Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   irgendwas eingefangen?? (https://www.trojaner-board.de/164906-irgendwas-eingefangen.html)

molchi 10.03.2015 00:13
irgendwas eingefangen??
 
hallo ihr, ich verzweifel grad.
ich hab seit 2 tagen egal mit welchem Browser und egal auf welcher webseite massig kleine Popups die zum Teil aussehen wie winzige ICQ-Fenster welche von der Adresse mobalives.com kommen, und minispielewerbepopups welche von opresat.ru kommen. Außerdem hab ich regelmäßig große Popups auf eine Seite namens adultcameras.info.

Hab nun sachon malwarebytes, adwcleaner und Microsoft safetyscanner drüberlaufen lassen, alles bisher ohne Erfolg. Was kann ich noch tun bevor ich durchdreh und das sytem neu aufsetze? Dank euch schonmal :)

schrauber 10.03.2015 06:12
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


molchi 10.03.2015 06:59
die FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by molchi (administrator) on MOLCHI-PC on 10-03-2015 06:54:02
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3838\Agent.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5566\Battle.net.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\...\MountPoints2: {8bc2db1a-ca89-11e3-ab8f-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={170A8DC2-4607-4B3D-9606-C4EDEC211CCF}&mid=1f0fb2f3fd3847d281c799127f52ef80-4d67a5cd415e1d767b70e17ec044e3280a45347b&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-28 23:32:15&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {844F9710-987C-4933-9B00-028A0D8F8C33} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={170A8DC2-4607-4B3D-9606-C4EDEC211CCF}&mid=1f0fb2f3fd3847d281c799127f52ef80-4d67a5cd415e1d767b70e17ec044e3280a45347b&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-28 23:32:15&v=4.0.6.10&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: [NameServer] 8.8.4.4,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [107520 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [265416 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-23] (Phoenix Technologies) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 06:49 - 2015-03-10 06:54 - 00011987 _____ () C:\Users\molchi\Desktop\FRST.txt
2015-03-10 06:48 - 2015-03-10 06:54 - 00000000 ____D () C:\FRST
2015-03-10 06:47 - 2015-03-10 06:47 - 01134592 _____ (Farbar) C:\Users\molchi\Desktop\FRST.exe
2015-03-10 00:00 - 2015-03-10 00:00 - 00008321 _____ () C:\Users\molchi\Desktop\hijackthis.log
2015-03-09 23:58 - 2015-03-09 23:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\molchi\Desktop\HiJackThis204.exe
2015-03-09 23:23 - 2015-03-09 23:28 - 00000760 _____ () C:\Users\molchi\Desktop\TP-LINK Modem Router Settings.txt
2015-03-09 23:07 - 2015-03-09 23:07 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-09 07:03 - 2015-03-09 07:03 - 00000830 _____ () C:\Windows\system32\.crusader
2015-03-09 06:48 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-09 06:47 - 2015-03-09 06:47 - 10085648 _____ (SurfRight B.V.) C:\Users\molchi\Downloads\HitmanPro.exe
2015-03-09 04:30 - 2015-03-09 04:45 - 132625648 _____ (Microsoft Corporation) C:\Users\molchi\Desktop\msert.exe
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 04:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 04:24 - 2015-03-09 04:24 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-09 04:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 04:11 - 2015-03-09 04:12 - 02126848 _____ () C:\Users\molchi\Desktop\adwcleaner_4.111.exe
2015-03-05 23:00 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 23:02 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 06:55 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-02-08 02:36 - 2015-02-08 02:36 - 00000000 ____D () C:\Users\molchi\AppData\Local\SimulationCraft
2015-02-08 02:34 - 2015-02-08 02:34 - 00000000 ____D () C:\Users\molchi\Desktop\Simulationcraft
2015-02-08 02:22 - 2015-02-08 02:24 - 27138434 _____ (Oleg N. Scherbakov) C:\Users\molchi\Desktop\simc-603-26-win32.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 06:53 - 2014-05-10 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-10 06:52 - 2014-04-23 17:24 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\TS3Client
2015-03-10 06:50 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Local\Battle.net
2015-03-10 05:56 - 2014-04-24 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 05:46 - 2009-07-14 05:39 - 00098533 _____ () C:\Windows\setupact.log
2015-03-10 03:11 - 2014-04-23 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-10 00:50 - 2014-04-23 07:20 - 01367825 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 00:11 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 00:11 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 00:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 00:03 - 2014-04-23 03:29 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-09 23:49 - 2015-01-28 23:31 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-09 23:49 - 2015-01-09 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-09 23:49 - 2015-01-04 18:24 - 00000000 ____D () C:\Users\molchi\Desktop\ReBot
2015-03-09 23:49 - 2014-07-25 02:02 - 00000000 ____D () C:\Program Files\Hearthstone
2015-03-09 23:49 - 2014-04-26 02:46 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\vlc
2015-03-09 23:49 - 2014-04-23 09:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 23:49 - 2014-04-23 07:18 - 00000000 ____D () C:\Users\molchi
2015-03-09 23:49 - 2014-04-23 02:08 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Battle.net
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Program Files\Battle.net
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-09 23:07 - 2014-04-23 02:28 - 00146152 _____ () C:\Windows\PFRO.log
2015-03-09 04:14 - 2014-04-25 23:03 - 00000000 ____D () C:\AdwCleaner
2015-03-01 07:25 - 2014-04-26 01:33 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Skype
2015-02-25 18:01 - 2015-01-09 05:53 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-13 22:47 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 03:24 - 2014-05-08 22:57 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\SimulationCraft

==================== Files in the root of some directories =======

2014-12-01 17:30 - 2014-12-01 17:30 - 0000032 _____ () C:\Users\molchi\AppData\Roaming\UserIdentity.dat
2014-07-06 04:04 - 2014-07-06 04:04 - 0007609 _____ () C:\Users\molchi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\molchi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\molchi\AppData\Local\Temp\raptrpatch.exe
C:\Users\molchi\AppData\Local\Temp\raptr_stub.exe
C:\Users\molchi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\molchi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\molchi\AppData\Local\Temp\tmp1FEE.exe
C:\Users\molchi\AppData\Local\Temp\tmp2CBA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 19:03

==================== End Of Log ============================
--- --- ---


Die Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-03-2015 01
Ran by molchi at 2015-03-10 06:54:29
Running from C:\Users\molchi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\...\uTorrent) (Version: 1.8.0 - )
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Free Studio version 6.4.0.1111 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1111 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
High-Definition Video Playback (Version: 11.1.10400.2.65 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.1.0 - LIGHTNING UK!)
IObit Apps Toolbar v9.0 (HKLM\...\{48C13178-64E2-4964-9927-B71A04074D08}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IsoBuster 2.1 (HKLM\...\IsoBuster_is1) (Version: 2.1 - Smart Projects)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Nero 11 (HKLM\...\{B7E01095-8BAA-456E-8AED-504C3CCADBA0}) (Version: 11.0.10700 - Nero AG)
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.10000.1.0 - Nero AG)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
Raptr (HKLM\...\Raptr) (Version:  - )
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil (HKLM\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
welcome (Version: 11.0.21500.0.4 - Nero AG) Hidden
WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (nur entfernen) (HKLM\...\Winamp) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-02-2015 09:32:41 Scheduled Checkpoint
09-03-2015 07:01:29 Prüfpunkt von HitmanPro
09-03-2015 07:02:59 Prüfpunkt von HitmanPro
09-03-2015 23:45:28 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-05-05 04:58 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {86F535A8-E601-410D-8EB1-A4BEFB16BC1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AA5AF31E-2F4D-4135-B5A3-AD20C3166D5B} - System32\Tasks\Driver Booster SkipUAC (molchi) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {C8D94D33-4939-4C2B-B82D-C64C4F053130} - System32\Tasks\{74D8F492-4E46-4088-9E00-6EEC99CC63BE} => pcalua.exe -a C:\Users\molchi\Desktop\irfanview_plugins_437_setup.exe -d C:\Users\molchi\Desktop
Task: {E90D8732-0D7D-43DE-BF5F-E8E6F031B319} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-04 23:34 - 2015-03-04 23:34 - 00620056 _____ () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-28 23:31 - 2015-01-28 23:31 - 01663512 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5566\libcef.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5566\libGLESv2.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00908288 _____ () C:\Program Files\Battle.net\Battle.net.5566\platforms\qwindows.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5566\libEGL.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qgif.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qico.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qjpeg.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qmng.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qsvg.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qtiff.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5566\qml\QtQuick.2\qtquick2plugin.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5566\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5566\qml\QtQml\Models.2\modelsplugin.dll
2015-02-05 01:57 - 2015-02-05 01:57 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
2014-04-23 04:22 - 2014-12-19 18:29 - 23950848 _____ () C:\Program Files\World of Warcraft\Utils\libcef.dll
2015-02-27 23:02 - 2015-02-27 23:02 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-27 23:02 - 2015-02-27 23:02 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-27 23:02 - 2015-02-27 23:02 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Classes\exefile:  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\molchi\AppData\Local\Microsoft\Windows\Themes\London Ar\DesktopBackground\16_imranmirza_trafalgarsquare.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk => C:\Windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Raptr => "C:\Program Files\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Web TuneUp\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\Winampa.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2469122478-4038941523-3492657438-500 - Administrator - Disabled)
Guest (S-1-5-21-2469122478-4038941523-3492657438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2469122478-4038941523-3492657438-1002 - Limited - Enabled)
molchi (S-1-5-21-2469122478-4038941523-3492657438-1001 - Administrator - Enabled) => C:\Users\molchi

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 00:04:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:51:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Scheduled Checkpoint). Zusätzliche Informationen: 0x80070005.

