014-12-12 08:47 - 2014-12-12 08:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 05:06 - 2014-12-10 05:06 - 00000687 _____ () C:\awhB13.tmp
2014-12-10 00:08 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 00:08 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:32 - 2014-11-14 08:59 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\ZombieInvasion
2015-01-09 15:30 - 2014-05-16 18:15 - 01569010 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 15:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-09 15:23 - 2014-05-16 18:45 - 00000000 ____D () C:\Users\DarkDragons\AppData\Roaming\ClassicShell
2015-01-09 15:23 - 2014-05-16 18:34 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7F5C46-D0D5-44D6-A666-2A83C8BD8ED4}
2015-01-09 15:19 - 2014-11-05 20:45 - 00000394 _____ () C:\Windows\Tasks\AmiUpdXp.job
2015-01-05 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-05 16:44 - 2014-10-19 14:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 09:57 - 2014-10-15 11:45 - 00000000 ____D () C:\Program Files\CouponArific
2015-01-05 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 00:19 - 2014-06-07 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 00:19 - 2014-05-16 18:18 - 00000000 ____D () C:\Users\DarkDragons
2015-01-04 20:24 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 20:19 - 2014-05-16 18:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\JDownloader v2.0
2014-12-31 12:14 - 2014-08-30 21:15 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 20:38 - 2014-06-20 16:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-18 18:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 20:53 - 2014-09-02 09:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Akamai
2014-12-17 17:43 - 2014-05-16 18:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357861172-224482980-2813433480-1001
2014-12-16 21:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-16 21:19 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-16 21:19 - 2014-03-18 02:51 - 00108542 _____ () C:\Windows\PFRO.log
2014-12-12 22:11 - 2014-05-18 12:07 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Battle.net
2014-12-12 16:37 - 2014-06-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-12 12:46 - 2014-06-22 14:57 - 00000000 ____D () C:\Users\DarkDragons\Documents\StarCraft II
2014-12-12 10:02 - 2014-05-18 12:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 15:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 00:15 - 2014-05-19 10:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 00:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 00:10 - 2014-05-19 10:14 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 02:51

==================== End Of Log ============================
--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-09 15:34:24
Running from C:\Users\DarkDragons\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders Ancient Alien Makeover (HKLM-x32\...\7 Wonders Ancient Alien Makeover) (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version:  - EA Los Angeles)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legends of Aethereus (HKLM-x32\...\Steam App 248410) (Version:  - Three Gates)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version:  - CAPCOM CO., LTD.)
Mahjong Secrets (HKLM-x32\...\Mahjong Secrets_is1) (Version: 1.0 - Playrix Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37803 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Blitz 1.0 (HKLM\...\{F249E83F-ADF4-4159-BAF5-485965489228}) (Version: 1.0 - Headup Games)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.46 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 16:37:03 Windows Update
26-12-2014 10:39:34 Geplanter Prüfpunkt
03-01-2015 12:51:49 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {020A8DF0-4DE0-47DC-A2BF-B780D9316C4A} - System32\Tasks\PennyBee => C:\Users\DARKDR~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1540789C-7B76-4213-8A88-385BBF788821} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {42CBEAA2-06B1-48FD-A28F-892244789220} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {61926872-C938-4599-8D44-3B91DEE5ABA5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {6C830E42-BCBE-4D84-BE4F-68BAF29BC8B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {76C24555-6063-4DCB-9089-A68312B203C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {A5DEC9E8-3CD1-415C-9F5C-8729C271E443} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {BF78EB80-3BD0-4EE1-AFA9-99F6162CCD71} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D898BB2C-28D9-40ED-8140-5B09B7BA67D7} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D9C3798B-841A-4D0D-A15B-97E98E3ECC41} - System32\Tasks\AmiUpdXp => C:\Users\DarkDragons\AppData\Local\1959\Updater.exe [2014-11-05] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\DarkDragons\AppData\Local\1959\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\PennyBee.job => C:\Users\DARKDR~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-05-22 20:59 - 2014-05-22 20:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00172544 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
2014-09-29 21:13 - 2014-09-29 21:13 - 00110080 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00456192 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll
2015-01-01 10:39 - 2015-01-01 10:39 - 00315392 _____ () C:\Windows\SysWOW64\nethtsrv.exe
2014-09-16 18:01 - 2014-10-02 17:56 - 04834816 _____ () C:\Windows\score.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00335360 _____ () C:\Windows\SysWOW64\netupdsrv.exe
2014-12-12 08:47 - 2014-12-12 08:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\DarkDragons:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Cookies:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "GameforgeLive"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357861172-224482980-2813433480-500 - Administrator - Disabled)
DarkDragons (S-1-5-21-2357861172-224482980-2813433480-1001 - Administrator - Enabled) => C:\Users\DarkDragons
Gast (S-1-5-21-2357861172-224482980-2813433480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2357861172-224482980-2813433480-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 03:34:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:34:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00b74e50
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x3790
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x010e4e50
ID des fehlerhaften Prozesses: 0x3790
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x1224
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x010f4e50
ID des fehlerhaften Prozesses: 0x1224
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00b94e50
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x705b90df
ID des fehlerhaften Prozesses: 0x3350
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 03:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x01134e50
ID des fehlerhaften Prozesses: 0x3350
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5


System errors:
=============
Error: (01/05/2015 09:03:15 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/05/2015 09:03:15 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/05/2015 07:52:15 AM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 07:51:45 AM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/04/2015 08:24:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/04/2015 08:24:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎01.‎2015 um 20:08:55 unerwartet heruntergefahren.

Error: (01/04/2015 01:41:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/04/2015 01:41:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (01/04/2015 01:02:38 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 01:02:05 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/09/2015 03:34:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df16e001d02c19621535aeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowna0e96512-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:34:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500b74e5016e001d02c19621535aeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown9fcb4abf-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df379001d02c19361b8b96C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown7516a3d7-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5010e4e50379001d02c19361b8b96C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown73d126c1-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df122401d02c1933662539C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown724c55ce-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5010f4e50122401d02c1933662539C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown711c0eeb-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df31d001d02c192690e481C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown659ec1e8-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500b94e5031d001d02c192690e481C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown64467fdc-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005705b90df335001d02c19240a7e45C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown62e208a2-980c-11e4-8286-1c6f658f0b60

Error: (01/09/2015 03:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a501134e50335001d02c19240a7e45C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown61bfcb85-980c-11e4-8286-1c6f658f0b60


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 22%
Total physical RAM: 8189.55 MB
Available physical RAM: 6322.16 MB
Total Pagefile: 16381.55 MB
Available Pagefile: 14560.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:429.57 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:510.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B788E10F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C1DEE9F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 09.01.2015 17:16
Da lief auch schon mal illegal ein MS-Office :pfeiff: :pfui:

Bitte ein Log mit MBAR machen:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hassel 09.01.2015 17:50
kann ich leider nicht viel zu sagen was da mal alles drauf installiert war, werde es aber weiter geben

Code:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.09.11

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
DarkDragons :: SHOCKDRAGONS [administrator]

09.01.2015 17:33:21
mbar-log-2015-01-09 (17-33-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 337500
Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Detected: 1
C:\Windows\score.exe (Trojan.ZBAgent.NS) -> 1640 -> Delete on reboot. [e37cbc39355460d6f88f9d3f0ef3ed13]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scores (Trojan.ZBAgent.NS) -> Delete on reboot. [e37cbc39355460d6f88f9d3f0ef3ed13]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [1a45dd189aef70c6f550b76ba95acc34]

Files Detected: 3
C:\WINDOWS\SYSTEM32\drivers\nethfdrv.sys (PUP.Optional.NetFilter) -> Delete on reboot. [cca84a9267600396e43c095dfc5572fb]
C:\Windows\score.exe (Trojan.ZBAgent.NS) -> Delete on reboot. [e37cbc39355460d6f88f9d3f0ef3ed13]
C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []

Physical Sectors Detected: 0
(No malicious items detected)

(end)
zweiter scan läuft gerade, irgendwie hab ich die vermutung das der Rechner eine reine Trojaner/Viren schleuder ist... bei windows defender befand sich auch eine Datei in der Quarantäne habe sie gelöscht

Zweiter Scan alles Ok wurde nichts mehr gefunden

cosinus 09.01.2015 18:04
Starte den Rechner neu, wiederhole MBAR, um sicherzustellen, dass es die Funde auch dauerhaft entfernt hat

Hassel 09.01.2015 18:12
Jawohl mein Meister =)

Rechner Neu gestartet dritte Runde läuft bereits Poste gleich Ergebnis: nichts mehr gefunden

cosinus 09.01.2015 18:28
Ok, schauen wir zur Sicherheit nochmal mit TDSSkiller rüber:

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hassel 09.01.2015 18:36
Habe 2 logfiles weil das programm einmal abgebrochen hat.