Error: (03/09/2015 11:50:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:32:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:18:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:07:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000398,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,021CF7A8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000310,(null),0,REG_BINARY,005AEF94.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.


Operation:
  BackupShutdown Event

Context:
  Execution Context: Writer
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {502f2072-6cee-4a1b-921e-d95f6566b4d5}

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b3c,(null),0,REG_BINARY,04F3EC9C.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.


Operation:
  BackupShutdown Event

Context:
  Execution Context: Writer
  Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Writer Name: MSSearch Service Writer
  Writer Instance ID: {61440e46-38d0-4219-a7ed-efdcf3f7042e}

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000006b4,(null),0,REG_BINARY,00EDF0EC.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.


Operation:
  BackupShutdown Event

Context:
  Execution Context: Writer
  Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Writer Name: WMI Writer
  Writer Instance ID: {eb525028-a747-45ac-b09d-4634edddae95}


System errors:
=============
Error: (03/10/2015 00:04:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/10/2015 00:04:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/10/2015 00:04:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (03/10/2015 00:04:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/09/2015 11:50:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/09/2015 11:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/09/2015 11:50:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (03/09/2015 11:50:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/09/2015 11:32:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (03/09/2015 11:32:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (03/10/2015 00:04:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:51:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070005

Error: (03/09/2015 11:50:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:32:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:18:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 11:07:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000398,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,021CF7A8.64)0x80070005, Access is denied.

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000310,(null),0,REG_BINARY,005AEF94.64)0x80070005, Access is denied.


Operation:
  BackupShutdown Event

Context:
  Execution Context: Writer
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {502f2072-6cee-4a1b-921e-d95f6566b4d5}

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b3c,(null),0,REG_BINARY,04F3EC9C.64)0x80070005, Access is denied.


Operation:
  BackupShutdown Event

Context:
  Execution Context: Writer
  Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
  Writer Name: MSSearch Service Writer
  Writer Instance ID: {61440e46-38d0-4219-a7ed-efdcf3f7042e}

Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000006b4,(null),0,REG_BINARY,00EDF0EC.64)0x80070005, Access is denied.


Operation:
  BackupShutdown Event

Context:
  Execution Context: Writer
  Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
  Writer Name: WMI Writer
  Writer Instance ID: {eb525028-a747-45ac-b09d-4634edddae95}


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 440 Processor
Percentage of memory in use: 78%
Total physical RAM: 3199.18 MB
Available physical RAM: 694.62 MB
Total Pagefile: 6396.63 MB
Available Pagefile: 2271.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:822.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:232.88 GB) (Free:122.4 GB) NTFS
Drive f: (CD099A2) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.92 GB) (Free:3.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DA721178)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 4E754E74)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================
Hoffe es war richtig so ^^

schrauber 10.03.2015 19:44
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    IObit Apps Toolbar v9.0


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

molchi 10.03.2015 22:46
Nun hab ich im Revo n kleines problem, er meldet mir beim uninstallversuch das die Funktion die ich verwenden möchte sich auf einer netzressource befindet, über abbrechen komm ich dann aber zur resteentfernung, und kann 135 Registryeinträge löschen, woraufhin im Uninstallfenster auch die Anwendung verschwindet

mbar hat nichts gefunden, log hier:
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.10.06
  rootkit: v2015.02.25.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
molchi :: MOLCHI-PC [administrator]

10.03.2015 22:53:59
mbar-log-2015-03-10 (22-53-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320866
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
TDSSKiller fand 1 Sache, hier das log:

Code:
23:07:04.0837 0x14bc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:07:10.0057 0x14bc  ============================================================
23:07:10.0057 0x14bc  Current date / time: 2015/03/10 23:07:10.0057
23:07:10.0057 0x14bc  SystemInfo:
23:07:10.0057 0x14bc 
23:07:10.0057 0x14bc  OS Version: 6.1.7600 ServicePack: 0.0
23:07:10.0057 0x14bc  Product type: Workstation
23:07:10.0057 0x14bc  ComputerName: MOLCHI-PC
23:07:10.0057 0x14bc  UserName: molchi
23:07:10.0057 0x14bc  Windows directory: C:\Windows
23:07:10.0057 0x14bc  System windows directory: C:\Windows
23:07:10.0057 0x14bc  Processor architecture: Intel x86
23:07:10.0057 0x14bc  Number of processors: 3
23:07:10.0057 0x14bc  Page size: 0x1000
23:07:10.0057 0x14bc  Boot type: Normal boot
23:07:10.0057 0x14bc  ============================================================
23:07:11.0637 0x14bc  KLMD registered as C:\Windows\system32\drivers\55317730.sys
23:07:12.0117 0x14bc  System UUID: {E162F8DE-AFDE-83FB-273E-45BB4FA456ED}
23:07:13.0117 0x14bc  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:07:13.0117 0x14bc  Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 ( 232.88 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:07:13.0127 0x14bc  Drive \Device\Harddisk2\DR2 - Size: 0x3BC400000 ( 14.94 Gb ), SectorSize: 0x200, Cylinders: 0x79E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:07:13.0127 0x14bc  ============================================================
23:07:13.0127 0x14bc  \Device\Harddisk0\DR0:
23:07:13.0127 0x14bc  MBR partitions:
23:07:13.0127 0x14bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:07:13.0127 0x14bc  \Device\Harddisk1\DR1:
23:07:13.0127 0x14bc  MBR partitions:
23:07:13.0127 0x14bc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:07:13.0127 0x14bc  \Device\Harddisk2\DR2:
23:07:13.0127 0x14bc  MBR partitions:
23:07:13.0127 0x14bc  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x28B0, BlocksNum 0x1DDF750
23:07:13.0127 0x14bc  ============================================================
23:07:13.0147 0x14bc  C: <-> \Device\Harddisk0\DR0\Partition1
23:07:13.0167 0x14bc  D: <-> \Device\Harddisk1\DR1\Partition1
23:07:13.0167 0x14bc  ============================================================
23:07:13.0167 0x14bc  Initialize success
23:07:13.0167 0x14bc  ============================================================
23:07:56.0593 0x1180  ============================================================
23:07:56.0593 0x1180  Scan started
23:07:56.0593 0x1180  Mode: Manual; SigCheck; TDLFS;
23:07:56.0593 0x1180  ============================================================
23:07:56.0593 0x1180  KSN ping started
23:07:59.0579 0x1180  KSN ping finished: true
23:08:00.0440 0x1180  ================ Scan system memory ========================
23:08:00.0440 0x1180  System memory - ok
23:08:00.0441 0x1180  ================ Scan services =============================
23:08:00.0579 0x1180  [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:08:00.0696 0x1180  1394ohci - ok
23:08:00.0719 0x1180  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:08:00.0736 0x1180  ACPI - ok
23:08:00.0747 0x1180  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
23:08:00.0810 0x1180  AcpiPmi - ok
23:08:00.0895 0x1180  [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
23:08:00.0921 0x1180  Adobe Version Cue CS3 - ok
23:08:00.0959 0x1180  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:08:00.0976 0x1180  AdobeARMservice - ok
23:08:01.0020 0x1180  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:08:01.0062 0x1180  AdobeFlashPlayerUpdateSvc - ok
23:08:01.0102 0x1180  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
23:08:01.0129 0x1180  adp94xx - ok
23:08:01.0148 0x1180  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
23:08:01.0181 0x1180  adpahci - ok
23:08:01.0208 0x1180  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
23:08:01.0243 0x1180  adpu320 - ok
23:08:01.0276 0x1180  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:08:01.0331 0x1180  AeLookupSvc - ok
23:08:01.0363 0x1180  [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD            C:\Windows\system32\drivers\afd.sys
23:08:01.0413 0x1180  AFD - ok
23:08:01.0427 0x1180  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:08:01.0437 0x1180  agp440 - ok
23:08:01.0450 0x1180  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
23:08:01.0461 0x1180  aic78xx - ok
23:08:01.0483 0x1180  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG            C:\Windows\System32\alg.exe
23:08:01.0523 0x1180  ALG - ok
23:08:01.0535 0x1180  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:08:01.0544 0x1180  aliide - ok
23:08:01.0565 0x1180  [ 64710E6C92C0D3893EDBDA84FBCD3188, 06FF1242CECA94260E66C00EAFEE6AC338DD500EB35A3F46F7473AEA546922DE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:08:01.0602 0x1180  AMD External Events Utility - ok
23:08:01.0647 0x1180  AMD FUEL Service - ok
23:08:01.0680 0x1180  [ 20D6B7633C7DE405B447C0B4146E3FB5, A7369C1D97D137DDA324906E4C03234DA501020C94282877C75501C8C072EE5E ] amdacpksd      C:\Windows\system32\drivers\amdacpksd.sys
23:08:01.0711 0x1180  amdacpksd - ok
23:08:01.0792 0x1180  [ 47F2176A5C717B6CFC8DBB29E3022C69, 51ABD9D3A7BC7B46340D79680E870C38B48873BD0800F0BF624A9EF57902DB0E ] amdacpusrsvc    C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
23:08:01.0825 0x1180  amdacpusrsvc - detected UnsignedFile.Multi.Generic ( 1 )
23:08:04.0875 0x1180  Detect skipped due to KSN trusted
23:08:04.0875 0x1180  amdacpusrsvc - ok
23:08:04.0897 0x1180  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
23:08:04.0930 0x1180  amdagp - ok
23:08:04.0946 0x1180  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:08:04.0958 0x1180  amdide - ok
23:08:04.0978 0x1180  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
23:08:05.0008 0x1180  AmdK8 - ok
23:08:05.0442 0x1180  [ 83240DBD6E44CC207B95D1EBB085E3A7, DD29B4F21D22D5DD7DC6F965EEADB40B958934301C74178AC3B0CB2AA59D3808 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:05.0875 0x1180  amdkmdag - ok
23:08:05.0933 0x1180  [ B6DB3BDF2CF56C60ED497104653B8A5C, 8C48866134828336EE287802B1AE6D419D97D15D71CAD12911255EF5CEFFB5A7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:08:05.0979 0x1180  amdkmdap - ok
23:08:05.0993 0x1180  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:08:06.0014 0x1180  AmdPPM - ok
23:08:06.0034 0x1180  [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
23:08:06.0066 0x1180  amdsata - ok
23:08:06.0093 0x1180  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:08:06.0106 0x1180  amdsbs - ok
23:08:06.0114 0x1180  [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
23:08:06.0124 0x1180  amdxata - ok
23:08:06.0152 0x1180  AODDriver4.2.0 - ok
23:08:06.0172 0x1180  [ 6E8510A72549883DA01882DB6A096538, C53590E5CBDEB073470CA2DD91696AD0851F023324CD06BF68533AFC331D9283 ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys
23:08:06.0195 0x1180  AODDriver4.3 - ok
23:08:06.0214 0x1180  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID          C:\Windows\system32\drivers\appid.sys
23:08:06.0252 0x1180  AppID - ok
23:08:06.0276 0x1180  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:08:06.0352 0x1180  AppIDSvc - ok
23:08:06.0359 0x1180  [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo        C:\Windows\System32\appinfo.dll
23:08:06.0394 0x1180  Appinfo - ok
23:08:06.0412 0x1180  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt        C:\Windows\System32\appmgmts.dll
23:08:06.0438 0x1180  AppMgmt - ok
23:08:06.0447 0x1180  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc            C:\Windows\system32\DRIVERS\arc.sys
23:08:06.0458 0x1180  arc - ok
23:08:06.0470 0x1180  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:08:06.0481 0x1180  arcsas - ok
23:08:06.0566 0x1180  [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:08:06.0609 0x1180  aspnet_state - ok
23:08:06.0623 0x1180  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:06.0657 0x1180  AsyncMac - ok
23:08:06.0677 0x1180  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
23:08:06.0686 0x1180  atapi - ok
23:08:06.0716 0x1180  [ 04F1A13265313C0E0A4F9D8C2CDC0F76, 8EB81405CFFAD619CAD6FDD8F62AF66AA1741A4EA38D6C4DF9A3151E8C35AFF7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
23:08:06.0752 0x1180  AtiHDAudioService - ok
23:08:06.0772 0x1180  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:06.0821 0x1180  AudioEndpointBuilder - ok
23:08:06.0847 0x1180  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:08:06.0899 0x1180  Audiosrv - ok
23:08:06.0928 0x1180  [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
23:08:06.0939 0x1180  Avgdiskx - ok
23:08:07.0114 0x1180  [ E077D9DBE0B2B05D4E83C33F0B6008B5, 8CFCF58A9355678C59FDEA508274666F52BC3D975DD0E76DE6A02B5B1723DC7E ] AVGIDSAgent    C:\Program Files\AVG\AVG2015\avgidsagent.exe
23:08:07.0214 0x1180  AVGIDSAgent - ok
23:08:07.0249 0x1180  [ D4899370855466D65A5565544BB3BC05, C382E995B01DD8BC83D4F3A46C68D117E2CA83FB21E1076762C21EF9C56BD54A ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
23:08:07.0265 0x1180  AVGIDSDriver - ok
23:08:07.0280 0x1180  [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
23:08:07.0292 0x1180  AVGIDSHX - ok
23:08:07.0315 0x1180  [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
23:08:07.0324 0x1180  AVGIDSShim - ok
23:08:07.0345 0x1180  [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
23:08:07.0358 0x1180  Avgldx86 - ok