beim zweiten mal ist es durchgelaufen und habe zwei fünde

Code:
18:30:52.0602 0x0de0  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:30:55.0996 0x0de0  ============================================================
18:30:55.0996 0x0de0  Current date / time: 2015/01/09 18:30:55.0996
18:30:55.0996 0x0de0  SystemInfo:
18:30:55.0996 0x0de0 
18:30:55.0996 0x0de0  OS Version: 6.3.9600 ServicePack: 0.0
18:30:55.0996 0x0de0  Product type: Workstation
18:30:55.0996 0x0de0  ComputerName: SHOCKDRAGONS
18:30:55.0996 0x0de0  UserName: DarkDragons
18:30:55.0996 0x0de0  Windows directory: C:\Windows
18:30:55.0996 0x0de0  System windows directory: C:\Windows
18:30:55.0996 0x0de0  Running under WOW64
18:30:55.0996 0x0de0  Processor architecture: Intel x64
18:30:55.0996 0x0de0  Number of processors: 4
18:30:55.0996 0x0de0  Page size: 0x1000
18:30:55.0996 0x0de0  Boot type: Normal boot
18:30:55.0996 0x0de0  ============================================================
18:30:56.0633 0x0de0  KLMD registered as C:\Windows\system32\drivers\83016084.sys
18:30:57.0128 0x0de0  System UUID: {94BA08A1-C5AD-CD57-2F21-2297898908D5}
18:30:58.0237 0x0de0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:58.0247 0x0de0  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:30:58.0249 0x0de0  ============================================================
18:30:58.0249 0x0de0  \Device\Harddisk0\DR0:
18:30:58.0249 0x0de0  MBR partitions:
18:30:58.0249 0x0de0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:30:58.0249 0x0de0  \Device\Harddisk1\DR1:
18:30:58.0249 0x0de0  MBR partitions:
18:30:58.0249 0x0de0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:30:58.0249 0x0de0  ============================================================
18:30:58.0250 0x0de0  C: <-> \Device\Harddisk1\DR1\Partition1
18:30:58.0264 0x0de0  E: <-> \Device\Harddisk0\DR0\Partition1
18:30:58.0264 0x0de0  ============================================================
18:30:58.0264 0x0de0  Initialize success
18:30:58.0264 0x0de0  ============================================================
18:31:57.0444 0x0b9c  ============================================================
18:31:57.0444 0x0b9c  Scan started
18:31:57.0444 0x0b9c  Mode: Manual; TDLFS;
18:31:57.0444 0x0b9c  ============================================================
18:31:57.0444 0x0b9c  KSN ping started
18:31:59.0908 0x0b9c  KSN ping finished: true
18:32:00.0893 0x0b9c  ================ Scan system memory ========================
18:32:00.0893 0x0b9c  System memory - ok
18:32:00.0894 0x0b9c  ================ Scan services =============================
18:32:01.0002 0x0b9c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
18:32:01.0010 0x0b9c  1394ohci - ok
18:32:01.0030 0x0b9c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
18:32:01.0035 0x0b9c  3ware - ok
18:32:01.0103 0x0b9c  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:32:01.0118 0x0b9c  ACPI - ok
18:32:01.0134 0x0b9c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
18:32:01.0134 0x0b9c  acpiex - ok
18:32:01.0149 0x0b9c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
18:32:01.0149 0x0b9c  acpipagr - ok
18:32:01.0181 0x0b9c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
18:32:01.0181 0x0b9c  AcpiPmi - ok
18:32:01.0196 0x0b9c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
18:32:01.0212 0x0b9c  acpitime - ok
18:32:01.0337 0x0b9c  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:32:01.0353 0x0b9c  AdobeFlashPlayerUpdateSvc - ok
18:32:01.0384 0x0b9c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
18:32:01.0399 0x0b9c  ADP80XX - ok
18:32:01.0431 0x0b9c  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
18:32:01.0431 0x0b9c  AeLookupSvc - ok
18:32:01.0493 0x0b9c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
18:32:01.0493 0x0b9c  AFD - ok
18:32:01.0524 0x0b9c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:32:01.0524 0x0b9c  agp440 - ok
18:32:01.0524 0x0b9c  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
18:32:01.0540 0x0b9c  ahcache - ok
18:32:01.0556 0x0b9c  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG            C:\Windows\System32\alg.exe
18:32:01.0556 0x0b9c  ALG - ok
18:32:01.0587 0x0b9c  [ 91CED777074974890AF6E93839245678, 23FE30391AD4DD184909B6ACB035F92A11EF912A5B5E0E8CF9ED08C8F6B5E489 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:32:01.0603 0x0b9c  AMD External Events Utility - ok
18:32:01.0634 0x0b9c  AMD FUEL Service - ok
18:32:01.0649 0x0b9c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
18:32:01.0649 0x0b9c  AmdK8 - ok
18:32:01.0681 0x0b9c  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
18:32:01.0681 0x0b9c  amdkmafd - ok
Code:
18:32:11.0868 0x0aac  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:32:13.0618 0x0aac  ============================================================
18:32:13.0618 0x0aac  Current date / time: 2015/01/09 18:32:13.0618
18:32:13.0618 0x0aac  SystemInfo:
18:32:13.0618 0x0aac 
18:32:13.0618 0x0aac  OS Version: 6.3.9600 ServicePack: 0.0
18:32:13.0618 0x0aac  Product type: Workstation
18:32:13.0618 0x0aac  ComputerName: SHOCKDRAGONS
18:32:13.0618 0x0aac  UserName: DarkDragons
18:32:13.0618 0x0aac  Windows directory: C:\Windows
18:32:13.0618 0x0aac  System windows directory: C:\Windows
18:32:13.0618 0x0aac  Running under WOW64
18:32:13.0618 0x0aac  Processor architecture: Intel x64
18:32:13.0618 0x0aac  Number of processors: 4
18:32:13.0618 0x0aac  Page size: 0x1000
18:32:13.0618 0x0aac  Boot type: Normal boot
18:32:13.0618 0x0aac  ============================================================
18:32:13.0759 0x0aac  System UUID: {94BA08A1-C5AD-CD57-2F21-2297898908D5}
18:32:14.0149 0x0aac  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:14.0165 0x0aac  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:32:14.0181 0x0aac  ============================================================
18:32:14.0181 0x0aac  \Device\Harddisk0\DR0:
18:32:14.0181 0x0aac  MBR partitions:
18:32:14.0181 0x0aac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:32:14.0181 0x0aac  \Device\Harddisk1\DR1:
18:32:14.0181 0x0aac  MBR partitions:
18:32:14.0181 0x0aac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:32:14.0181 0x0aac  ============================================================
18:32:14.0196 0x0aac  C: <-> \Device\Harddisk1\DR1\Partition1
18:32:14.0196 0x0aac  E: <-> \Device\Harddisk0\DR0\Partition1
18:32:14.0196 0x0aac  ============================================================
18:32:14.0196 0x0aac  Initialize success
18:32:14.0196 0x0aac  ============================================================
18:32:22.0415 0x0c74  ============================================================
18:32:22.0415 0x0c74  Scan started
18:32:22.0415 0x0c74  Mode: Manual; TDLFS;
18:32:22.0415 0x0c74  ============================================================
18:32:22.0415 0x0c74  KSN ping started
18:32:24.0853 0x0c74  KSN ping finished: true
18:32:25.0603 0x0c74  ================ Scan system memory ========================
18:32:25.0603 0x0c74  System memory - ok
18:32:25.0603 0x0c74  ================ Scan services =============================
18:32:25.0728 0x0c74  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
18:32:25.0728 0x0c74  1394ohci - ok
18:32:25.0759 0x0c74  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
18:32:25.0759 0x0c74  3ware - ok
18:32:25.0790 0x0c74  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:32:25.0790 0x0c74  ACPI - ok
18:32:25.0821 0x0c74  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
18:32:25.0821 0x0c74  acpiex - ok
18:32:25.0821 0x0c74  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
18:32:25.0821 0x0c74  acpipagr - ok
18:32:25.0837 0x0c74  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
18:32:25.0837 0x0c74  AcpiPmi - ok
18:32:25.0837 0x0c74  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
18:32:25.0837 0x0c74  acpitime - ok
18:32:25.0962 0x0c74  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:32:25.0993 0x0c74  AdobeFlashPlayerUpdateSvc - ok
18:32:26.0040 0x0c74  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
18:32:26.0056 0x0c74  ADP80XX - ok
18:32:26.0087 0x0c74  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
18:32:26.0087 0x0c74  AeLookupSvc - ok
18:32:26.0134 0x0c74  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
18:32:26.0149 0x0c74  AFD - ok
18:32:26.0165 0x0c74  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:32:26.0165 0x0c74  agp440 - ok
18:32:26.0181 0x0c74  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
18:32:26.0181 0x0c74  ahcache - ok
18:32:26.0196 0x0c74  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG            C:\Windows\System32\alg.exe
18:32:26.0196 0x0c74  ALG - ok
18:32:26.0228 0x0c74  [ 91CED777074974890AF6E93839245678, 23FE30391AD4DD184909B6ACB035F92A11EF912A5B5E0E8CF9ED08C8F6B5E489 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:32:26.0228 0x0c74  AMD External Events Utility - ok
18:32:26.0243 0x0c74  AMD FUEL Service - ok
18:32:26.0274 0x0c74  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
18:32:26.0274 0x0c74  AmdK8 - ok
18:32:26.0306 0x0c74  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
18:32:26.0306 0x0c74  amdkmafd - ok
18:32:26.0743 0x0c74  [ 74B39BA3FB6A934FEFEDEC1C89D5AD64, 15D92791FF46203FCED99FB6DB9E86E5AE91B6BC94AF64A35C28ABCCA5C82E8A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:32:26.0993 0x0c74  amdkmdag - ok
18:32:27.0087 0x0c74  [ DA9BFE42D2B4BF410DE9700698E7C150, AB7743D0DBD0A3B2CC016F2C6FE417B9023AB52B0E926E9D09A753F739928C15 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:32:27.0103 0x0c74  amdkmdap - ok
18:32:27.0118 0x0c74  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
18:32:27.0118 0x0c74  AmdPPM - ok
18:32:27.0134 0x0c74  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
18:32:27.0149 0x0c74  amdsata - ok
18:32:27.0149 0x0c74  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:32:27.0165 0x0c74  amdsbs - ok
18:32:27.0165 0x0c74  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
18:32:27.0165 0x0c74  amdxata - ok
18:32:27.0181 0x0c74  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:32:27.0196 0x0c74  AODDriver4.2.0 - ok
18:32:27.0196 0x0c74  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:32:27.0196 0x0c74  AODDriver4.3 - ok
18:32:27.0196 0x0c74  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID          C:\Windows\system32\drivers\appid.sys
18:32:27.0196 0x0c74  AppID - ok
18:32:27.0228 0x0c74  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:32:27.0228 0x0c74  AppIDSvc - ok
18:32:27.0259 0x0c74  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo        C:\Windows\System32\appinfo.dll
18:32:27.0274 0x0c74  Appinfo - ok
18:32:27.0306 0x0c74  [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt        C:\Windows\System32\appmgmts.dll
18:32:27.0321 0x0c74  AppMgmt - ok
18:32:27.0337 0x0c74  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
18:32:27.0368 0x0c74  AppReadiness - ok
18:32:27.0399 0x0c74  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
18:32:27.0431 0x0c74  AppXSvc - ok
18:32:27.0446 0x0c74  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:32:27.0446 0x0c74  arcsas - ok
18:32:27.0462 0x0c74  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:27.0462 0x0c74  AsyncMac - ok
18:32:27.0478 0x0c74  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\Windows\system32\drivers\atapi.sys
18:32:27.0478 0x0c74  atapi - ok
18:32:27.0524 0x0c74  [ 517334A411CD079EE9AEF4C2167875A5, 7C6A450BADCA211D553102ABDC06E1F367FBFC359711AF1DC88027B34502B484 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
18:32:27.0524 0x0c74  AtiHDAudioService - ok
18:32:27.0556 0x0c74  [ 7F70B1044272982AAEA7C16E83424770, A7694D38DF5A0E1040688017DB811EF0788874FE505ADD572DE4D4647073DC12 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:32:27.0556 0x0c74  AudioEndpointBuilder - ok
18:32:27.0587 0x0c74  [ C0484CA5C7F87E38909746B63C7FC868, 65159639E2300AEA886184E9D47D449350DAF69A8AA2F9DBD6BD8A474BA73177 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:32:27.0603 0x0c74  Audiosrv - ok
18:32:27.0634 0x0c74  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:32:27.0634 0x0c74  AxInstSV - ok
18:32:27.0681 0x0c74  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
18:32:27.0759 0x0c74  b06bdrv - ok
18:32:27.0790 0x0c74  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
18:32:27.0790 0x0c74  BasicDisplay - ok
18:32:27.0790 0x0c74  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
18:32:27.0790 0x0c74  BasicRender - ok
18:32:27.0806 0x0c74  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
18:32:27.0806 0x0c74  bcmfn2 - ok
18:32:27.0837 0x0c74  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:32:27.0853 0x0c74  BDESVC - ok
18:32:27.0884 0x0c74  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
18:32:27.0884 0x0c74  Beep - ok
18:32:27.0962 0x0c74  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE            C:\Windows\System32\bfe.dll
18:32:27.0978 0x0c74  BFE - ok
18:32:28.0024 0x0c74  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
18:32:28.0056 0x0c74  BITS - ok
18:32:28.0071 0x0c74  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:32:28.0071 0x0c74  bowser - ok
18:32:28.0118 0x0c74  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:32:28.0118 0x0c74  BrokerInfrastructure - ok
18:32:28.0149 0x0c74  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser        C:\Windows\System32\browser.dll
18:32:28.0149 0x0c74  Browser - ok
18:32:28.0165 0x0c74  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
18:32:28.0165 0x0c74  BthAvrcpTg - ok
18:32:28.0196 0x0c74  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
18:32:28.0212 0x0c74  BthHFEnum - ok
18:32:28.0212 0x0c74  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
18:32:28.0228 0x0c74  bthhfhid - ok
18:32:28.0228 0x0c74  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
18:32:28.0243 0x0c74  BTHMODEM - ok
18:32:28.0259 0x0c74  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv        C:\Windows\system32\bthserv.dll
18:32:28.0259 0x0c74  bthserv - ok
18:32:28.0274 0x0c74  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:32:28.0274 0x0c74  cdfs - ok
18:32:28.0290 0x0c74  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\Windows\System32\drivers\cdrom.sys
18:32:28.0306 0x0c74  cdrom - ok
18:32:28.0321 0x0c74  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc    C:\Windows\System32\certprop.dll
18:32:28.0321 0x0c74  CertPropSvc - ok
18:32:28.0337 0x0c74  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
18:32:28.0337 0x0c74  circlass - ok
18:32:28.0368 0x0c74  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
18:32:28.0368 0x0c74  CLFS - ok
18:32:28.0384 0x0c74  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
18:32:28.0384 0x0c74  CmBatt - ok
18:32:28.0493 0x0c74  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG            C:\Windows\system32\Drivers\cng.sys
18:32:28.0509 0x0c74  CNG - ok
18:32:28.0525 0x0c74  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
18:32:28.0525 0x0c74  CompositeBus - ok
18:32:28.0525 0x0c74  COMSysApp - ok
18:32:28.0525 0x0c74  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
18:32:28.0540 0x0c74  condrv - ok
18:32:28.0603 0x0c74  [ F81093504224F0AE8AA86199143963DC, 1A8C9BE977033647A54D8E9CF743612728A98AA7C2C78880544628995554C9FF ] CouponArificService64 C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
18:32:28.0618 0x0c74  CouponArificService64 - ok
18:32:28.0681 0x0c74  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:32:28.0696 0x0c74  CryptSvc - ok
18:32:28.0728 0x0c74  [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC            C:\Windows\system32\drivers\csc.sys
18:32:28.0743 0x0c74  CSC - ok
18:32:28.0774 0x0c74  [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService      C:\Windows\System32\cscsvc.dll
18:32:28.0790 0x0c74  CscService - ok
18:32:28.0821 0x0c74  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam            C:\Windows\system32\drivers\dam.sys
18:32:28.0821 0x0c74  dam - ok
18:32:28.0853 0x0c74  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:32:28.0853 0x0c74  DcomLaunch - ok
18:32:28.0915 0x0c74  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc      C:\Windows\System32\defragsvc.dll
18:32:28.0915 0x0c74  defragsvc - ok
18:32:28.0946 0x0c74  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
18:32:28.0962 0x0c74  DeviceAssociationService - ok
18:32:28.0978 0x0c74  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
18:32:28.0978 0x0c74  DeviceInstall - ok
18:32:28.0993 0x0c74  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
18:32:28.0993 0x0c74  Dfsc - ok
18:32:29.0056 0x0c74  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:32:29.0071 0x0c74  Dhcp - ok
18:32:29.0087 0x0c74  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
18:32:29.0087 0x0c74  disk - ok
18:32:29.0103 0x0c74  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
18:32:29.0103 0x0c74  dmvsc - ok
18:32:29.0134 0x0c74  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:32:29.0134 0x0c74  Dnscache - ok
18:32:29.0165 0x0c74  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc        C:\Windows\System32\dot3svc.dll
18:32:29.0165 0x0c74  dot3svc - ok
18:32:29.0196 0x0c74  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS            C:\Windows\system32\dps.dll
18:32:29.0212 0x0c74  DPS - ok
18:32:29.0228 0x0c74  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
18:32:29.0228 0x0c74  drmkaud - ok
18:32:29.0259 0x0c74  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
18:32:29.0259 0x0c74  DsmSvc - ok
18:32:29.0353 0x0c74  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
18:32:29.0399 0x0c74  DXGKrnl - ok
18:32:29.0415 0x0c74  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost        C:\Windows\System32\eapsvc.dll
18:32:29.0431 0x0c74  Eaphost - ok
18:32:29.0587 0x0c74  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
18:32:29.0665 0x0c74  ebdrv - ok
18:32:29.0696 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS            C:\Windows\System32\lsass.exe
18:32:29.0696 0x0c74  EFS - ok
18:32:29.0696 0x0c74  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
18:32:29.0696 0x0c74  EhStorClass - ok
18:32:29.0712 0x0c74  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
18:32:29.0728 0x0c74  EhStorTcgDrv - ok
18:32:29.0728 0x0c74  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
18:32:29.0728 0x0c74  ErrDev - ok
18:32:29.0759 0x0c74  esgiguard - ok
18:32:29.0821 0x0c74  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem    C:\Windows\system32\es.dll
18:32:29.0853 0x0c74  EventSystem - ok
18:32:29.0868 0x0c74  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\Windows\system32\drivers\exfat.sys
18:32:29.0868 0x0c74  exfat - ok
18:32:29.0900 0x0c74  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
18:32:29.0900 0x0c74  fastfat - ok
18:32:29.0946 0x0c74  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax            C:\Windows\system32\fxssvc.exe
18:32:29.0962 0x0c74  Fax - ok
18:32:29.0978 0x0c74  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\Windows\System32\drivers\fdc.sys
18:32:29.0978 0x0c74  fdc - ok
18:32:30.0009 0x0c74  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost        C:\Windows\system32\fdPHost.dll
18:32:30.0009 0x0c74  fdPHost - ok
18:32:30.0024 0x0c74  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
18:32:30.0024 0x0c74  FDResPub - ok
18:32:30.0040 0x0c74  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc          C:\Windows\system32\fhsvc.dll
18:32:30.0040 0x0c74  fhsvc - ok
18:32:30.0056 0x0c74  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:32:30.0056 0x0c74  FileInfo - ok
18:32:30.0071 0x0c74  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
18:32:30.0071 0x0c74  Filetrace - ok
18:32:30.0087 0x0c74  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
18:32:30.0087 0x0c74  flpydisk - ok
18:32:30.0149 0x0c74  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:32:30.0212 0x0c74  FltMgr - ok
18:32:30.0290 0x0c74  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache      C:\Windows\system32\FntCache.dll
18:32:30.0321 0x0c74  FontCache - ok
18:32:30.0415 0x0c74  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:32:30.0415 0x0c74  FontCache3.0.0.0 - ok
18:32:30.0446 0x0c74  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
18:32:30.0446 0x0c74  FsDepends - ok
18:32:30.0478 0x0c74  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:32:30.0478 0x0c74  Fs_Rec - ok
18:32:30.0509 0x0c74  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:32:30.0524 0x0c74  fvevol - ok
18:32:30.0540 0x0c74  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\Windows\System32\drivers\fxppm.sys
18:32:30.0540 0x0c74  FxPPM - ok
18:32:30.0556 0x0c74  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:32:30.0556 0x0c74  gagp30kx - ok
18:32:30.0556 0x0c74  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
18:32:30.0556 0x0c74  gencounter - ok
18:32:30.0603 0x0c74  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
18:32:30.0603 0x0c74  GPIOClx0101 - ok
18:32:30.0728 0x0c74  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc          C:\Windows\System32\gpsvc.dll
18:32:30.0759 0x0c74  gpsvc - ok
18:32:30.0790 0x0c74  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:32:30.0790 0x0c74  HdAudAddService - ok
18:32:30.0821 0x0c74  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
18:32:30.0821 0x0c74  HDAudBus - ok
18:32:31.0024 0x0c74  [ 6F4E7A7E962BDFAAD520C7ACA9121DDC, 1F4D1DB98E8F10C5CD7E2878CF253D6BB344C6D59BF35F310874AA6F57770315 ] HfnISlqYdAO    C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe
18:32:31.0056 0x0c74  HfnISlqYdAO - ok
18:32:31.0071 0x0c74  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
18:32:31.0071 0x0c74  HidBatt - ok
18:32:31.0087 0x0c74  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
18:32:31.0087 0x0c74  HidBth - ok
18:32:31.0134 0x0c74  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
18:32:31.0134 0x0c74  hidi2c - ok
18:32:31.0149 0x0c74  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\Windows\System32\drivers\hidir.sys
18:32:31.0165 0x0c74  HidIr - ok
18:32:31.0181 0x0c74  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv        C:\Windows\system32\hidserv.dll
18:32:31.0181 0x0c74  hidserv - ok
18:32:31.0196 0x0c74  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
18:32:31.0196 0x0c74  HidUsb - ok
18:32:31.0228 0x0c74  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:32:31.0228 0x0c74  hkmsvc - ok
18:32:31.0259 0x0c74  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:32:31.0274 0x0c74  HomeGroupListener - ok
18:32:31.0306 0x0c74  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:32:31.0321 0x0c74  HomeGroupProvider - ok
18:32:31.0337 0x0c74  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:32:31.0337 0x0c74  HpSAMD - ok
18:32:31.0368 0x0c74  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:32:31.0399 0x0c74  HTTP - ok
18:32:31.0415 0x0c74  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:32:31.0415 0x0c74  hwpolicy - ok
18:32:31.0415 0x0c74  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
18:32:31.0415 0x0c74  hyperkbd - ok
18:32:31.0415 0x0c74  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
18:32:31.0415 0x0c74  HyperVideo - ok
18:32:31.0431 0x0c74  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
18:32:31.0431 0x0c74  i8042prt - ok
18:32:31.0431 0x0c74  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
18:32:31.0431 0x0c74  iaLPSSi_GPIO - ok
18:32:31.0446 0x0c74  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
18:32:31.0462 0x0c74  iaLPSSi_I2C - ok
18:32:31.0493 0x0c74  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
18:32:31.0509 0x0c74  iaStorAV - ok
18:32:31.0525 0x0c74  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
18:32:31.0540 0x0c74  iaStorV - ok
18:32:31.0540 0x0c74  IEEtwCollectorService - ok
18:32:31.0556 0x0c74  IePluginServices - ok
18:32:31.0618 0x0c74  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:32:31.0649 0x0c74  IKEEXT - ok
18:32:31.0665 0x0c74  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:32:31.0665 0x0c74  intelide - ok
18:32:31.0696 0x0c74  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
18:32:31.0696 0x0c74  intelpep - ok
18:32:31.0712 0x0c74  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
18:32:31.0712 0x0c74  intelppm - ok
18:32:31.0743 0x0c74  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:31.0759 0x0c74  IpFilterDriver - ok
18:32:31.0806 0x0c74  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:32:31.0821 0x0c74  iphlpsvc - ok
18:32:31.0853 0x0c74  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
18:32:31.0868 0x0c74  IPMIDRV - ok
18:32:31.0868 0x0c74  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
18:32:31.0868 0x0c74  IPNAT - ok
18:32:31.0884 0x0c74  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:32:31.0884 0x0c74  IRENUM - ok
18:32:31.0900 0x0c74  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:32:31.0900 0x0c74  isapnp - ok
18:32:31.0946 0x0c74  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
18:32:31.0978 0x0c74  iScsiPrt - ok
18:32:31.0993 0x0c74  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
18:32:31.0993 0x0c74  kbdclass - ok
18:32:32.0009 0x0c74  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
18:32:32.0009 0x0c74  kbdhid - ok
18:32:32.0024 0x0c74  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\Windows\system32\drivers\kbldfltr.sys
18:32:32.0024 0x0c74  kbldfltr - ok
18:32:32.0040 0x0c74  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\Windows\system32\DRIVERS\kdnic.sys
18:32:32.0040 0x0c74  kdnic - ok
18:32:32.0056 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
18:32:32.0056 0x0c74  KeyIso - ok
18:32:32.0056 0x0c74  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:32:32.0071 0x0c74  KSecDD - ok
18:32:32.0118 0x0c74  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
18:32:32.0134 0x0c74  KSecPkg - ok
18:32:32.0149 0x0c74  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
18:32:32.0149 0x0c74  ksthunk - ok
18:32:32.0181 0x0c74  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm          C:\Windows\system32\msdtckrm.dll
18:32:32.0196 0x0c74  KtmRm - ok
18:32:32.0259 0x0c74  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:32:32.0274 0x0c74  LanmanServer - ok
18:32:32.0306 0x0c74  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:32:32.0321 0x0c74  LanmanWorkstation - ok
18:32:32.0399 0x0c74  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc          C:\Windows\System32\GeofenceMonitorService.dll
18:32:32.0415 0x0c74  lfsvc - ok
18:32:32.0415 0x0c74  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:32:32.0431 0x0c74  lltdio - ok
18:32:32.0446 0x0c74  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
18:32:32.0446 0x0c74  lltdsvc - ok
18:32:32.0462 0x0c74  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts        C:\Windows\System32\lmhsvc.dll
18:32:32.0462 0x0c74  lmhosts - ok
18:32:32.0493 0x0c74  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
18:32:32.0493 0x0c74  LSI_SAS - ok
18:32:32.0493 0x0c74  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:32:32.0493 0x0c74  LSI_SAS2 - ok
18:32:32.0525 0x0c74  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
18:32:32.0525 0x0c74  LSI_SAS3 - ok
18:32:32.0540 0x0c74  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
18:32:32.0540 0x0c74  LSI_SSS - ok
18:32:32.0587 0x0c74  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM            C:\Windows\System32\lsm.dll
18:32:32.0603 0x0c74  LSM - ok
18:32:32.0603 0x0c74  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\Windows\system32\drivers\luafv.sys
18:32:32.0618 0x0c74  luafv - ok
18:32:32.0618 0x0c74  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\Windows\system32\drivers\megasas.sys
18:32:32.0618 0x0c74  megasas - ok
18:32:32.0649 0x0c74  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
18:32:32.0665 0x0c74  megasr - ok
18:32:32.0665 0x0c74  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS          C:\Windows\system32\mmcss.dll
18:32:32.0681 0x0c74  MMCSS - ok
18:32:32.0681 0x0c74  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\Windows\system32\drivers\modem.sys
18:32:32.0681 0x0c74  Modem - ok
18:32:32.0681 0x0c74  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\Windows\System32\drivers\monitor.sys
18:32:32.0681 0x0c74  monitor - ok
18:32:32.0696 0x0c74  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
18:32:32.0696 0x0c74  mouclass - ok
18:32:32.0696 0x0c74  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
18:32:32.0712 0x0c74  mouhid - ok
18:32:32.0712 0x0c74  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:32:32.0712 0x0c74  mountmgr - ok
18:32:32.0806 0x0c74  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:32:32.0806 0x0c74  MozillaMaintenance - ok
18:32:32.0821 0x0c74  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:32:32.0821 0x0c74  mpsdrv - ok
18:32:32.0868 0x0c74  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:32:32.0884 0x0c74  MpsSvc - ok
18:32:32.0915 0x0c74  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:32:32.0915 0x0c74  MRxDAV - ok
18:32:32.0962 0x0c74  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:32:32.0962 0x0c74  mrxsmb - ok
18:32:32.0978 0x0c74  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:32:32.0993 0x0c74  mrxsmb10 - ok
18:32:33.0025 0x0c74  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:32:33.0040 0x0c74  mrxsmb20 - ok
18:32:33.0040 0x0c74  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
18:32:33.0056 0x0c74  MsBridge - ok
18:32:33.0056 0x0c74  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC          C:\Windows\System32\msdtc.exe
18:32:33.0056 0x0c74  MSDTC - ok
18:32:33.0087 0x0c74  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:32:33.0087 0x0c74  Msfs - ok
18:32:33.0087 0x0c74  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
18:32:33.0087 0x0c74  msgpiowin32 - ok
18:32:33.0103 0x0c74  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
18:32:33.0103 0x0c74  mshidkmdf - ok
18:32:33.0118 0x0c74  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
18:32:33.0118 0x0c74  mshidumdf - ok
18:32:33.0118 0x0c74  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:32:33.0118 0x0c74  msisadrv - ok
18:32:33.0149 0x0c74  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
18:32:33.0149 0x0c74  MSiSCSI - ok
18:32:33.0149 0x0c74  msiserver - ok
18:32:33.0165 0x0c74  [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
18:32:33.0165 0x0c74  MsKeyboardFilter - ok
18:32:33.0196 0x0c74  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
18:32:33.0196 0x0c74  MSKSSRV - ok
18:32:33.0212 0x0c74  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
18:32:33.0212 0x0c74  MsLldp - ok
18:32:33.0228 0x0c74  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:32:33.0228 0x0c74  MSPCLOCK - ok
18:32:33.0228 0x0c74  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
18:32:33.0228 0x0c74  MSPQM - ok
18:32:33.0259 0x0c74  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
18:32:33.0259 0x0c74  MsRPC - ok
18:32:33.0274 0x0c74  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
18:32:33.0274 0x0c74  mssmbios - ok
18:32:33.0290 0x0c74  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
18:32:33.0290 0x0c74  MSTEE - ok
18:32:33.0337 0x0c74  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
18:32:33.0337 0x0c74  MTConfig - ok
18:32:33.0337 0x0c74  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\Windows\system32\Drivers\mup.sys
18:32:33.0353 0x0c74  Mup - ok
18:32:33.0353 0x0c74  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
18:32:33.0353 0x0c74  mvumis - ok
18:32:33.0384 0x0c74  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
18:32:33.0400 0x0c74  napagent - ok
18:32:33.0493 0x0c74  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
18:32:33.0509 0x0c74  NativeWifiP - ok
18:32:33.0525 0x0c74  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
18:32:33.0540 0x0c74  NcaSvc - ok
18:32:33.0556 0x0c74  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
18:32:33.0556 0x0c74  NcbService - ok
18:32:33.0587 0x0c74  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
18:32:33.0587 0x0c74  NcdAutoSetup - ok
18:32:33.0634 0x0c74  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:32:33.0649 0x0c74  NDIS - ok
18:32:33.0665 0x0c74  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
18:32:33.0665 0x0c74  NdisCap - ok
18:32:33.0681 0x0c74  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:32:33.0681 0x0c74  NdisImPlatform - ok
18:32:33.0696 0x0c74  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:32:33.0696 0x0c74  NdisTapi - ok
18:32:33.0712 0x0c74  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
18:32:33.0712 0x0c74  Ndisuio - ok
18:32:33.0728 0x0c74  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
18:32:33.0728 0x0c74  NdisVirtualBus - ok
18:32:33.0743 0x0c74  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:33.0743 0x0c74  NdisWan - ok
18:32:33.0759 0x0c74  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:33.0759 0x0c74  NdisWanLegacy - ok
18:32:33.0759 0x0c74  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
18:32:33.0759 0x0c74  NDProxy - ok
18:32:33.0774 0x0c74  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
18:32:33.0774 0x0c74  Ndu - ok
18:32:33.0790 0x0c74  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
18:32:33.0790 0x0c74  NetBIOS - ok
18:32:33.0790 0x0c74  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
18:32:33.0806 0x0c74  NetBT - ok
18:32:33.0821 0x0c74  [ 9E34BF0784E087F7366DBD2BDA01C8EB, 299B4D9DFFC409FDC8AB8678190164E286D16A93F8FEBCE1DA649D2F748A0D1D ] netfilter64    C:\Windows\system32\drivers\netfilter64.sys
18:32:33.0821 0x0c74  netfilter64 - ok
18:32:33.0837 0x0c74  nethfdrv - ok
18:32:33.0899 0x0c74  [ 35608D966D4170CB1E7DB6CBCA7F3483, 5366E3874F78B2BCE72061FFDC4DC35D730AE544BA575B0974AB6B22248B15E9 ] NetHttpService  C:\Windows\SysWOW64\nethtsrv.exe
18:32:33.0899 0x0c74  NetHttpService - ok
18:32:33.0915 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
18:32:33.0915 0x0c74  Netlogon - ok
18:32:33.0931 0x0c74  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
18:32:33.0946 0x0c74  Netman - ok
18:32:33.0978 0x0c74  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
18:32:33.0978 0x0c74  netprofm - ok
18:32:34.0056 0x0c74  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:34.0071 0x0c74  NetTcpPortSharing - ok
18:32:34.0103 0x0c74  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
18:32:34.0103 0x0c74  netvsc - ok
18:32:34.0149 0x0c74  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:32:34.0165 0x0c74  NlaSvc - ok
18:32:34.0181 0x0c74  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:32:34.0181 0x0c74  Npfs - ok
18:32:34.0228 0x0c74  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
18:32:34.0228 0x0c74  npsvctrig - ok
18:32:34.0243 0x0c74  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi            C:\Windows\system32\nsisvc.dll
18:32:34.0259 0x0c74  nsi - ok
18:32:34.0274 0x0c74  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:32:34.0274 0x0c74  nsiproxy - ok
18:32:34.0368 0x0c74  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:32:34.0399 0x0c74  Ntfs - ok
18:32:34.0415 0x0c74  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
18:32:34.0415 0x0c74  Null - ok
18:32:34.0415 0x0c74  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:32:34.0431 0x0c74  nvraid - ok
18:32:34.0431 0x0c74  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:32:34.0446 0x0c74  nvstor - ok
18:32:34.0446 0x0c74  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:32:34.0446 0x0c74  nv_agp - ok
18:32:34.0478 0x0c74  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:32:34.0493 0x0c74  p2pimsvc - ok
18:32:34.0509 0x0c74  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:32:34.0524 0x0c74  p2psvc - ok
18:32:34.0540 0x0c74  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\Windows\System32\drivers\parport.sys
18:32:34.0540 0x0c74  Parport - ok
18:32:34.0556 0x0c74  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
18:32:34.0556 0x0c74  partmgr - ok
18:32:34.0571 0x0c74  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:32:34.0587 0x0c74  PcaSvc - ok
18:32:34.0618 0x0c74  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\Windows\system32\drivers\pci.sys
18:32:34.0634 0x0c74  pci - ok
18:32:34.0650 0x0c74  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:32:34.0650 0x0c74  pciide - ok
18:32:34.0665 0x0c74  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:32:34.0665 0x0c74  pcmcia - ok
18:32:34.0696 0x0c74  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\Windows\system32\drivers\pcw.sys
18:32:34.0696 0x0c74  pcw - ok
18:32:34.0743 0x0c74  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc            C:\Windows\system32\drivers\pdc.sys
18:32:34.0743 0x0c74  pdc - ok
18:32:34.0774 0x0c74  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:32:34.0790 0x0c74  PEAUTH - ok
18:32:34.0868 0x0c74  [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
18:32:34.0915 0x0c74  PeerDistSvc - ok
18:32:34.0978 0x0c74  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:32:34.0978 0x0c74  PerfHost - ok
18:32:35.0040 0x0c74  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla            C:\Windows\system32\pla.dll
18:32:35.0071 0x0c74  pla - ok
18:32:35.0103 0x0c74  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:32:35.0103 0x0c74  PlugPlay - ok
18:32:35.0134 0x0c74  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
18:32:35.0134 0x0c74  PNRPAutoReg - ok
18:32:35.0149 0x0c74  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
18:32:35.0149 0x0c74  PNRPsvc - ok
18:32:35.0181 0x0c74  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
18:32:35.0196 0x0c74  PolicyAgent - ok
18:32:35.0212 0x0c74  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power          C:\Windows\system32\umpo.dll
18:32:35.0212 0x0c74  Power - ok
18:32:35.0228 0x0c74  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:32:35.0228 0x0c74  PptpMiniport - ok
18:32:35.0399 0x0c74  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
18:32:35.0462 0x0c74  PrintNotify - ok
18:32:35.0493 0x0c74  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\Windows\System32\drivers\processr.sys
18:32:35.0493 0x0c74  Processor - ok
18:32:35.0525 0x0c74  [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc        C:\Windows\system32\profsvc.dll
18:32:35.0540 0x0c74  ProfSvc - ok
18:32:35.0556 0x0c74  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:32:35.0556 0x0c74  Psched - ok
18:32:35.0618 0x0c74  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE          C:\Windows\system32\qwave.dll
18:32:35.0634 0x0c74  QWAVE - ok
18:32:35.0650 0x0c74  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:32:35.0650 0x0c74  QWAVEdrv - ok
18:32:35.0665 0x0c74  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:32:35.0665 0x0c74  RasAcd - ok
18:32:35.0712 0x0c74  [ 674A4702E4E144E8710ED1A2EC6DD049, 613A921101A6815C9185D5EF3E251A592604E56FADE945BB7E256885CAD473BC ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
18:32:35.0728 0x0c74  RasAgileVpn - ok
18:32:35.0743 0x0c74  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto        C:\Windows\System32\rasauto.dll
18:32:35.0759 0x0c74  RasAuto - ok
18:32:35.0775 0x0c74  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
18:32:35.0775 0x0c74  Rasl2tp - ok
18:32:35.0806 0x0c74  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
18:32:35.0821 0x0c74  RasMan - ok
18:32:35.0837 0x0c74  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:35.0837 0x0c74  RasPppoe - ok
18:32:35.0853 0x0c74  [ 2B0F1677CDD08967005F34488559BC6F, FFF168EBD171C0B85A448AD1A04F66534E889AE1DC128F68EA3F35D5996C8D39 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
18:32:35.0853 0x0c74  RasSstp - ok
18:32:35.0884 0x0c74  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
18:32:35.0884 0x0c74  rdbss - ok
18:32:35.0899 0x0c74  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
18:32:35.0899 0x0c74  rdpbus - ok
18:32:35.0946 0x0c74  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
18:32:35.0946 0x0c74  RDPDR - ok
18:32:35.0993 0x0c74  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:32:35.0993 0x0c74  RdpVideoMiniport - ok
18:32:36.0009 0x0c74  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:32:36.0024 0x0c74  rdyboost - ok
18:32:36.0071 0x0c74  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
18:32:36.0087 0x0c74  ReFS - ok
18:32:36.0118 0x0c74  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:32:36.0181 0x0c74  RemoteAccess - ok
18:32:36.0212 0x0c74  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:32:36.0212 0x0c74  RemoteRegistry - ok
18:32:36.0243 0x0c74  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:32:36.0243 0x0c74  RpcEptMapper - ok
18:32:36.0274 0x0c74  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
18:32:36.0274 0x0c74  RpcLocator - ok
18:32:36.0321 0x0c74  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs          C:\Windows\system32\rpcss.dll
18:32:36.0337 0x0c74  RpcSs - ok
18:32:36.0368 0x0c74  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:32:36.0368 0x0c74  rspndr - ok
18:32:36.0399 0x0c74  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168        C:\Windows\system32\DRIVERS\Rt630x64.sys
18:32:36.0415 0x0c74  RTL8168 - ok
18:32:36.0478 0x0c74  [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
18:32:36.0524 0x0c74  RtlWlanu - ok
18:32:36.0540 0x0c74  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
18:32:36.0540 0x0c74  s3cap - ok
18:32:36.0556 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs          C:\Windows\system32\lsass.exe
18:32:36.0556 0x0c74  SamSs - ok
18:32:36.0603 0x0c74  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:32:36.0618 0x0c74  sbp2port - ok
18:32:36.0649 0x0c74  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:32:36.0649 0x0c74  SCardSvr - ok
18:32:36.0665 0x0c74  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
18:32:36.0665 0x0c74  ScDeviceEnum - ok
18:32:36.0696 0x0c74  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:32:36.0696 0x0c74  scfilter - ok
18:32:36.0743 0x0c74  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
18:32:36.0774 0x0c74  Schedule - ok
18:32:36.0806 0x0c74  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc    C:\Windows\System32\certprop.dll
18:32:36.0806 0x0c74  SCPolicySvc - ok
18:32:36.0837 0x0c74  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus          C:\Windows\System32\drivers\sdbus.sys
18:32:36.0853 0x0c74  sdbus - ok
18:32:36.0884 0x0c74  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
18:32:36.0884 0x0c74  sdstor - ok
18:32:36.0884 0x0c74  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:32:36.0884 0x0c74  secdrv - ok
18:32:36.0915 0x0c74  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
18:32:36.0915 0x0c74  seclogon - ok
18:32:36.0915 0x0c74  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
18:32:36.0931 0x0c74  SENS - ok
18:32:36.0946 0x0c74  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:32:36.0946 0x0c74  SensrSvc - ok
18:32:36.0962 0x0c74  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
18:32:36.0962 0x0c74  SerCx - ok
18:32:36.0962 0x0c74  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
18:32:36.0978 0x0c74  SerCx2 - ok
18:32:36.0978 0x0c74  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\Windows\System32\drivers\serenum.sys
18:32:36.0978 0x0c74  Serenum - ok
18:32:36.0993 0x0c74  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
18:32:36.0993 0x0c74  Serial - ok
18:32:37.0009 0x0c74  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
18:32:37.0009 0x0c74  sermouse - ok
18:32:37.0134 0x0c74  [ B66E1D9E07691C2DBF771224EE6C23BE, 1BC60E0AE7A9BD0DB2152B73A412BBB455BECAB3D2486740800BFD0943059EBD ] ServiceUpdater  C:\Windows\SysWOW64\netupdsrv.exe
18:32:37.0134 0x0c74  ServiceUpdater - ok
18:32:37.0165 0x0c74  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:32:37.0181 0x0c74  SessionEnv - ok