23:08:07.0379 0x1180  [ B97A84EE582A0241E6E08AD07DFE2F74, C3362B9261B4DA099AFC544A2C7F2B3659AE0BDA5DC9DCBD5E383464F9F56A4D ] Avglogx        C:\Windows\system32\DRIVERS\avglogx.sys
23:08:07.0396 0x1180  Avglogx - ok
23:08:07.0412 0x1180  [ 6767ED65A45A1BB8A413C3C65441F1D8, 0DF45133B42D2ECD9C4D3921099258861CA10C3B92D31E0B7BEE2FF90A171D3D ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
23:08:07.0443 0x1180  Avgmfx86 - ok
23:08:07.0469 0x1180  [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
23:08:07.0478 0x1180  Avgrkx86 - ok
23:08:07.0486 0x1180  [ 6BF507CCF2F30A68C36E028A15450D87, 1AAA78520219E3936971C45774CE261A5C4B20CF6CFE60CE8140074612D78D69 ] Avgtdix        C:\Windows\system32\DRIVERS\avgtdix.sys
23:08:07.0518 0x1180  Avgtdix - ok
23:08:07.0559 0x1180  [ 8BF64DFDA90D32F485381F9AE41016E4, 36E92DDCCA0AE4A1A5476BC2E13B36C66B0794221FD621F13CB95C1E9F8513AD ] avgwd          C:\Program Files\AVG\AVG2015\avgwdsvc.exe
23:08:07.0576 0x1180  avgwd - ok
23:08:07.0600 0x1180  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:08:07.0648 0x1180  AxInstSV - ok
23:08:07.0674 0x1180  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
23:08:07.0737 0x1180  b06bdrv - ok
23:08:07.0783 0x1180  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:08:07.0833 0x1180  b57nd60x - ok
23:08:07.0859 0x1180  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
23:08:07.0894 0x1180  BDESVC - ok
23:08:07.0909 0x1180  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:08:07.0951 0x1180  Beep - ok
23:08:07.0985 0x1180  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE            C:\Windows\System32\bfe.dll
23:08:08.0037 0x1180  BFE - ok
23:08:08.0078 0x1180  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\System32\qmgr.dll
23:08:08.0131 0x1180  BITS - ok
23:08:08.0148 0x1180  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:08.0160 0x1180  blbdrive - ok
23:08:08.0189 0x1180  [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:08.0237 0x1180  Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )
23:08:11.0226 0x1180  Detect skipped due to KSN trusted
23:08:11.0226 0x1180  Bonjour Service - ok
23:08:11.0255 0x1180  [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:08:11.0314 0x1180  bowser - ok
23:08:11.0338 0x1180  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:08:11.0366 0x1180  BrFiltLo - ok
23:08:11.0384 0x1180  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:08:11.0411 0x1180  BrFiltUp - ok
23:08:11.0436 0x1180  [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser        C:\Windows\System32\browser.dll
23:08:11.0478 0x1180  Browser - ok
23:08:11.0503 0x1180  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:08:11.0556 0x1180  Brserid - ok
23:08:11.0574 0x1180  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:11.0613 0x1180  BrSerWdm - ok
23:08:11.0628 0x1180  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:11.0654 0x1180  BrUsbMdm - ok
23:08:11.0668 0x1180  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:11.0696 0x1180  BrUsbSer - ok
23:08:11.0778 0x1180  [ 6670404CB9374C77F737840E1F284964, 6C6E6704D86A49A13333ACA5E278A8C61C75B8844760EDDB7699EA5A51F5F36A ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
23:08:11.0819 0x1180  BstHdAndroidSvc - ok
23:08:11.0858 0x1180  [ 3441277BC30E3526BA02FFA8C932D877, 1F49C6E329F37779A41C32632D91CEDB66F65830B35175CABE2040D7AD62E4EB ] BstHdDrv        C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
23:08:11.0869 0x1180  BstHdDrv - ok
23:08:11.0886 0x1180  [ 6F283166909004EF930CCEA18C74C2EF, 5C966BCA2F44F5CFC7BA61E0644E9CB5377CF0EF908E3A4E4F51F2434DCCA517 ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
23:08:11.0902 0x1180  BstHdLogRotatorSvc - ok
23:08:11.0932 0x1180  [ 3A8A1A2AE57F4FB1E6E53B09F9F57540, F29C75F92FB5757EB4430130F8FC9CA1D5AE149E2281B2F508C01732D1DB5BCB ] BstHdUpdaterSvc C:\Program Files\BlueStacks\HD-UpdaterService.exe
23:08:11.0957 0x1180  BstHdUpdaterSvc - ok
23:08:11.0972 0x1180  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:08:11.0986 0x1180  BTHMODEM - ok
23:08:12.0014 0x1180  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv        C:\Windows\system32\bthserv.dll
23:08:12.0110 0x1180  bthserv - ok
23:08:12.0128 0x1180  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:08:12.0166 0x1180  cdfs - ok
23:08:12.0191 0x1180  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:08:12.0236 0x1180  cdrom - ok
23:08:12.0256 0x1180  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc    C:\Windows\System32\certprop.dll
23:08:12.0291 0x1180  CertPropSvc - ok
23:08:12.0308 0x1180  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:08:12.0321 0x1180  circlass - ok
23:08:12.0339 0x1180  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
23:08:12.0355 0x1180  CLFS - ok
23:08:12.0414 0x1180  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:12.0448 0x1180  clr_optimization_v2.0.50727_32 - ok
23:08:12.0477 0x1180  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:12.0498 0x1180  clr_optimization_v4.0.30319_32 - ok
23:08:12.0511 0x1180  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:12.0537 0x1180  CmBatt - ok
23:08:12.0542 0x1180  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:08:12.0551 0x1180  cmdide - ok
23:08:12.0577 0x1180  [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG            C:\Windows\system32\Drivers\cng.sys
23:08:12.0600 0x1180  CNG - ok
23:08:12.0605 0x1180  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:08:12.0615 0x1180  Compbatt - ok
23:08:12.0622 0x1180  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:12.0643 0x1180  CompositeBus - ok
23:08:12.0647 0x1180  COMSysApp - ok
23:08:12.0664 0x1180  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
23:08:12.0673 0x1180  crcdisk - ok
23:08:12.0706 0x1180  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:08:12.0744 0x1180  CryptSvc - ok
23:08:12.0778 0x1180  [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC            C:\Windows\system32\drivers\csc.sys
23:08:12.0811 0x1180  CSC - ok
23:08:12.0839 0x1180  [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService      C:\Windows\System32\cscsvc.dll
23:08:12.0878 0x1180  CscService - ok
23:08:12.0914 0x1180  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:08:12.0954 0x1180  DcomLaunch - ok
23:08:12.0976 0x1180  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc      C:\Windows\System32\defragsvc.dll
23:08:13.0035 0x1180  defragsvc - ok
23:08:13.0051 0x1180  [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:08:13.0088 0x1180  DfsC - ok
23:08:13.0116 0x1180  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:08:13.0164 0x1180  Dhcp - ok
23:08:13.0182 0x1180  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
23:08:13.0204 0x1180  discache - ok
23:08:13.0231 0x1180  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:08:13.0242 0x1180  Disk - ok
23:08:13.0256 0x1180  [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:08:13.0294 0x1180  Dnscache - ok
23:08:13.0312 0x1180  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc        C:\Windows\System32\dot3svc.dll
23:08:13.0349 0x1180  dot3svc - ok
23:08:13.0383 0x1180  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS            C:\Windows\system32\dps.dll
23:08:13.0409 0x1180  DPS - ok
23:08:13.0433 0x1180  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:08:13.0457 0x1180  drmkaud - ok
23:08:13.0498 0x1180  [ 651554E483712B708EDE864D0CA1AA73, A016C03D630A2FF7FC44B826DEA890F5AC09DD270588CEAD05F63A5A0AC79249 ] DrvAgent32      C:\Windows\system32\Drivers\DrvAgent32.sys
23:08:13.0511 0x1180  DrvAgent32 - detected UnsignedFile.Multi.Generic ( 1 )
23:08:16.0437 0x1180  Detect skipped due to KSN trusted
23:08:16.0438 0x1180  DrvAgent32 - ok
23:08:16.0510 0x1180  [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:08:16.0543 0x1180  DXGKrnl - ok
23:08:16.0559 0x1180  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost        C:\Windows\System32\eapsvc.dll
23:08:16.0635 0x1180  EapHost - ok
23:08:16.0735 0x1180  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
23:08:16.0840 0x1180  ebdrv - ok
23:08:16.0865 0x1180  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS            C:\Windows\System32\lsass.exe
23:08:16.0887 0x1180  EFS - ok
23:08:16.0961 0x1180  [ 3A74A6E33685662B125A3269B1F2114F, 183E180E4B35E549B5D7363D926E17226FF70CFDE7328F7B0B3676B9A27E2569 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:08:17.0011 0x1180  ehRecvr - ok
23:08:17.0022 0x1180  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched        C:\Windows\ehome\ehsched.exe
23:08:17.0046 0x1180  ehSched - ok
23:08:17.0070 0x1180  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
23:08:17.0091 0x1180  elxstor - ok
23:08:17.0101 0x1180  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:08:17.0122 0x1180  ErrDev - ok
23:08:17.0159 0x1180  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem    C:\Windows\system32\es.dll
23:08:17.0202 0x1180  EventSystem - ok
23:08:17.0226 0x1180  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat          C:\Windows\system32\drivers\exfat.sys
23:08:17.0262 0x1180  exfat - ok
23:08:17.0286 0x1180  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:08:17.0325 0x1180  fastfat - ok
23:08:17.0356 0x1180  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax            C:\Windows\system32\fxssvc.exe
23:08:17.0407 0x1180  Fax - ok
23:08:17.0419 0x1180  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:08:17.0445 0x1180  fdc - ok