18:32:37.0196 0x0c74  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
18:32:37.0196 0x0c74  sfloppy - ok
18:32:37.0274 0x0c74  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:32:37.0290 0x0c74  SharedAccess - ok
18:32:37.0337 0x0c74  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:32:37.0353 0x0c74  ShellHWDetection - ok
18:32:37.0368 0x0c74  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:32:37.0368 0x0c74  SiSRaid2 - ok
18:32:37.0384 0x0c74  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:32:37.0384 0x0c74  SiSRaid4 - ok
18:32:37.0400 0x0c74  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost        C:\Windows\System32\smphost.dll
18:32:37.0400 0x0c74  smphost - ok
18:32:37.0415 0x0c74  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:32:37.0415 0x0c74  SNMPTRAP - ok
18:32:37.0478 0x0c74  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport      C:\Windows\system32\drivers\spaceport.sys
18:32:37.0493 0x0c74  spaceport - ok
18:32:37.0493 0x0c74  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
18:32:37.0493 0x0c74  SpbCx - ok
18:32:37.0556 0x0c74  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler        C:\Windows\System32\spoolsv.exe
18:32:37.0571 0x0c74  Spooler - ok
18:32:37.0774 0x0c74  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
18:32:37.0868 0x0c74  sppsvc - ok
18:32:37.0900 0x0c74  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\Windows\system32\DRIVERS\srv.sys
18:32:37.0915 0x0c74  srv - ok
18:32:37.0931 0x0c74  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:32:37.0946 0x0c74  srv2 - ok
18:32:37.0962 0x0c74  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:32:37.0978 0x0c74  srvnet - ok
18:32:37.0993 0x0c74  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
18:32:37.0993 0x0c74  SSDPSRV - ok
18:32:38.0009 0x0c74  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
18:32:38.0009 0x0c74  SstpSvc - ok
18:32:38.0103 0x0c74  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:32:38.0134 0x0c74  Steam Client Service - ok
18:32:38.0134 0x0c74  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:32:38.0134 0x0c74  stexstor - ok
18:32:38.0165 0x0c74  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
18:32:38.0181 0x0c74  stisvc - ok
18:32:38.0196 0x0c74  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
18:32:38.0212 0x0c74  storahci - ok
18:32:38.0228 0x0c74  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
18:32:38.0228 0x0c74  storflt - ok
18:32:38.0243 0x0c74  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
18:32:38.0243 0x0c74  stornvme - ok
18:32:38.0259 0x0c74  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc        C:\Windows\system32\storsvc.dll
18:32:38.0259 0x0c74  StorSvc - ok
18:32:38.0274 0x0c74  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\Windows\system32\drivers\storvsc.sys
18:32:38.0274 0x0c74  storvsc - ok
18:32:38.0274 0x0c74  [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp        C:\Windows\System32\drivers\storvsp.sys
18:32:38.0274 0x0c74  storvsp - ok
18:32:38.0290 0x0c74  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc          C:\Windows\system32\svsvc.dll
18:32:38.0290 0x0c74  svsvc - ok
18:32:38.0290 0x0c74  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
18:32:38.0306 0x0c74  swenum - ok
18:32:38.0353 0x0c74  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv          C:\Windows\System32\swprv.dll
18:32:38.0368 0x0c74  swprv - ok
18:32:38.0431 0x0c74  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain        C:\Windows\system32\sysmain.dll
18:32:38.0462 0x0c74  SysMain - ok
18:32:38.0540 0x0c74  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:32:38.0571 0x0c74  SystemEventsBroker - ok
18:32:38.0587 0x0c74  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
18:32:38.0587 0x0c74  TabletInputService - ok
18:32:38.0603 0x0c74  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv        C:\Windows\System32\tapisrv.dll
18:32:38.0618 0x0c74  TapiSrv - ok
18:32:38.0759 0x0c74  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
18:32:38.0806 0x0c74  Tcpip - ok
18:32:38.0868 0x0c74  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:32:38.0915 0x0c74  TCPIP6 - ok
18:32:38.0946 0x0c74  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:32:38.0946 0x0c74  tcpipreg - ok
18:32:38.0962 0x0c74  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
18:32:38.0962 0x0c74  tdx - ok
18:32:39.0196 0x0c74  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
18:32:39.0275 0x0c74  TeamViewer9 - ok
18:32:39.0290 0x0c74  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
18:32:39.0290 0x0c74  terminpt - ok
18:32:39.0337 0x0c74  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService    C:\Windows\System32\termsrv.dll
18:32:39.0353 0x0c74  TermService - ok
18:32:39.0384 0x0c74  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
18:32:39.0384 0x0c74  Themes - ok
18:32:39.0415 0x0c74  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER    C:\Windows\system32\mmcss.dll
18:32:39.0415 0x0c74  THREADORDER - ok
18:32:39.0431 0x0c74  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
18:32:39.0431 0x0c74  TimeBroker - ok
18:32:39.0446 0x0c74  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\Windows\system32\drivers\tpm.sys
18:32:39.0446 0x0c74  TPM - ok
18:32:39.0462 0x0c74  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
18:32:39.0462 0x0c74  TrkWks - ok
18:32:39.0509 0x0c74  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:32:39.0524 0x0c74  TrustedInstaller - ok
18:32:39.0571 0x0c74  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:32:39.0571 0x0c74  TsUsbFlt - ok
18:32:39.0587 0x0c74  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
18:32:39.0587 0x0c74  TsUsbGD - ok
18:32:39.0603 0x0c74  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:32:39.0603 0x0c74  tunnel - ok
18:32:39.0603 0x0c74  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:32:39.0603 0x0c74  uagp35 - ok
18:32:39.0618 0x0c74  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
18:32:39.0618 0x0c74  UASPStor - ok
18:32:39.0649 0x0c74  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
18:32:39.0649 0x0c74  UCX01000 - ok
18:32:39.0665 0x0c74  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:32:39.0681 0x0c74  udfs - ok
18:32:39.0696 0x0c74  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
18:32:39.0696 0x0c74  UEFI - ok
18:32:39.0712 0x0c74  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
18:32:39.0712 0x0c74  UI0Detect - ok
18:32:39.0728 0x0c74  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:32:39.0728 0x0c74  uliagpkx - ok
18:32:39.0774 0x0c74  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\Windows\System32\drivers\umbus.sys
18:32:39.0774 0x0c74  umbus - ok
18:32:39.0790 0x0c74  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
18:32:39.0806 0x0c74  UmPass - ok
18:32:39.0837 0x0c74  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:32:39.0837 0x0c74  UmRdpService - ok
18:32:39.0868 0x0c74  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
18:32:39.0884 0x0c74  upnphost - ok
18:32:39.0915 0x0c74  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
18:32:39.0931 0x0c74  usbccgp - ok
18:32:39.0931 0x0c74  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
18:32:39.0931 0x0c74  usbcir - ok
18:32:39.0962 0x0c74  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
18:32:39.0978 0x0c74  usbehci - ok
18:32:39.0993 0x0c74  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
18:32:39.0993 0x0c74  usbfilter - ok
18:32:40.0024 0x0c74  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
18:32:40.0024 0x0c74  usbhub - ok
18:32:40.0040 0x0c74  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
18:32:40.0056 0x0c74  USBHUB3 - ok
18:32:40.0103 0x0c74  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
18:32:40.0103 0x0c74  usbohci - ok
18:32:40.0134 0x0c74  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
18:32:40.0134 0x0c74  usbprint - ok
18:32:40.0196 0x0c74  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
18:32:40.0196 0x0c74  USBSTOR - ok
18:32:40.0259 0x0c74  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
18:32:40.0259 0x0c74  usbuhci - ok
18:32:40.0321 0x0c74  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
18:32:40.0321 0x0c74  USBXHCI - ok
18:32:40.0353 0x0c74  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:32:40.0353 0x0c74  VaultSvc - ok
18:32:40.0353 0x0c74  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:32:40.0368 0x0c74  vdrvroot - ok
18:32:40.0493 0x0c74  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds            C:\Windows\System32\vds.exe
18:32:40.0524 0x0c74  vds - ok
18:32:40.0524 0x0c74  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
18:32:40.0540 0x0c74  VerifierExt - ok
18:32:40.0556 0x0c74  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
18:32:40.0571 0x0c74  vhdmp - ok
18:32:40.0587 0x0c74  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:32:40.0587 0x0c74  viaide - ok
18:32:40.0587 0x0c74  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid            C:\Windows\System32\drivers\Vid.sys
18:32:40.0603 0x0c74  Vid - ok
18:32:40.0618 0x0c74  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus          C:\Windows\system32\drivers\vmbus.sys
18:32:40.0618 0x0c74  vmbus - ok
18:32:40.0618 0x0c74  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
18:32:40.0634 0x0c74  VMBusHID - ok
18:32:40.0649 0x0c74  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
18:32:40.0649 0x0c74  vmbusr - ok
18:32:40.0681 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
18:32:40.0696 0x0c74  vmicguestinterface - ok
18:32:40.0696 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat  C:\Windows\System32\ICSvc.dll
18:32:40.0712 0x0c74  vmicheartbeat - ok
18:32:40.0728 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:32:40.0743 0x0c74  vmickvpexchange - ok
18:32:40.0743 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv        C:\Windows\System32\ICSvc.dll
18:32:40.0759 0x0c74  vmicrdv - ok
18:32:40.0774 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
18:32:40.0790 0x0c74  vmicshutdown - ok
18:32:40.0790 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
18:32:40.0806 0x0c74  vmictimesync - ok
18:32:40.0821 0x0c74  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss        C:\Windows\System32\ICSvc.dll
18:32:40.0821 0x0c74  vmicvss - ok
18:32:40.0837 0x0c74  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:32:40.0837 0x0c74  volmgr - ok
18:32:40.0868 0x0c74  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
18:32:40.0868 0x0c74  volmgrx - ok
18:32:40.0884 0x0c74  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
18:32:40.0900 0x0c74  volsnap - ok
18:32:40.0900 0x0c74  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
18:32:40.0900 0x0c74  vpci - ok
18:32:40.0915 0x0c74  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp        C:\Windows\System32\drivers\vpcivsp.sys
18:32:40.0915 0x0c74  vpcivsp - ok
18:32:40.0931 0x0c74  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
18:32:40.0931 0x0c74  vsmraid - ok
18:32:41.0040 0x0c74  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS            C:\Windows\system32\vssvc.exe
18:32:41.0071 0x0c74  VSS - ok
18:32:41.0087 0x0c74  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
18:32:41.0087 0x0c74  VSTXRAID - ok
18:32:41.0118 0x0c74  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:32:41.0118 0x0c74  vwifibus - ok
18:32:41.0165 0x0c74  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:32:41.0181 0x0c74  vwififlt - ok
18:32:41.0196 0x0c74  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
18:32:41.0212 0x0c74  vwifimp - ok
18:32:41.0228 0x0c74  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time        C:\Windows\system32\w32time.dll
18:32:41.0243 0x0c74  W32Time - ok
18:32:41.0259 0x0c74  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
18:32:41.0259 0x0c74  WacomPen - ok
18:32:41.0275 0x0c74  [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:32:41.0290 0x0c74  Wanarp - ok
18:32:41.0290 0x0c74  [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:32:41.0290 0x0c74  Wanarpv6 - ok
18:32:41.0353 0x0c74  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
18:32:41.0384 0x0c74  wbengine - ok
18:32:41.0415 0x0c74  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:32:41.0431 0x0c74  WbioSrvc - ok
18:32:41.0446 0x0c74  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
18:32:41.0446 0x0c74  Wcmsvc - ok
18:32:41.0478 0x0c74  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
18:32:41.0478 0x0c74  wcncsvc - ok
18:32:41.0493 0x0c74  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:32:41.0493 0x0c74  WcsPlugInService - ok
18:32:41.0525 0x0c74  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
18:32:41.0525 0x0c74  WdBoot - ok
18:32:41.0603 0x0c74  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:32:41.0634 0x0c74  Wdf01000 - ok
18:32:41.0665 0x0c74  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
18:32:41.0696 0x0c74  WdFilter - ok
18:32:41.0696 0x0c74  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:32:41.0712 0x0c74  WdiServiceHost - ok
18:32:41.0712 0x0c74  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
18:32:41.0712 0x0c74  WdiSystemHost - ok
18:32:41.0728 0x0c74  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
18:32:41.0728 0x0c74  WdNisDrv - ok
18:32:41.0759 0x0c74  WdNisSvc - ok
18:32:41.0790 0x0c74  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient      C:\Windows\System32\webclnt.dll
18:32:41.0790 0x0c74  WebClient - ok
18:32:41.0821 0x0c74  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:32:41.0821 0x0c74  Wecsvc - ok
18:32:41.0837 0x0c74  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
18:32:41.0837 0x0c74  WEPHOSTSVC - ok
18:32:41.0853 0x0c74  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
18:32:41.0853 0x0c74  wercplsupport - ok
18:32:41.0868 0x0c74  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:32:41.0868 0x0c74  WerSvc - ok
18:32:41.0884 0x0c74  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS        C:\Windows\system32\DRIVERS\wfplwfs.sys
18:32:41.0884 0x0c74  WFPLWFS - ok
18:32:41.0900 0x0c74  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
18:32:41.0915 0x0c74  WiaRpc - ok
18:32:41.0931 0x0c74  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:32:41.0931 0x0c74  WIMMount - ok
18:32:41.0931 0x0c74  WinDefend - ok
18:32:41.0962 0x0c74  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
18:32:41.0993 0x0c74  WinHttpAutoProxySvc - ok
18:32:42.0025 0x0c74  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
18:32:42.0025 0x0c74  Winmgmt - ok
18:32:42.0150 0x0c74  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM          C:\Windows\system32\WsmSvc.dll
18:32:42.0212 0x0c74  WinRM - ok
18:32:42.0290 0x0c74  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc        C:\Windows\System32\wlansvc.dll
18:32:42.0321 0x0c74  WlanSvc - ok
18:32:42.0368 0x0c74  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
18:32:42.0400 0x0c74  wlidsvc - ok
18:32:42.0415 0x0c74  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
18:32:42.0415 0x0c74  WmiAcpi - ok
18:32:42.0446 0x0c74  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:32:42.0446 0x0c74  wmiApSrv - ok
18:32:42.0446 0x0c74  WMPNetworkSvc - ok
18:32:42.0478 0x0c74  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\Windows\system32\drivers\Wof.sys
18:32:42.0478 0x0c74  Wof - ok
18:32:42.0525 0x0c74  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
18:32:42.0571 0x0c74  workfolderssvc - ok
18:32:42.0603 0x0c74  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr        C:\Windows\system32\DRIVERS\wpcfltr.sys
18:32:42.0603 0x0c74  wpcfltr - ok
18:32:42.0634 0x0c74  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:32:42.0634 0x0c74  WPCSvc - ok
18:32:42.0665 0x0c74  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:32:42.0681 0x0c74  WPDBusEnum - ok
18:32:42.0696 0x0c74  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
18:32:42.0696 0x0c74  WpdUpFltr - ok
18:32:42.0696 0x0c74  wpnfd_1_10_0_2 - ok
18:32:42.0712 0x0c74  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
18:32:42.0712 0x0c74  ws2ifsl - ok
18:32:42.0759 0x0c74  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:32:42.0775 0x0c74  wscsvc - ok
18:32:42.0790 0x0c74  WSearch - ok
18:32:42.0962 0x0c74  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService      C:\Windows\System32\WSService.dll
18:32:43.0040 0x0c74  WSService - ok
18:32:43.0165 0x0c74  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:32:43.0243 0x0c74  wuauserv - ok
18:32:43.0290 0x0c74  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:32:43.0306 0x0c74  WudfPf - ok
18:32:43.0337 0x0c74  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
18:32:43.0353 0x0c74  WUDFRd - ok
18:32:43.0368 0x0c74  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:43.0368 0x0c74  WUDFSensorLP - ok
18:32:43.0384 0x0c74  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
18:32:43.0400 0x0c74  wudfsvc - ok
18:32:43.0400 0x0c74  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs      C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:43.0400 0x0c74  WUDFWpdFs - ok
18:32:43.0431 0x0c74  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc        C:\Windows\System32\wwansvc.dll
18:32:43.0446 0x0c74  WwanSvc - ok
18:32:43.0478 0x0c74  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\Windows\System32\drivers\xusb22.sys
18:32:43.0493 0x0c74  xusb22 - ok
18:32:43.0493 0x0c74  ================ Scan global ===============================
18:32:43.0556 0x0c74  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
18:32:43.0571 0x0c74  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
18:32:43.0603 0x0c74  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
18:32:43.0634 0x0c74  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
18:32:43.0650 0x0c74  [ Global ] - ok
18:32:43.0650 0x0c74  ================ Scan MBR ==================================
18:32:43.0650 0x0c74  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:32:43.0806 0x0c74  \Device\Harddisk0\DR0 - ok
18:32:43.0821 0x0c74  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:32:43.0884 0x0c74  \Device\Harddisk1\DR1 - ok
18:32:43.0884 0x0c74  ================ Scan VBR ==================================
18:32:43.0900 0x0c74  [ 56E31F542461E82C23D26EA542EFDD14 ] \Device\Harddisk0\DR0\Partition1
18:32:43.0931 0x0c74  \Device\Harddisk0\DR0\Partition1 - ok
18:32:43.0931 0x0c74  [ A25CB02F330B5C729728C60E6DB588EE ] \Device\Harddisk1\DR1\Partition1
18:32:43.0978 0x0c74  \Device\Harddisk1\DR1\Partition1 - ok
18:32:43.0978 0x0c74  ================ Scan generic autorun ======================
18:32:44.0025 0x0c74  [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:32:44.0040 0x0c74  Classic Start Menu - ok
18:32:44.0056 0x0c74  GameforgeLive - ok
18:32:44.0071 0x05c0  Object required for P2P: [ 35608D966D4170CB1E7DB6CBCA7F3483 ] NetHttpService
18:32:44.0150 0x0c74  [ 4F521D834261058DACD22FC48CC72815, D10166DA58BC3CC67C16B95DA88C941B2620A09A8CAC76D3DEC5A4EF80C074DD ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
18:32:44.0165 0x0c74  StartCCC - ok
18:32:44.0228 0x0c74  [ 80086ED442941DE2CA18CB6DAE8C1422, F7BE958F2E8E17970C238E3806F4A742B12DA09EB21093BD6371CF4B580C5BE4 ] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
18:32:44.0275 0x0c74  Aeria Ignite - ok
18:32:44.0321 0x0c74  ConvertAd - ok
18:32:44.0353 0x0c74  OfferBoulevard - ok
18:32:44.0509 0x0c74  [ 0FB5EB5C3639C88A02DADA0BBC079A58, 0C55C5ADEC91999F3C748F369F106BDA7D95237150AB84DD07795AAB10E82BE0 ] C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
18:32:44.0571 0x0c74  Battle.net - ok
18:32:44.0759 0x0c74  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe
18:32:44.0853 0x0c74  Akamai NetSession Interface - ok
18:32:44.0868 0x0c74  Waiting for KSN requests completion. In queue: 227
18:32:45.0884 0x0c74  Waiting for KSN requests completion. In queue: 227
18:32:46.0900 0x0c74  Waiting for KSN requests completion. In queue: 227
18:32:47.0587 0x05c0  Object send P2P result: true
18:32:47.0603 0x05c0  Object required for P2P: [ B66E1D9E07691C2DBF771224EE6C23BE ] ServiceUpdater
18:32:47.0915 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:48.0931 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:49.0946 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:50.0962 0x0c74  Waiting for KSN requests completion. In queue: 97
18:32:51.0087 0x05c0  Object send P2P result: true
18:32:51.0978 0x0c74  Have new async UDS detects: 2
18:32:51.0978 0x0c74  ServiceUpdater - detected UDS:DangerousObject.Multi.Generic ( 0 )
18:32:52.0087 0x0c74  ServiceUpdater ( UDS:DangerousObject.Multi.Generic ) - infected
18:32:52.0087 0x0c74  Force sending object to P2P due to detect: ServiceUpdater
18:32:55.0587 0x0c74  Object send P2P result: true
18:32:58.0150 0x0c74  NetHttpService - detected UDS:DangerousObject.Multi.Generic ( 0 )
18:32:58.0150 0x0c74  NetHttpService ( UDS:DangerousObject.Multi.Generic ) - infected
18:32:58.0150 0x0c74  Force sending object to P2P due to detect: NetHttpService
18:33:01.0634 0x0c74  Object send P2P result: true
18:33:04.0118 0x0c74  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x61100 ( enabled : updated )
18:33:04.0134 0x0c74  Win FW state via NFP2: enabled
18:33:06.0587 0x0c74  ============================================================
18:33:06.0587 0x0c74  Scan finished
18:33:06.0587 0x0c74  ============================================================
18:33:06.0587 0x0ae0  Detected object count: 2
18:33:06.0587 0x0ae0  Actual detected object count: 2
18:33:55.0665 0x0ae0  ServiceUpdater ( UDS:DangerousObject.Multi.Generic ) - skipped by user
18:33:55.0665 0x0ae0  ServiceUpdater ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
18:33:55.0665 0x0ae0  NetHttpService ( UDS:DangerousObject.Multi.Generic ) - skipped by user
18:33:55.0665 0x0ae0  NetHttpService ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip

cosinus 09.01.2015 18:41
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Hassel 11.01.2015 09:42
ADWCleaner
Code:
# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 18:48:16
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : DarkDragons - SHOCKDRAGONS
# Gestartet von : C:\Users\DarkDragons\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginServices
Dienst Gelöscht : netfilter64
Dienst Gelöscht : nethfdrv
Dienst Gelöscht : NethxxpService
Dienst Gelöscht : ServiceUpdater
Dienst Gelöscht : CouponArificService64
[#] Dienst Gelöscht : wpnfd_1_10_0_2

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\ZombieInvasion
Ordner Gelöscht : C:\ProgramData\CoupSocanner
Ordner Gelöscht : C:\ProgramData\7e32c95910c02541
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\ASP
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Probit Software
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\RCP
Ordner Gelöscht : C:\Program Files (x86)\snipsmart
Ordner Gelöscht : C:\Program Files (x86)\OfferBoulevard
Ordner Gelöscht : C:\Program Files (x86)\Search Extensions
Ordner Gelöscht : C:\Program Files (x86)\CoupSocanner
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files\CouponArific
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\Gameo
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\ZombieInvasion
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\Genesis_09190925
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Local\mbot_de_82
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Gameo
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\PennyBee
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Security Systems
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\DarkDragons\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\Extensions\superdrag@enjoyfreeware.org
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\hfpapi.dll
Datei Gelöscht : C:\Windows\SysWOW64\installd.exe
Datei Gelöscht : C:\Windows\SysWOW64\nethtsrv.exe
Datei Gelöscht : C:\Windows\SysWOW64\netupdsrv.exe
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\DarkDragons\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\invalidprefs.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\searchplugins\astromenda.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\user.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\user.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\p97fwsvk.default-1417276636067\user.js
Datei Gelöscht : C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\zay3160o.default-1417290609102\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml

***** [ Tasks ] *****

Task Gelöscht : AmiUpdXp
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ASP
Task Gelöscht : LaunchSignup
Task Gelöscht : PennyBee
Task Gelöscht : InfiniteCrisis TW2
Task Gelöscht : InfiniteCrisis TW1

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9a96531-b093-4d07-9e4c-9704a365c441}]
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [OfferBoulevard]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CoupuScaanneer.CoupuScaanneer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CoupuScaanneer.CoupuScaanneer.3.2
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_de_82]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E56A02B-46FE-4490-B169-F16E5231533B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4B7DEE1-B96D-8900-1FCC-DE83FF5A70DA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\PennyBee
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\WebEnhance
Schlüssel Gelöscht : HKCU\Software\Easy Speed Check
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\StormWatch
Schlüssel Gelöscht : HKCU\Software\CoinisRS
Schlüssel Gelöscht : HKCU\Software\gameo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Browse Safe
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\WordProser_1.10.0.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MA730B5C1-4B55-4F70-B823-BF3F3D0A210F&SearchSource=55&CUI=&UM=6&UP=SP678A7D40-0C70-41B3-AD9D[...]
[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ee5d7wfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "1494e0fbc71b32f3fb13688e5dbfa325");

*************************

AdwCleaner[R0].txt - [19619 octets] - [09/01/2015 18:47:08]
AdwCleaner[S0].txt - [15231 octets] - [09/01/2015 18:48:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15292 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by DarkDragons on 09.01.2015 at 18:54:40,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-9A6A3D32.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\DarkDragons\AppData\Roaming\mozilla\firefox\profiles\62w0zqkx.default-1417292043854\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at 18:56:20,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by DarkDragons (administrator) on SHOCKDRAGONS on 09-01-2015 18:58:23
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Time Lapse Solutions) C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Akamai NetSession Interface] => C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\DarkDragons\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Deutsch (DE) Language Pack - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-09]
FF Extension: Locale Switcher - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-01-09]
FF Extension: Adblock Plus - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\DarkDragons\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                          )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:58 - 2015-01-09 18:58 - 00008767 _____ () C:\Users\DarkDragons\Desktop\FRST.txt
2015-01-09 18:56 - 2015-01-09 18:56 - 00000926 _____ () C:\Users\DarkDragons\Desktop\JRT.txt
2015-01-09 18:54 - 2015-01-09 18:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 18:53 - 2015-01-09 18:54 - 01707939 _____ (Thisisu) C:\Users\DarkDragons\Desktop\JRT.exe
2015-01-09 18:48 - 2015-01-09 18:50 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\ZombieInvasion
2015-01-09 18:47 - 2015-01-09 18:48 - 00000000 ____D () C:\AdwCleaner
2015-01-09 18:46 - 2015-01-09 18:46 - 02191360 _____ () C:\Users\DarkDragons\Desktop\AdwCleaner_4.107.exe
2015-01-09 18:30 - 2015-01-09 18:30 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\DarkDragons\Desktop\tdsskiller.exe
2015-01-09 17:50 - 2015-01-09 17:50 - 00000687 _____ () C:\awhFAE7.tmp
2015-01-09 17:33 - 2015-01-09 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 17:33 - 2015-01-09 18:10 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 17:33 - 2015-01-09 17:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 17:31 - 2015-01-09 18:21 - 00000000 ____D () C:\Users\DarkDragons\Desktop\mbar
2015-01-09 17:31 - 2015-01-09 18:09 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 15:30 - 2015-01-09 18:58 - 00000000 ____D () C:\FRST
2015-01-09 15:29 - 2015-01-09 15:29 - 02124288 _____ (Farbar) C:\Users\DarkDragons\Desktop\FRST64.exe
2015-01-04 20:29 - 2015-01-04 20:29 - 00000687 _____ () C:\awh2A63.tmp
2015-01-03 14:54 - 2015-01-03 14:54 - 00000687 _____ () C:\awhB136.tmp
2015-01-01 10:39 - 2015-01-01 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-12-24 13:16 - 2014-12-24 13:16 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Alien Isolation.url
2014-12-23 11:18 - 2014-12-23 11:18 - 00000687 _____ () C:\awh81D9.tmp
2014-12-21 20:45 - 2014-12-21 20:45 - 00000687 _____ () C:\awhEC60.tmp
2014-12-19 18:44 - 2014-12-19 18:44 - 00000687 _____ () C:\awh4855.tmp
2014-12-18 20:31 - 2014-12-18 20:32 - 00280752 _____ () C:\Windows\Minidump\121814-25093-01.dmp
2014-12-18 20:31 - 2014-12-18 20:31 - 696154421 _____ () C:\Windows\MEMORY.DMP
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 21:56 - 2014-12-16 21:56 - 00000687 _____ () C:\awhF7AA.tmp
2014-12-16 21:25 - 2014-12-16 21:25 - 00000687 _____ () C:\awh9CB.tmp
2014-12-15 23:06 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 23:06 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 16:33 - 2014-12-14 16:33 - 00000687 _____ () C:\awh966D.tmp
2014-12-12 14:03 - 2014-12-12 14:03 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Sacred 3.url
2014-12-12 08:47 - 2014-12-12 08:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 05:06 - 2014-12-10 05:06 - 00000687 _____ () C:\awhB13.tmp
2014-12-10 00:08 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 00:08 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 00:08 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 18:54 - 2014-05-16 18:29 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357861172-224482980-2813433480-1001
2015-01-09 18:50 - 2014-05-16 18:15 - 01667223 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 18:49 - 2014-03-18 02:51 - 00109654 _____ () C:\Windows\PFRO.log
2015-01-09 18:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 18:44 - 2014-10-19 14:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 18:34 - 2014-05-16 18:45 - 00000000 ____D () C:\Users\DarkDragons\AppData\Roaming\ClassicShell
2015-01-09 18:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-09 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-09 17:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2015-01-09 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-09 15:23 - 2014-05-16 18:34 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7F5C46-D0D5-44D6-A666-2A83C8BD8ED4}
2015-01-05 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 00:19 - 2014-06-07 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 00:19 - 2014-05-16 18:18 - 00000000 ____D () C:\Users\DarkDragons
2015-01-04 20:19 - 2014-05-16 18:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\JDownloader v2.0
2014-12-31 12:14 - 2014-08-30 21:15 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 20:38 - 2014-06-20 16:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-18 18:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 20:53 - 2014-09-02 09:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Akamai
2014-12-16 21:19 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 22:11 - 2014-05-18 12:07 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Battle.net
2014-12-12 16:37 - 2014-06-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-12 12:46 - 2014-06-22 14:57 - 00000000 ____D () C:\Users\DarkDragons\Documents\StarCraft II
2014-12-12 10:02 - 2014-05-18 12:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-11 15:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 00:15 - 2014-05-19 10:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 00:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 00:10 - 2014-05-19 10:14 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 02:51

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-09 18:59:04
Running from C:\Users\DarkDragons\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders Ancient Alien Makeover (HKLM-x32\...\7 Wonders Ancient Alien Makeover) (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version:  - EA Los Angeles)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legends of Aethereus (HKLM-x32\...\Steam App 248410) (Version:  - Three Gates)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version:  - CAPCOM CO., LTD.)
Mahjong Secrets (HKLM-x32\...\Mahjong Secrets_is1) (Version: 1.0 - Playrix Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37803 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Blitz 1.0 (HKLM\...\{F249E83F-ADF4-4159-BAF5-485965489228}) (Version: 1.0 - Headup Games)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.46 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 10:39:34 Geplanter Prüfpunkt
03-01-2015 12:51:49 Geplanter Prüfpunkt
09-01-2015 17:43:56 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {61926872-C938-4599-8D44-3B91DEE5ABA5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {76C24555-6063-4DCB-9089-A68312B203C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {A7B28A0A-56B9-4DAC-AA00-DC32A9A2307C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-22 20:59 - 2014-05-22 20:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-22 20:59 - 2014-05-22 20:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-12 08:47 - 2014-12-12 08:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\DarkDragons:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Cookies:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "GameforgeLive"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357861172-224482980-2813433480-500 - Administrator - Disabled)
DarkDragons (S-1-5-21-2357861172-224482980-2813433480-1001 - Administrator - Enabled) => C:\Users\DarkDragons
Gast (S-1-5-21-2357861172-224482980-2813433480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2357861172-224482980-2813433480-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 06:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x03af4e50
ID des fehlerhaften Prozesses: 0xa48
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0x9c0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x011d4e50
ID des fehlerhaften Prozesses: 0x9c0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x01644e50
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0xc70
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x011d4e50
ID des fehlerhaften Prozesses: 0xc70
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x706b90df
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/09/2015 06:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x03b34e50
ID des fehlerhaften Prozesses: 0xe94
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/09/2015 06:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90dfa4801d02c35e95fbb8cC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown27cb0373-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a503af4e50a4801d02c35e95fbb8cC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown2715d09d-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90df9c001d02c35c7fc68c0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown06654e70-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5011d4e509c001d02c35c7fc68c0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown05b27dfd-9829-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90df60801d02c35b0bd7846C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownef23fb98-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a501644e5060801d02c35b0bd7846C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownee738d83-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90dfc7001d02c35aebcde67C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowned19d85f-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a5011d4e50c7001d02c35aebcde67C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownec709150-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005706b90dfe9401d02c35ab67541aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowne9d039d3-9828-11e4-8289-1c6f658f0b60

Error: (01/09/2015 06:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a503b34e50e9401d02c35ab67541aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowne91d6961-9828-11e4-8289-1c6f658f0b60