23:08:17.0461 0x1180  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost        C:\Windows\system32\fdPHost.dll
23:08:17.0482 0x1180  fdPHost - ok
23:08:17.0489 0x1180  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:08:17.0511 0x1180  FDResPub - ok
23:08:17.0524 0x1180  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:08:17.0535 0x1180  FileInfo - ok
23:08:17.0545 0x1180  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:08:17.0578 0x1180  Filetrace - ok
23:08:17.0624 0x1180  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:08:17.0650 0x1180  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
23:08:27.0706 0x1180  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:08:30.0619 0x1180  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:30.0666 0x1180  flpydisk - ok
23:08:30.0709 0x1180  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:08:30.0730 0x1180  FltMgr - ok
23:08:30.0764 0x1180  [ 151258FC2EC8C48BDF8A53350AE0A676, 21F808E29E06AF03E1E55498C7975830157021BE9648117B27F4D21BBD07E9DB ] FontCache      C:\Windows\system32\FntCache.dll
23:08:30.0821 0x1180  FontCache - ok
23:08:30.0861 0x1180  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:30.0870 0x1180  FontCache3.0.0.0 - ok
23:08:30.0886 0x1180  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:08:30.0896 0x1180  FsDepends - ok
23:08:30.0915 0x1180  [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:08:30.0943 0x1180  Fs_Rec - ok
23:08:30.0967 0x1180  [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:08:30.0984 0x1180  fvevol - ok
23:08:31.0004 0x1180  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:08:31.0015 0x1180  gagp30kx - ok
23:08:31.0049 0x1180  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc          C:\Windows\System32\gpsvc.dll
23:08:31.0091 0x1180  gpsvc - ok
23:08:31.0106 0x1180  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:08:31.0139 0x1180  hcw85cir - ok
23:08:31.0174 0x1180  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:31.0194 0x1180  HdAudAddService - ok
23:08:31.0215 0x1180  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:31.0240 0x1180  HDAudBus - ok
23:08:31.0245 0x1180  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
23:08:31.0262 0x1180  HidBatt - ok
23:08:31.0281 0x1180  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:08:31.0310 0x1180  HidBth - ok
23:08:31.0315 0x1180  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
23:08:31.0332 0x1180  HidIr - ok
23:08:31.0346 0x1180  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv        C:\Windows\system32\hidserv.dll
23:08:31.0369 0x1180  hidserv - ok
23:08:31.0389 0x1180  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:08:31.0414 0x1180  HidUsb - ok
23:08:31.0460 0x1180  [ 6DDF381740D33DCF8EF0A62029EBDCFA, CA44C880951D629CB0A648D67925FF8EC51889055D3776FC7D4C0D64404607FB ] hitmanpro37    C:\Windows\system32\drivers\hitmanpro37.sys
23:08:31.0469 0x1180  hitmanpro37 - ok
23:08:31.0485 0x1180  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:08:31.0519 0x1180  hkmsvc - ok
23:08:31.0538 0x1180  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:31.0575 0x1180  HomeGroupListener - ok
23:08:31.0589 0x1180  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:31.0618 0x1180  HomeGroupProvider - ok
23:08:31.0645 0x1180  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:08:31.0655 0x1180  HpSAMD - ok
23:08:31.0684 0x1180  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:08:31.0731 0x1180  HTTP - ok
23:08:31.0752 0x1180  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:08:31.0761 0x1180  hwpolicy - ok
23:08:31.0769 0x1180  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:31.0790 0x1180  i8042prt - ok
23:08:31.0823 0x1180  [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV        C:\Windows\system32\DRIVERS\iaStorV.sys
23:08:31.0840 0x1180  iaStorV - ok
23:08:31.0885 0x1180  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:31.0942 0x1180  idsvc - ok
23:08:31.0965 0x1180  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
23:08:31.0975 0x1180  iirsp - ok
23:08:32.0002 0x1180  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:08:32.0054 0x1180  IKEEXT - ok
23:08:32.0070 0x1180  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:08:32.0080 0x1180  intelide - ok
23:08:32.0089 0x1180  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:08:32.0102 0x1180  intelppm - ok
23:08:32.0111 0x1180  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:08:32.0143 0x1180  IPBusEnum - ok
23:08:32.0163 0x1180  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:32.0185 0x1180  IpFilterDriver - ok
23:08:32.0203 0x1180  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:08:32.0248 0x1180  iphlpsvc - ok
23:08:32.0265 0x1180  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:08:32.0288 0x1180  IPMIDRV - ok
23:08:32.0303 0x1180  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:08:32.0326 0x1180  IPNAT - ok
23:08:32.0331 0x1180  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:08:32.0344 0x1180  IRENUM - ok
23:08:32.0349 0x1180  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:08:32.0359 0x1180  isapnp - ok
23:08:32.0374 0x1180  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:32.0387 0x1180  iScsiPrt - ok
23:08:32.0401 0x1180  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:32.0411 0x1180  kbdclass - ok
23:08:32.0429 0x1180  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:32.0450 0x1180  kbdhid - ok
23:08:32.0464 0x1180  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso          C:\Windows\system32\lsass.exe
23:08:32.0477 0x1180  KeyIso - ok
23:08:32.0498 0x1180  [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:08:32.0509 0x1180  KSecDD - ok
23:08:32.0525 0x1180  [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:08:32.0537 0x1180  KSecPkg - ok
23:08:32.0568 0x1180  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:08:32.0610 0x1180  KtmRm - ok
23:08:32.0639 0x1180  [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:08:32.0678 0x1180  LanmanServer - ok
23:08:32.0701 0x1180  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:08:32.0726 0x1180  LanmanWorkstation - ok
23:08:32.0747 0x1180  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:08:32.0782 0x1180  lltdio - ok
23:08:32.0800 0x1180  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:08:32.0828 0x1180  lltdsvc - ok
23:08:32.0845 0x1180  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:08:32.0885 0x1180  lmhosts - ok
23:08:32.0908 0x1180  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:32.0919 0x1180  LSI_FC - ok
23:08:32.0928 0x1180  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:32.0939 0x1180  LSI_SAS - ok
23:08:32.0955 0x1180  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:32.0965 0x1180  LSI_SAS2 - ok
23:08:32.0981 0x1180  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:32.0992 0x1180  LSI_SCSI - ok
23:08:33.0004 0x1180  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv          C:\Windows\system32\drivers\luafv.sys
23:08:33.0028 0x1180  luafv - ok
23:08:33.0054 0x1180  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:08:33.0067 0x1180  Mcx2Svc - ok
23:08:33.0082 0x1180  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
23:08:33.0092 0x1180  megasas - ok
23:08:33.0107 0x1180  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:33.0122 0x1180  MegaSR - ok
23:08:33.0131 0x1180  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS          C:\Windows\system32\mmcss.dll
23:08:33.0165 0x1180  MMCSS - ok
23:08:33.0181 0x1180  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem          C:\Windows\system32\drivers\modem.sys
23:08:33.0211 0x1180  Modem - ok
23:08:33.0238 0x1180  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:08:33.0261 0x1180  monitor - ok
23:08:33.0276 0x1180  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:08:33.0307 0x1180  mouclass - ok
23:08:33.0329 0x1180  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:08:33.0340 0x1180  mouhid - ok
23:08:33.0363 0x1180  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:08:33.0374 0x1180  mountmgr - ok
23:08:33.0412 0x1180  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:08:33.0425 0x1180  MozillaMaintenance - ok
23:08:33.0438 0x1180  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:08:33.0450 0x1180  mpio - ok
23:08:33.0474 0x1180  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:08:33.0516 0x1180  mpsdrv - ok
23:08:33.0548 0x1180  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:08:33.0589 0x1180  MpsSvc - ok
23:08:33.0598 0x1180  [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:08:33.0624 0x1180  MRxDAV - ok
23:08:33.0652 0x1180  [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:33.0671 0x1180  mrxsmb - ok
23:08:33.0686 0x1180  [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:33.0713 0x1180  mrxsmb10 - ok
23:08:33.0736 0x1180  [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:33.0748 0x1180  mrxsmb20 - ok
23:08:33.0757 0x1180  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:08:33.0767 0x1180  msahci - ok
23:08:33.0777 0x1180  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
23:08:33.0788 0x1180  msdsm - ok
23:08:33.0803 0x1180  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC          C:\Windows\System32\msdtc.exe
23:08:33.0829 0x1180  MSDTC - ok
23:08:33.0851 0x1180  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:08:33.0901 0x1180  Msfs - ok
23:08:33.0916 0x1180  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:08:33.0937 0x1180  mshidkmdf - ok
23:08:33.0947 0x1180  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:08:33.0956 0x1180  msisadrv - ok
23:08:33.0971 0x1180  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:08:34.0006 0x1180  MSiSCSI - ok
23:08:34.0010 0x1180  msiserver - ok
23:08:34.0027 0x1180  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:08:34.0059 0x1180  MSKSSRV - ok
23:08:34.0078 0x1180  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:34.0109 0x1180  MSPCLOCK - ok
23:08:34.0113 0x1180  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:08:34.0140 0x1180  MSPQM - ok
23:08:34.0161 0x1180  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:08:34.0174 0x1180  MsRPC - ok
23:08:34.0187 0x1180  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:34.0197 0x1180  mssmbios - ok
23:08:34.0207 0x1180  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:08:34.0228 0x1180  MSTEE - ok
23:08:34.0232 0x1180  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:34.0244 0x1180  MTConfig - ok
23:08:34.0261 0x1180  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
23:08:34.0298 0x1180  MTsensor - ok
23:08:34.0310 0x1180  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:08:34.0321 0x1180  Mup - ok
23:08:34.0346 0x1180  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
23:08:34.0386 0x1180  napagent - ok
23:08:34.0416 0x1180  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:08:34.0447 0x1180  NativeWifiP - ok
23:08:34.0546 0x1180  [ 1BBBF640BC0E0B750537BAECE8D66C18, 621C1130B0C48AA900D78097E1685507A614AA9953644972C572DE267B2A6348 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
23:08:34.0575 0x1180  NAUpdate - ok
23:08:34.0584 0x1180  [ E240F3204E86B7B6CCF266B2A2AD32B4, 38DEDD8E25E582455435C0BA3A554D7F05FFB02FD25D933EB8D3B40CFC942FDC ] NBVol          C:\Windows\system32\DRIVERS\NBVol.sys
23:08:34.0593 0x1180  NBVol - ok
23:08:34.0612 0x1180  [ C0CF3CCCCE3C75F7280C89029AB47866, 5AC7D6332AD30B489D4AE1E2945B968D445F1AA44A985B5D9395652E7D993857 ] NBVolUp        C:\Windows\system32\DRIVERS\NBVolUp.sys
23:08:34.0620 0x1180  NBVolUp - ok
23:08:34.0644 0x1180  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:08:34.0681 0x1180  NDIS - ok
23:08:34.0695 0x1180  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:34.0728 0x1180  NdisCap - ok
23:08:34.0740 0x1180  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:34.0796 0x1180  NdisTapi - ok
23:08:34.0813 0x1180  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:34.0845 0x1180  Ndisuio - ok
23:08:34.0859 0x1180  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:34.0892 0x1180  NdisWan - ok
23:08:34.0904 0x1180  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:08:34.0927 0x1180  NDProxy - ok
23:08:34.0939 0x1180  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:08:34.0972 0x1180  NetBIOS - ok
23:08:34.0994 0x1180  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:08:35.0020 0x1180  NetBT - ok
23:08:35.0039 0x1180  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon        C:\Windows\system32\lsass.exe
23:08:35.0067 0x1180  Netlogon - ok
23:08:35.0105 0x1180  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
23:08:35.0143 0x1180  Netman - ok
23:08:35.0172 0x1180  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0187 0x1180  NetMsmqActivator - ok
23:08:35.0197 0x1180  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0230 0x1180  NetPipeActivator - ok
23:08:35.0260 0x1180  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
23:08:35.0303 0x1180  netprofm - ok
23:08:35.0310 0x1180  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0324 0x1180  NetTcpActivator - ok
23:08:35.0330 0x1180  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0343 0x1180  NetTcpPortSharing - ok
23:08:35.0367 0x1180  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:35.0377 0x1180  nfrd960 - ok
23:08:35.0395 0x1180  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:08:35.0424 0x1180  NlaSvc - ok
23:08:35.0434 0x1180  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:08:35.0456 0x1180  Npfs - ok
23:08:35.0468 0x1180  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi            C:\Windows\system32\nsisvc.dll
23:08:35.0490 0x1180  nsi - ok
23:08:35.0495 0x1180  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:08:35.0527 0x1180  nsiproxy - ok
23:08:35.0579 0x1180  [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:08:35.0627 0x1180  Ntfs - ok
23:08:35.0641 0x1180  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
23:08:35.0676 0x1180  Null - ok
23:08:35.0704 0x1180  [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:08:35.0716 0x1180  nvraid - ok
23:08:35.0727 0x1180  [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:08:35.0740 0x1180  nvstor - ok
23:08:35.0754 0x1180  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:08:35.0784 0x1180  nv_agp - ok
23:08:35.0806 0x1180  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:08:35.0827 0x1180  ohci1394 - ok
23:08:35.0870 0x1180  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:35.0895 0x1180  ose - ok
23:08:35.0930 0x1180  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:08:35.0963 0x1180  p2pimsvc - ok
23:08:35.0982 0x1180  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:08:36.0012 0x1180  p2psvc - ok
23:08:36.0028 0x1180  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport        C:\Windows\system32\DRIVERS\parport.sys
23:08:36.0056 0x1180  Parport - ok
23:08:36.0083 0x1180  [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:08:36.0093 0x1180  partmgr - ok
23:08:36.0102 0x1180  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:08:36.0112 0x1180  Parvdm - ok
23:08:36.0129 0x1180  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:08:36.0158 0x1180  PcaSvc - ok
23:08:36.0178 0x1180  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci            C:\Windows\system32\DRIVERS\pci.sys
23:08:36.0191 0x1180  pci - ok
23:08:36.0198 0x1180  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:08:36.0207 0x1180  pciide - ok
23:08:36.0223 0x1180  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:08:36.0237 0x1180  pcmcia - ok
23:08:36.0250 0x1180  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw            C:\Windows\system32\drivers\pcw.sys
23:08:36.0260 0x1180  pcw - ok
23:08:36.0285 0x1180  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:08:36.0341 0x1180  PEAUTH - ok
23:08:36.0384 0x1180  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
23:08:36.0448 0x1180  PeerDistSvc - ok
23:08:36.0506 0x1180  [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla            C:\Windows\system32\pla.dll
23:08:36.0613 0x1180  pla - ok
23:08:36.0647 0x1180  [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:08:36.0677 0x1180  PlugPlay - ok
23:08:36.0689 0x1180  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:08:36.0715 0x1180  PNRPAutoReg - ok
23:08:36.0747 0x1180  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:08:36.0781 0x1180  PNRPsvc - ok
23:08:36.0813 0x1180  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:08:36.0860 0x1180  PolicyAgent - ok
23:08:36.0894 0x1180  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power          C:\Windows\system32\umpo.dll
23:08:36.0920 0x1180  Power - ok
23:08:36.0941 0x1180  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:08:36.0963 0x1180  PptpMiniport - ok
23:08:36.0976 0x1180  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
23:08:36.0988 0x1180  Processor - ok
23:08:37.0011 0x1180  [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc        C:\Windows\system32\profsvc.dll
23:08:37.0032 0x1180  ProfSvc - ok
23:08:37.0047 0x1180  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:08:37.0058 0x1180  ProtectedStorage - ok
23:08:37.0071 0x1180  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:08:37.0094 0x1180  Psched - ok
23:08:37.0122 0x1180  [ 40FEDD328F98245AD201CF5F9F311724, CE1582652B6A7CACE46D8B492CAA8E51EA46C3890EF640E8C5E1E053731A4D74 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
23:08:37.0131 0x1180  PxHelp20 - ok
23:08:37.0175 0x1180  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:08:37.0246 0x1180  ql2300 - ok
23:08:37.0273 0x1180  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:08:37.0285 0x1180  ql40xx - ok
23:08:37.0301 0x1180  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE          C:\Windows\system32\qwave.dll
23:08:37.0333 0x1180  QWAVE - ok
23:08:37.0346 0x1180  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:08:37.0359 0x1180  QWAVEdrv - ok
23:08:37.0372 0x1180  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:08:37.0393 0x1180  RasAcd - ok
23:08:37.0398 0x1180  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:37.0419 0x1180  RasAgileVpn - ok
23:08:37.0434 0x1180  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto        C:\Windows\System32\rasauto.dll
23:08:37.0469 0x1180  RasAuto - ok
23:08:37.0487 0x1180  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:37.0523 0x1180  Rasl2tp - ok
23:08:37.0541 0x1180  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
23:08:37.0581 0x1180  RasMan - ok
23:08:37.0599 0x1180  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:37.0636 0x1180  RasPppoe - ok
23:08:37.0641 0x1180  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:08:37.0664 0x1180  RasSstp - ok
23:08:37.0681 0x1180  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:08:37.0709 0x1180  rdbss - ok
23:08:37.0732 0x1180  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:37.0745 0x1180  rdpbus - ok