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 18%
Total physical RAM: 8189.55 MB
Available physical RAM: 6686.38 MB
Total Pagefile: 16381.55 MB
Available Pagefile: 14885.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:431.02 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:510.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B788E10F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C1DEE9F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

habe probleme mit dem plugin adobe flash es stürzt dauernd ab und im hintergrund kommt auch ständig werbung mit zombie invasion im browser

Muss nochwas gemacht werden oder sind wir soweit durch? Was war eigentlich der Grund? War was schlimmes dran?

cosinus 11.01.2015 14:19
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
C:\Users\DarkDragons\AppData\Roaming\sweet-page
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe
C:\ProgramData\sAIkGLEQxy
C:\Program Files (x86)\Enigma Software Group
C:\awhFAE7.tmp
C:\awh2A63.tmp
C:\awhB136.tmp
C:\awh81D9.tmp
C:\awhEC60.tmp
C:\awh4855.tmp
C:\awhF7AA.tmp
C:\awh9CB.tmp
C:\awh966D.tmp
C:\awhB13.tmp
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Hassel 13.01.2015 17:53
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-13 17:47:06 Run:2
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58835;https=127.0.0.1:58835
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 HfnISlqYdAO; C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe [2726776 2014-11-05] (Time Lapse Solutions)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {26BB7950-F533-4E0B-A2B2-AB596E93BDAD} - System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => pcalua.exe -a C:\Users\DarkDragons\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {8AC7A3BA-D971-4989-A537-552B3F77AD2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
C:\Users\DarkDragons\AppData\Roaming\sweet-page
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe
C:\ProgramData\sAIkGLEQxy
C:\Program Files (x86)\Enigma Software Group
C:\awhFAE7.tmp
C:\awh2A63.tmp
C:\awhB136.tmp
C:\awh81D9.tmp
C:\awhEC60.tmp
C:\awh4855.tmp
C:\awhF7AA.tmp
C:\awh9CB.tmp
C:\awh966D.tmp
C:\awhB13.tmp
EmptyTemp:
Hosts:
       
*****************

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HfnISlqYdAO => Service not found.
esgiguard => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26BB7950-F533-4E0B-A2B2-AB596E93BDAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26BB7950-F533-4E0B-A2B2-AB596E93BDAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C92F1C80-09A6-4F0E-BE60-F3B8E05A916D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8AC7A3BA-D971-4989-A537-552B3F77AD2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AC7A3BA-D971-4989-A537-552B3F77AD2E}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Windows\AutoKMS => Moved successfully.
"C:\Users\DarkDragons\AppData\Roaming\sweet-page" => File/Directory not found.
C:\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\proxy_vole2549036137409174358.dll => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\srv17858.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\srv3114.exe => Moved successfully.
C:\Users\DarkDragons\AppData\Local\Temp\srv69867.exe => Moved successfully.

"C:\ProgramData\sAIkGLEQxy" directory move:

Could not move "C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.dat" => Scheduled to move on reboot.
C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe => Moved successfully.
C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe.config => Moved successfully.
Could not move "C:\ProgramData\sAIkGLEQxy\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\ihLAgOtCCuQ.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\TYpiSJlKegW.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\sAIkGLEQxy" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\awhFAE7.tmp => Moved successfully.
C:\awh2A63.tmp => Moved successfully.
C:\awhB136.tmp => Moved successfully.
C:\awh81D9.tmp => Moved successfully.
C:\awhEC60.tmp => Moved successfully.
C:\awh4855.tmp => Moved successfully.
C:\awhF7AA.tmp => Moved successfully.
C:\awh9CB.tmp => Moved successfully.
C:\awh966D.tmp => Moved successfully.
C:\awhB13.tmp => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 14.9 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-13 17:51:28)<=

C:\ProgramData\sAIkGLEQxy\HfnISlqYdAO.dat => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\info.dat => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\ihLAgOtCCuQ.dll => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\TYpiSJlKegW.dll => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe.config => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe => Is moved successfully.
C:\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe.config => Is moved successfully.
C:\ProgramData\sAIkGLEQxy => Is moved successfully.

==== End of Fixlog 17:51:28 ====

cosinus 13.01.2015 18:25
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Hassel 13.01.2015 18:34

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by DarkDragons (administrator) on SHOCKDRAGONS on 13-01-2015 18:31:06
Running from C:\Users\DarkDragons\Desktop
Loaded Profile: DarkDragons (Available profiles: DarkDragons)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [GameforgeLive] => "C:\Program Files (x86)\GameforgeLive\gfl_client.exe" -autostart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Run: [Akamai NetSession Interface] => C:\Users\DarkDragons\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\DarkDragons\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Deutsch (DE) Language Pack - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-01-09]
FF Extension: Locale Switcher - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-01-09]
FF Extension: Adblock Plus - C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\62w0zqkx.default-1417292043854\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\DarkDragons\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                          )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:31 - 2015-01-13 18:31 - 00007903 _____ () C:\Users\DarkDragons\Desktop\FRST.txt
2015-01-09 18:54 - 2015-01-09 18:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 18:53 - 2015-01-09 18:54 - 01707939 _____ (Thisisu) C:\Users\DarkDragons\Desktop\JRT.exe
2015-01-09 18:48 - 2015-01-09 18:50 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\ZombieInvasion
2015-01-09 18:47 - 2015-01-09 18:48 - 00000000 ____D () C:\AdwCleaner
2015-01-09 18:46 - 2015-01-09 18:46 - 02191360 _____ () C:\Users\DarkDragons\Desktop\AdwCleaner_4.107.exe
2015-01-09 18:30 - 2015-01-09 18:30 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\DarkDragons\Desktop\tdsskiller.exe
2015-01-09 17:33 - 2015-01-09 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 17:33 - 2015-01-09 18:10 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 17:33 - 2015-01-09 17:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 17:31 - 2015-01-09 18:21 - 00000000 ____D () C:\Users\DarkDragons\Desktop\mbar
2015-01-09 17:31 - 2015-01-09 18:09 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 15:30 - 2015-01-13 18:31 - 00000000 ____D () C:\FRST
2015-01-09 15:29 - 2015-01-09 15:29 - 02124288 _____ (Farbar) C:\Users\DarkDragons\Desktop\FRST64.exe
2015-01-01 10:39 - 2015-01-01 10:39 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-12-24 13:16 - 2014-12-24 13:16 - 00000222 _____ () C:\Users\DarkDragons\Desktop\Alien Isolation.url
2014-12-18 20:31 - 2014-12-18 20:32 - 00280752 _____ () C:\Windows\Minidump\121814-25093-01.dmp
2014-12-18 20:31 - 2014-12-18 20:31 - 696154421 _____ () C:\Windows\MEMORY.DMP
2014-12-18 20:31 - 2014-12-18 20:31 - 00000000 ____D () C:\Windows\Minidump
2014-12-15 23:06 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 23:06 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:29 - 2014-05-16 18:15 - 01890446 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 18:20 - 2014-05-16 18:45 - 00000000 ____D () C:\Users\DarkDragons\AppData\Roaming\ClassicShell
2015-01-13 18:15 - 2014-05-16 18:29 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2357861172-224482980-2813433480-1001
2015-01-13 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-13 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-13 17:51 - 2014-09-16 18:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-13 17:50 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 17:46 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-13 17:45 - 2014-05-16 18:34 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC7F5C46-D0D5-44D6-A666-2A83C8BD8ED4}
2015-01-13 17:44 - 2014-10-19 14:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 19:56 - 2014-05-18 12:07 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Battle.net
2015-01-09 18:49 - 2014-03-18 02:51 - 00109654 _____ () C:\Windows\PFRO.log
2015-01-09 18:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-09 17:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2015-01-05 09:03 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 00:19 - 2014-06-07 07:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 00:19 - 2014-05-16 18:18 - 00000000 ____D () C:\Users\DarkDragons
2015-01-04 20:19 - 2014-05-16 18:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\JDownloader v2.0
2014-12-31 12:14 - 2014-08-30 21:15 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 20:38 - 2014-06-20 16:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-18 18:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 20:53 - 2014-09-02 09:48 - 00000000 ____D () C:\Users\DarkDragons\AppData\Local\Akamai
2014-12-16 21:19 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-13 18:03

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by DarkDragons at 2015-01-13 18:31:53
Running from C:\Users\DarkDragons\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders Ancient Alien Makeover (HKLM-x32\...\7 Wonders Ancient Alien Makeover) (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
Command and Conquer: Red Alert 3 (HKLM-x32\...\Steam App 17480) (Version:  - EA Los Angeles)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legends of Aethereus (HKLM-x32\...\Steam App 248410) (Version:  - Three Gates)
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version:  - Spark Unlimited)
Lost Planet: Extreme Condition - Colonies Edition (HKLM-x32\...\Steam App 45720) (Version:  - CAPCOM CO., LTD.)
Mahjong Secrets (HKLM-x32\...\Mahjong Secrets_is1) (Version: 1.0 - Playrix Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37803 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Blitz 1.0 (HKLM\...\{F249E83F-ADF4-4159-BAF5-485965489228}) (Version: 1.0 - Headup Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 10:39:34 Geplanter Prüfpunkt
03-01-2015 12:51:49 Geplanter Prüfpunkt
09-01-2015 17:43:56 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-01-13 17:47 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {61926872-C938-4599-8D44-3B91DEE5ABA5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {76C24555-6063-4DCB-9089-A68312B203C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {CD462D9A-A2DE-487A-AB86-9A2EB9944E98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-22 20:59 - 2014-05-22 20:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-22 20:59 - 2014-05-22 20:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-12 08:47 - 2014-12-12 08:47 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\DarkDragons:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Cookies:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\DarkDragons\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "GameforgeLive"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2357861172-224482980-2813433480-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

========================= Accounts: ==========================

Administrator (S-1-5-21-2357861172-224482980-2813433480-500 - Administrator - Disabled)
DarkDragons (S-1-5-21-2357861172-224482980-2813433480-1001 - Administrator - Enabled) => C:\Users\DarkDragons
Gast (S-1-5-21-2357861172-224482980-2813433480-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2357861172-224482980-2813433480-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 06:29:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/13/2015 06:29:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/13/2015 05:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x711090df
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x9ac
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (01/13/2015 05:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00554e50
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x711090df
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00814e50
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5

Error: (01/13/2015 05:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe, Version: 15.0.0.246, Zeitstempel: 0x548108cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x711090df
ID des fehlerhaften Prozesses: 0xd54
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_246.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_246.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_246.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_246.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_246.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_246.exe5


System errors:
=============
Error: (01/13/2015 06:04:18 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/13/2015 06:03:48 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/13/2015 05:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/09/2015 07:57:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/09/2015 07:56:30 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:56:00 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:55:30 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:55:00 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:54:30 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/09/2015 07:54:00 PM) (Source: DCOM) (EventID: 10010) (User: ShockDragons)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (01/13/2015 06:29:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/13/2015 06:29:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/13/2015 05:51:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/13/2015 05:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005711090dfc001d02f509033fa39C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncedbe128-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014259ac01d02f50902d6a9fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllcea2a8b5-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500554e50c001d02f509033fa39C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncde9bca2-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005711090dfba801d02f508d402a91C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncbedbe21-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00001a500814e50ba801d02f508d402a91C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknowncaf74c93-9b43-11e4-828a-1c6f658f0b60

Error: (01/13/2015 05:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c0000005711090dfd5401d02f508a45cb23C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknownc8dd6562-9b43-11e4-828a-1c6f658f0b60


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 16%
Total physical RAM: 8189.55 MB
Available physical RAM: 6824.43 MB
Total Pagefile: 16381.55 MB
Available Pagefile: 14980.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:440.54 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:510.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B788E10F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C1DEE9F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 13.01.2015 23:07
Sieht schon besser aus...

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Hassel 14.01.2015 19:00
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 14.01.2015 16:58:41, SYSTEM, SHOCKDRAGONS, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1,
Update, 14.01.2015 16:58:41, SYSTEM, SHOCKDRAGONS, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 14.01.2015 16:59:03, SYSTEM, SHOCKDRAGONS, Manual, Malware Database, 2014.11.20.6, 2015.1.14.7,
Scan, 14.01.2015 17:00:01, SYSTEM, SHOCKDRAGONS, Manual, Start: % 1 "% 2", Dauer: % 1 min 0 Sekunden, Bedrohungs-Suchlauf, Abgebrochen, 0 Malwareerkennung, 0-Malwareerkennung,
Scan, 14.01.2015 17:23:42, SYSTEM, SHOCKDRAGONS, Manual, Start: % 1 "% 2", Dauer: % 1 min 8 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 163-Malwareerkennung,