23:08:37.0764 0x1180  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:37.0794 0x1180  RDPCDD - ok
23:08:37.0862 0x1180  [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
23:08:37.0912 0x1180  RDPDR - ok
23:08:37.0929 0x1180  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:08:37.0950 0x1180  RDPENCDD - ok
23:08:37.0965 0x1180  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:08:37.0996 0x1180  RDPREFMP - ok
23:08:38.0015 0x1180  [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:08:38.0040 0x1180  RDPWD - ok
23:08:38.0053 0x1180  [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:08:38.0067 0x1180  rdyboost - ok
23:08:38.0089 0x1180  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:08:38.0114 0x1180  RemoteAccess - ok
23:08:38.0129 0x1180  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:08:38.0170 0x1180  RemoteRegistry - ok
23:08:38.0193 0x1180  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:08:38.0227 0x1180  RpcEptMapper - ok
23:08:38.0240 0x1180  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
23:08:38.0263 0x1180  RpcLocator - ok
23:08:38.0287 0x1180  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs          C:\Windows\system32\rpcss.dll
23:08:38.0338 0x1180  RpcSs - ok
23:08:38.0361 0x1180  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:08:38.0395 0x1180  rspndr - ok
23:08:38.0431 0x1180  [ 99D0440E4CABCD9172CD2D79B9C1B348, 2775F108222C927341614918080C4B37236D5F792B54D6A6C5F58C5927336C28 ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
23:08:38.0457 0x1180  RTL8167 - ok
23:08:38.0477 0x1180  [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap          C:\Windows\system32\DRIVERS\vms3cap.sys
23:08:38.0512 0x1180  s3cap - ok
23:08:38.0530 0x1180  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs          C:\Windows\system32\lsass.exe
23:08:38.0545 0x1180  SamSs - ok
23:08:38.0554 0x1180  sbapifs - ok
23:08:38.0574 0x1180  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:08:38.0585 0x1180  sbp2port - ok
23:08:38.0599 0x1180  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:08:38.0640 0x1180  SCardSvr - ok
23:08:38.0645 0x1180  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:08:38.0679 0x1180  scfilter - ok
23:08:38.0722 0x1180  [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule        C:\Windows\system32\schedsvc.dll
23:08:38.0770 0x1180  Schedule - ok
23:08:38.0789 0x1180  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:08:38.0828 0x1180  SCPolicySvc - ok
23:08:38.0854 0x1180  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:08:38.0873 0x1180  SDRSVC - ok
23:08:38.0883 0x1180  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:08:38.0913 0x1180  secdrv - ok
23:08:38.0938 0x1180  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
23:08:38.0970 0x1180  seclogon - ok
23:08:38.0985 0x1180  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
23:08:39.0024 0x1180  SENS - ok
23:08:39.0047 0x1180  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:08:39.0080 0x1180  SensrSvc - ok
23:08:39.0101 0x1180  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
23:08:39.0113 0x1180  Serenum - ok
23:08:39.0121 0x1180  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:08:39.0149 0x1180  Serial - ok
23:08:39.0154 0x1180  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:08:39.0165 0x1180  sermouse - ok
23:08:39.0189 0x1180  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
23:08:39.0213 0x1180  SessionEnv - ok
23:08:39.0233 0x1180  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
23:08:39.0267 0x1180  sffdisk - ok
23:08:39.0279 0x1180  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:08:39.0304 0x1180  sffp_mmc - ok
23:08:39.0324 0x1180  [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
23:08:39.0337 0x1180  sffp_sd - ok
23:08:39.0351 0x1180  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
23:08:39.0391 0x1180  sfloppy - ok
23:08:39.0423 0x1180  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:08:39.0460 0x1180  SharedAccess - ok
23:08:39.0474 0x1180  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:08:39.0498 0x1180  ShellHWDetection - ok
23:08:39.0509 0x1180  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
23:08:39.0519 0x1180  sisagp - ok
23:08:39.0535 0x1180  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:08:39.0545 0x1180  SiSRaid2 - ok
23:08:39.0562 0x1180  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:08:39.0573 0x1180  SiSRaid4 - ok
23:08:39.0587 0x1180  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:08:39.0611 0x1180  Smb - ok
23:08:39.0619 0x1180  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:08:39.0644 0x1180  SNMPTRAP - ok
23:08:39.0648 0x1180  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:08:39.0658 0x1180  spldr - ok
23:08:39.0692 0x1180  [ D1BB750EB51694DE183E08B9C33BE5B2, 07B3A7EF51957615B6B8793F610BCC73EA0524B379B5CE457928CE2E021D0C06 ] Spooler        C:\Windows\System32\spoolsv.exe
23:08:39.0757 0x1180  Spooler - ok
23:08:39.0843 0x1180  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:08:39.0950 0x1180  sppsvc - ok
23:08:39.0969 0x1180  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:08:39.0993 0x1180  sppuinotify - ok
23:08:40.0014 0x1180  [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:08:40.0057 0x1180  srv - ok
23:08:40.0076 0x1180  [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:08:40.0095 0x1180  srv2 - ok
23:08:40.0109 0x1180  [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:08:40.0133 0x1180  srvnet - ok
23:08:40.0149 0x1180  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:08:40.0175 0x1180  SSDPSRV - ok
23:08:40.0184 0x1180  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:08:40.0216 0x1180  SstpSvc - ok
23:08:40.0330 0x1180  [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
23:08:40.0368 0x1180  Steam Client Service - ok
23:08:40.0379 0x1180  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:08:40.0389 0x1180  stexstor - ok
23:08:40.0424 0x1180  [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:08:40.0463 0x1180  StiSvc - ok
23:08:40.0483 0x1180  [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt        C:\Windows\system32\DRIVERS\vmstorfl.sys
23:08:40.0493 0x1180  storflt - ok
23:08:40.0500 0x1180  [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc        C:\Windows\system32\DRIVERS\storvsc.sys
23:08:40.0510 0x1180  storvsc - ok
23:08:40.0516 0x1180  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:08:40.0525 0x1180  swenum - ok
23:08:40.0619 0x1180  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard    C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:08:40.0671 0x1180  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
23:08:47.0246 0x1180  Detect skipped due to KSN trusted
23:08:47.0246 0x1180  SwitchBoard - ok
23:08:47.0281 0x1180  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv          C:\Windows\System32\swprv.dll
23:08:47.0332 0x1180  swprv - ok
23:08:47.0371 0x1180  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain        C:\Windows\system32\sysmain.dll
23:08:47.0425 0x1180  SysMain - ok
23:08:47.0440 0x1180  [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:08:47.0456 0x1180  TabletInputService - ok
23:08:47.0469 0x1180  [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
23:08:47.0480 0x1180  tap0901 - ok
23:08:47.0498 0x1180  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:08:47.0527 0x1180  TapiSrv - ok
23:08:47.0539 0x1180  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS            C:\Windows\System32\tbssvc.dll
23:08:47.0564 0x1180  TBS - ok
23:08:47.0607 0x1180  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:08:47.0655 0x1180  Tcpip - ok
23:08:47.0689 0x1180  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:08:47.0743 0x1180  TCPIP6 - ok
23:08:47.0772 0x1180  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:08:47.0794 0x1180  tcpipreg - ok
23:08:47.0811 0x1180  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:08:47.0843 0x1180  TDPIPE - ok
23:08:47.0859 0x1180  [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:08:47.0884 0x1180  TDTCP - ok
23:08:47.0898 0x1180  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:08:47.0934 0x1180  tdx - ok
23:08:47.0952 0x1180  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:08:47.0962 0x1180  TermDD - ok
23:08:47.0984 0x1180  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService    C:\Windows\System32\termsrv.dll
23:08:48.0035 0x1180  TermService - ok
23:08:48.0050 0x1180  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
23:08:48.0074 0x1180  Themes - ok
23:08:48.0089 0x1180  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER    C:\Windows\system32\mmcss.dll
23:08:48.0112 0x1180  THREADORDER - ok
23:08:48.0137 0x1180  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
23:08:48.0174 0x1180  TrkWks - ok
23:08:48.0205 0x1180  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:08:48.0221 0x1180  TrustedInstaller - ok
23:08:48.0234 0x1180  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:48.0265 0x1180  tssecsrv - ok
23:08:48.0293 0x1180  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:08:48.0317 0x1180  tunnel - ok
23:08:48.0328 0x1180  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:08:48.0339 0x1180  uagp35 - ok
23:08:48.0356 0x1180  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:08:48.0431 0x1180  udfs - ok
23:08:48.0473 0x1180  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:08:48.0496 0x1180  UI0Detect - ok