(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a5c72016f07b324094baad8ec80335ac
# engine=21965
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-14 05:36:21
# local_time=2015-01-14 06:36:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5959 11561300 0 0
# scanned=262891
# found=26
# cleaned=0
# scan_time=3406
sh=5963292E1A864B7E273E281E18F9FE29358A584C ft=1 fh=79168b97a649e56e vn="Variante von MSIL/Toolbar.Linkury.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\OfferBoulevard\OfferBoulevard.exe.vir"
sh=8E2AC938704E0B7AE5E009347A030C9D307CA74C ft=1 fh=d359114b7701c185 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\EasySpeedPC.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=B98CC768972AA2AAAE443ECCF85B42124D7D8BC6 ft=1 fh=c71c0011f1d4280e vn="Variante von Win32/Skintrim.MI Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DarkDragons\AppData\Local\Genesis_09190925\Genesis_09190925.exe.vir"
sh=A3536EB9885B92D66746028B26F2585F110EC168 ft=1 fh=1e4f5d0e56b94cda vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DarkDragons\AppData\Local\mbot_de_82\Download\majmp_gentleeu.exe.vir"
sh=CB5FE6296C4D941C0D43D41F59BB19163C55ED77 ft=1 fh=30812d360a4b1b62 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DarkDragons\AppData\Roaming\Security Systems\uninstaller.exe.vir"
sh=878C9CA003D562781690D7B54DABE6A46F37C4D6 ft=1 fh=bdd3b5485dd29ea4 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DarkDragons\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=8DAB587D2E00A42A74A3CC163D1EF1BA73FBBD0E ft=1 fh=86650cc166570c10 vn="Variante von Win32/Amonetize.CS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\nethtsrv.exe.vir"
sh=FFCE96C27BA35B2CD2D1815C9620888225FB2632 ft=1 fh=b54025548bd83731 vn="Variante von Win32/Amonetize.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\netupdsrv.exe.vir"
sh=D69E0D3EA4CFDDC43E96657B4E6602F31E61F0D5 ft=1 fh=f0f779e915f423a3 vn="Variante von MSIL/Adware.PullUpdate.G.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sAIkGLEQxy\HfnISlqYdAO.exe.xBAD"
sh=FDD75F2BC7FE5C84E37596A278C27B653B9034C6 ft=1 fh=26c2b7b9d946f86d vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sAIkGLEQxy\dat\ihLAgOtCCuQ.dll.xBAD"
sh=664C80FAC7419A3C544C99E1E2AA28A30CBED9FA ft=1 fh=6d9d2f654b858eb8 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sAIkGLEQxy\dat\TYpiSJlKegW.dll.xBAD"
sh=26C7F96352BDBA384EF98A034BEBF639AD35716F ft=1 fh=28d249c4d227eac3 vn="Variante von MSIL/Adware.PullUpdate.G.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sAIkGLEQxy\dat\WQsWgZ.exe.xBAD"
sh=8018A57EB5649E702B7E73D12C4C247DECA069AB ft=1 fh=06df323d7ad8b1e1 vn="Variante von MSIL/Adware.PullUpdate.G.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sAIkGLEQxy\dat\wtxXqiGoXAH.exe.xBAD"
sh=D8865F7D5991BB5345CA65297E6682BA8A8B5E5B ft=1 fh=743b05b3cb705fdf vn="Variante von Win32/OutBrowse.BA evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DarkDragons\AppData\Local\Temp\bchcabebbbfg.exe.xBAD"
sh=2DC0A582BAB281082F18022D54BA121453A7826A ft=1 fh=c71c001122f5036b vn="Variante von Win32/Amonetize.BP evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DarkDragons\AppData\Local\Temp\Launcher__10890.exe.xBAD"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DarkDragons\AppData\Local\Temp\SPINT-G.exe.xBAD"
sh=24DA39AA072AE86EADAC823CF31E32927D2DD6CF ft=1 fh=86650cc11bed98c3 vn="Variante von Win32/Amonetize.CS evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DarkDragons\AppData\Local\Temp\srv17858.exe.xBAD"
sh=11FC2C4A0A54A9082122C0C63E24FB7EB218BAE1 ft=1 fh=5778d0b11cb792e7 vn="Variante von Win32/Amonetize.CC evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DarkDragons\AppData\Local\Temp\srv3114.exe.xBAD"
sh=10309AF1089218BD03899E2818FC8CB6C61BF420 ft=1 fh=b6596053e4b4da21 vn="Variante von Win32/Amonetize.CH evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DarkDragons\AppData\Local\Temp\srv69867.exe.xBAD"
sh=FAACEA5E04C2482C5AC74F78443A869B735B3E4A ft=1 fh=d350ef7e01424d49 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DarkDragons\AppData\Local\nst4BE7.tmp"

cosinus 14.01.2015 21:30
Bitte das richtige Log von MBAM posten...steht in der Anleitung.

Hassel 15.01.2015 16:37
sry mein Fehler

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 14.01.2015
Suchlauf-Zeit: 17:00:10
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.14.07
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: DarkDragons

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335171
Verstrichene Zeit: 8 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.OfferBoulevard.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OfferBLVD, In Quarantäne, [87c8fdfa8306bb7b1c1098e73fc427d9],
PUP.Optional.BrowserApps.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser+ Apps+, In Quarantäne, [3a151bdc8603979f687c076d3cc709f7],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaXPro 1.4V26.10, In Quarantäne, [2e2172853a4f9e980273d1a65ba833cd],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQuality-v3V05.10, In Quarantäne, [66e904f35f2a92a4e71ffa84ee151ae6],
PUP.Optional.Lasaoren.A, HKU\S-1-5-21-2357861172-224482980-2813433480-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Lasaoren, In Quarantäne, [91be847352373cfa6a3b33badd27a15f],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2357861172-224482980-2813433480-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectIN4T, In Quarantäne, [1d32cc2b69205adc8545ce21ab59f20e],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 19
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, In Quarantäne, [2c237483addc4beb71c4f59755ae817f],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults\preferences, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\userCode, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale\en-US, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.ZombieInvasion.A, C:\Users\DarkDragons\AppData\Local\ZombieInvasion, In Quarantäne, [202ff0074a3f360069d49bbf32d1f30d],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C, In Quarantäne, [173817e09bee79bd30dd263d2ed533cd],
PUP.Optional.FastPlayer.A, C:\Users\DarkDragons\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q, In Quarantäne, [b49b56a15831ad89da22a5c514efd030],
PUP.Optional.FastPlayer.A, C:\Users\DarkDragons\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.1, In Quarantäne, [b49b56a15831ad89da22a5c514efd030],
PUP.Optional.FastPlayer.A, C:\Users\DarkDragons\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.3, In Quarantäne, [b49b56a15831ad89da22a5c514efd030],

Dateien: 138
PUP.Optional.CinemaMax.A, C:\Users\DarkDragons\AppData\Roaming\DS.exe, In Quarantäne, [e56a2bccfd8c2016c8c4626540c54eb2],
PUP.Optional.CinemaMax.A, C:\Users\DarkDragons\AppData\Roaming\NKVO.exe, In Quarantäne, [103f0dea4346d3635339d6f131d47d83],
PUP.Optional.InstallCore, C:\Users\DarkDragons\Desktop\adobe_flash_setup.exe, In Quarantäne, [490642b58cfdd95d50066718b352ef11],
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfnapi.dll, In Quarantäne, [73dc14e3dcad1224dd28b419cc353dc3],
PUP.Optional.DownloadAssistant, C:\Users\DarkDragons\Downloads\installer_vlc_media_player_German.exe, In Quarantäne, [ed6249aee7a268ceb6ed4499f40d9d63],
PUP.Optional.SmartSec, C:\Users\DarkDragons\Downloads\Setup.exe, In Quarantäne, [c48b36c14c3d241287e963958b76cb35],
PUP.Optional.Amonetize, C:\Users\DarkDragons\AppData\Local\1959\Updater.exe, In Quarantäne, [b69931c6c2c743f3e47ef1e4c33eaa56],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIE15A.tmp, In Quarantäne, [232cc03745448aace1a242ece917de22],
PUP.Optional.Proxy.A, C:\Users\DarkDragons\AppData\Local\proxy.log, In Quarantäne, [5df2f30490f9dd59a302ec9ac0434bb5],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, In Quarantäne, [2c237483addc4beb71c4f59755ae817f],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, In Quarantäne, [2c237483addc4beb71c4f59755ae817f],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, In Quarantäne, [2c237483addc4beb71c4f59755ae817f],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome.manifest, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\install.rdf, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\1e1671910dd2205257110168abca1e0a.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\2a54b58eb3076ca8928a9442697d3a9f.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\988a6d61ec3014ced7b6104bc7bb55f9.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\background.html, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\browser.xul, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\c027e236f2c342426255542d70aa27ad.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\c9824c792c75509bb3561342d005f2ad.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\dialog.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\f8ece264d774c0e65c8bc163529eaa2b.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\options.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\options.xul, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\search_dialog.xul, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\09ef4c1269abcce539f8334d39eab09a.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\21a3e1b2056f728574606d945b400c09.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\24adeb4a2af6265ce166018eb8d70e45.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\2af50a60b7e48c5e767fc3a82b3950d4.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\43db03d485fb3d5812e314b5b00892ee.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\4735f88bd560e1f832bd3e7a9ad2d699.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\4fb130873929d4a18e3615752af11d93.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\53c52d5fa9a47815fa6a036cf8de55ed.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\6ccfaf69df2164435df3d612b6028bce.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\898ccbee66eed1b8081db164ac9645e9.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\b4016a0a3b918c8c7ac1bd731f990185.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\e0474a2eea08d969fd4dfba5ba8293ad.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\e0baa9f6fcee12e9de572bbefab852d3.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\edf36f33f77ebeeae51a8af66fc5ef63.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\f0b241c5981dcde445c92c41ae437856.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api\f59288c8aa1f6e8c9fe15d4b7d78766c.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\08f0f65058b4148c8ba18e2f1b2692a9.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\28e0605b93a4835ed476a74ff56715ff.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\4381316865a5f0811e26c99acd9a6168.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\492bb4052dbb91b74406e5f34b252da5.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\4af7c412cf359d5fab1641ff71f7de98.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\51667ce12b0a34fe5d8354ee98622ad7.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\6611a620e0837bdea9d129d45f7d650d.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\705bbf0cb24bfe8c052358e598956ce5.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\777d640194584674fc3b1b20acce6353.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\85b31fba219ff6a89ff2b720254ab5c1.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\9db4b599d6647b4292616a9a5ab9c22a.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\b003193df7fe3d45c1e0edef096a3f44.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\b6d9998cadb0ca698057dc1024dfb4c0.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\cf9531507d18aa65556b63bc36a02dab.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\d6506bbab2e7e1df06b2489509a05069.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\df4e1c0644dbf78833e565d771e7759e.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\e434aefa6beb150fa6e982cee92e3ffa.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\f3263142332b28bfe868ebd99fd61fea.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\f40dec66eb6b2f4f958b81691c899cfa.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\f92bd6e31247563e895d772a1583f33a.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core\installer.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults\preferences\prefs.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\manifest.xml, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins.json, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\246.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\102.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\104.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\119.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\123.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\13.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\14.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\16.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\17.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\178.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\179.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\180.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\184.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\195.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\200.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\220.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\221.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\223.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\226.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\231.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\232.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\234.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\242.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\244.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\260.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\262.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\263.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\268.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\273.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\275.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\281.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\286.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\288.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\289.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\291.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\300.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\302.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\315.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\4.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\47.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\64.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\7.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\78.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\9.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\91.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\93.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\userCode\background.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\userCode\extension.js, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale\en-US\translations.dtd, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\button1.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\button2.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\button3.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\button4.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\button5.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\crossrider_statusbar.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\icon128.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\icon16.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\icon24.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\icon48.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\panelarrow-up.png, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\popup.html, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\skin.css, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.CrossRider.A, C:\Users\DarkDragons\AppData\Roaming\Mozilla\Firefox\Profiles\ee5d7wfj.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin\update.css, In Quarantäne, [222d08efddacb77ffa29df76ea19bd43],
PUP.Optional.ZombieInvasion.A, C:\Users\DarkDragons\AppData\Local\ZombieInvasion\data2.dat, In Quarantäne, [202ff0074a3f360069d49bbf32d1f30d],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe, In Quarantäne, [173817e09bee79bd30dd263d2ed533cd],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\libeay32.dll, In Quarantäne, [173817e09bee79bd30dd263d2ed533cd],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll, In Quarantäne, [173817e09bee79bd30dd263d2ed533cd],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll, In Quarantäne, [173817e09bee79bd30dd263d2ed533cd],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ssleay32.dll, In Quarantäne, [173817e09bee79bd30dd263d2ed533cd],
PUP.Optional.FastPlayer.A, C:\Users\DarkDragons\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.1\user.config, In Quarantäne, [b49b56a15831ad89da22a5c514efd030],
PUP.Optional.FastPlayer.A, C:\Users\DarkDragons\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.3\user.config, In Quarantäne, [b49b56a15831ad89da22a5c514efd030],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

cosinus 15.01.2015 16:43
Nur PUP-Reste.....

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\DarkDragons\AppData\Local\nst4BE7.tmp
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Hassel 15.01.2015 17:27
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by DarkDragons at 2015-01-15 17:25:17 Run:3
Running from C:\Users\DarkDragons\Desktop
Loaded Profiles: DarkDragons (Available profiles: DarkDragons)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\DarkDragons\AppData\Local\nst4BE7.tmp
EmptyTemp:
Hosts:
*****************

C:\Users\DarkDragons\AppData\Local\nst4BE7.tmp => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 25 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:25:17 ====

Hassel 15.01.2015 17:39
Liste der Anhänge anzeigen (Anzahl: 1)
habe noch auf festplatte E (zweite Festplatte) so einen komischen Ordner namens 2334acf3c086d8802a8c2f05 den ich nicht löschen kann oder ähnliches der inhalt sind lauter unterordner mit zahlen wie 1025 1028 usw wo ich nicht rein komme.

cosinus 15.01.2015 20:19
Solche Ordner werden von den Windows-Updates erstellt (ndp45.....exe => MS .NET Framwork 4.5)

Hassel 15.01.2015 20:37
ok wie gehts weiter was muss ich jetz tun?

cosinus 15.01.2015 20:38
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hassel 16.01.2015 08:35
Habe jetz Adblock für Mozilla draufinstalliert, sollte ich torzdem noch zusätzlich Ghostery draufinstallieren?

Die dinge die Malwarebyte gefunden hat und jetz in der Quarantäne sind kann ich die endgültig löschen und die 25 fünde die der Eset-Online Scanner hatte kann ich die auch löschen? oder sind das alles nur Cockies?

Ansonsten was könnte es ausgelöst haben, das t-online meinem Bruder so eine Post schickt. War da jetzt spionage software drauf muss ich jetzt alle pws ändern?

cosinus 16.01.2015 10:23
Schau dir die Logs mit den Funden doch mal an v.a. MBAR. Da wurden Agents gefunden...

Für meine Belange reicht Ghostery allein aus.


Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hassel 16.01.2015 12:41
Leider sagen mir die logs nicht viel =)

habe aber mal nachgelesen was so ein agent ist. ist zum ausspähen von daten. Man weis wie lange die schon drauf waren.

ok somit werde ich alle pws ändern =)

ich danke dir vielmals für deine Hilfe und deine Mühe.....

super arbeit und pc endlich wieder sauber =)

das freut mich


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:51 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130