23:08:48.0508 0x1180  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:08:48.0518 0x1180  uliagpkx - ok
23:08:48.0538 0x1180  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:08:48.0551 0x1180  umbus - ok
23:08:48.0558 0x1180  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:08:48.0583 0x1180  UmPass - ok
23:08:48.0609 0x1180  [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:08:48.0634 0x1180  UmRdpService - ok
23:08:48.0654 0x1180  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
23:08:48.0684 0x1180  upnphost - ok
23:08:48.0696 0x1180  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:48.0709 0x1180  usbccgp - ok
23:08:48.0719 0x1180  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:08:48.0747 0x1180  usbcir - ok
23:08:48.0751 0x1180  [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
23:08:48.0763 0x1180  usbehci - ok
23:08:48.0780 0x1180  [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:08:48.0798 0x1180  usbhub - ok
23:08:48.0808 0x1180  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
23:08:48.0830 0x1180  usbohci - ok
23:08:48.0843 0x1180  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:08:48.0864 0x1180  usbprint - ok
23:08:48.0883 0x1180  [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:48.0895 0x1180  USBSTOR - ok
23:08:48.0905 0x1180  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:48.0917 0x1180  usbuhci - ok
23:08:48.0927 0x1180  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms          C:\Windows\System32\uxsms.dll
23:08:48.0950 0x1180  UxSms - ok
23:08:48.0955 0x1180  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc        C:\Windows\system32\lsass.exe
23:08:48.0967 0x1180  VaultSvc - ok
23:08:48.0980 0x1180  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:08:49.0025 0x1180  vdrvroot - ok
23:08:49.0058 0x1180  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds            C:\Windows\System32\vds.exe
23:08:49.0091 0x1180  vds - ok
23:08:49.0106 0x1180  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:49.0128 0x1180  vga - ok
23:08:49.0147 0x1180  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:08:49.0168 0x1180  VgaSave - ok
23:08:49.0182 0x1180  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
23:08:49.0195 0x1180  vhdmp - ok
23:08:49.0219 0x1180  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
23:08:49.0230 0x1180  viaagp - ok
23:08:49.0243 0x1180  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
23:08:49.0312 0x1180  ViaC7 - ok
23:08:49.0330 0x1180  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:08:49.0344 0x1180  viaide - ok
23:08:49.0367 0x1180  [ DCA32F7079C1F9E99E16D47CF4D8D436, E3E815A767F9344F8243EEACF21364E47EB9D9EED3D717F56B072A0F01D8CADB ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
23:08:49.0377 0x1180  VIAKaraokeService - ok
23:08:49.0397 0x1180  [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus          C:\Windows\system32\DRIVERS\vmbus.sys
23:08:49.0411 0x1180  vmbus - ok
23:08:49.0415 0x1180  [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
23:08:49.0426 0x1180  VMBusHID - ok
23:08:49.0434 0x1180  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:08:49.0444 0x1180  volmgr - ok
23:08:49.0459 0x1180  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:08:49.0475 0x1180  volmgrx - ok
23:08:49.0498 0x1180  [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap        C:\Windows\system32\DRIVERS\volsnap.sys
23:08:49.0513 0x1180  volsnap - ok
23:08:49.0533 0x1180  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
23:08:49.0546 0x1180  vsmraid - ok
23:08:49.0577 0x1180  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS            C:\Windows\system32\vssvc.exe
23:08:49.0643 0x1180  VSS - ok
23:08:49.0669 0x1180  vToolbarUpdater18.4.0 - ok
23:08:49.0686 0x1180  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:08:49.0699 0x1180  vwifibus - ok
23:08:49.0728 0x1180  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time        C:\Windows\system32\w32time.dll
23:08:49.0759 0x1180  W32Time - ok
23:08:49.0765 0x1180  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:08:49.0776 0x1180  WacomPen - ok
23:08:49.0786 0x1180  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:08:49.0808 0x1180  WANARP - ok
23:08:49.0813 0x1180  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:08:49.0835 0x1180  Wanarpv6 - ok
23:08:49.0875 0x1180  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
23:08:49.0934 0x1180  wbengine - ok
23:08:49.0952 0x1180  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:08:49.0970 0x1180  WbioSrvc - ok
23:08:49.0994 0x1180  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:08:50.0036 0x1180  wcncsvc - ok
23:08:50.0045 0x1180  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:08:50.0077 0x1180  WcsPlugInService - ok
23:08:50.0081 0x1180  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:08:50.0090 0x1180  Wd - ok
23:08:50.0116 0x1180  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:08:50.0136 0x1180  Wdf01000 - ok
23:08:50.0152 0x1180  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:08:50.0175 0x1180  WdiServiceHost - ok
23:08:50.0179 0x1180  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:08:50.0195 0x1180  WdiSystemHost - ok
23:08:50.0217 0x1180  [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient      C:\Windows\System32\webclnt.dll
23:08:50.0242 0x1180  WebClient - ok
23:08:50.0255 0x1180  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:08:50.0281 0x1180  Wecsvc - ok
23:08:50.0295 0x1180  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:08:50.0328 0x1180  wercplsupport - ok
23:08:50.0361 0x1180  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
23:08:50.0385 0x1180  WerSvc - ok
23:08:50.0407 0x1180  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:08:50.0443 0x1180  WfpLwf - ok
23:08:50.0475 0x1180  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:08:50.0484 0x1180  WIMMount - ok
23:08:50.0526 0x1180  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
23:08:50.0591 0x1180  WinDefend - ok
23:08:50.0600 0x1180  WinHttpAutoProxySvc - ok
23:08:50.0648 0x1180  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:08:50.0712 0x1180  Winmgmt - ok
23:08:50.0757 0x1180  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM          C:\Windows\system32\WsmSvc.dll
23:08:50.0856 0x1180  WinRM - ok
23:08:50.0904 0x1180  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:08:50.0956 0x1180  Wlansvc - ok
23:08:50.0973 0x1180  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
23:08:50.0984 0x1180  WmiAcpi - ok
23:08:50.0998 0x1180  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:08:51.0013 0x1180  wmiApSrv - ok
23:08:51.0051 0x1180  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:51.0123 0x1180  WMPNetworkSvc - ok
23:08:51.0134 0x1180  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:08:51.0166 0x1180  WPCSvc - ok
23:08:51.0182 0x1180  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:08:51.0207 0x1180  WPDBusEnum - ok
23:08:51.0216 0x1180  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:08:51.0247 0x1180  ws2ifsl - ok
23:08:51.0271 0x1180  [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:08:51.0285 0x1180  wscsvc - ok
23:08:51.0289 0x1180  WSearch - ok
23:08:51.0377 0x1180  [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
23:08:51.0406 0x1180  WtuSystemSupport - ok
23:08:51.0467 0x1180  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:08:51.0525 0x1180  wuauserv - ok
23:08:51.0540 0x1180  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:08:51.0577 0x1180  WudfPf - ok
23:08:51.0594 0x1180  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:51.0630 0x1180  WUDFRd - ok
23:08:51.0655 0x1180  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:08:51.0679 0x1180  wudfsvc - ok
23:08:51.0698 0x1180  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:08:51.0746 0x1180  WwanSvc - ok
23:08:51.0763 0x1180  ================ Scan global ===============================
23:08:51.0786 0x1180  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
23:08:51.0809 0x1180  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:08:51.0821 0x1180  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:08:51.0892 0x1180  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
23:08:51.0934 0x1180  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
23:08:51.0951 0x1180  [ Global ] - ok
23:08:51.0952 0x1180  ================ Scan MBR ==================================
23:08:51.0979 0x1180  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:08:52.0465 0x1180  \Device\Harddisk0\DR0 - ok
23:08:52.0473 0x1180  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:08:52.0539 0x1180  \Device\Harddisk1\DR1 - ok
23:08:52.0548 0x1180  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:08:52.0707 0x1180  \Device\Harddisk2\DR2 - ok
23:08:52.0708 0x1180  ================ Scan VBR ==================================
23:08:52.0711 0x1180  [ 4D9D541C725E19413A06630D541602C8 ] \Device\Harddisk0\DR0\Partition1
23:08:52.0747 0x1180  \Device\Harddisk0\DR0\Partition1 - ok
23:08:52.0754 0x1180  [ 63EABB96F75E5CEFE8774E8377DBEA56 ] \Device\Harddisk1\DR1\Partition1
23:08:52.0756 0x1180  \Device\Harddisk1\DR1\Partition1 - ok
23:08:52.0767 0x1180  [ 7EE6FA9ECE8AB12D7873B5248222AAD9 ] \Device\Harddisk2\DR2\Partition1
23:08:52.0770 0x1180  \Device\Harddisk2\DR2\Partition1 - ok
23:08:52.0771 0x1180  ================ Scan generic autorun ======================
23:08:52.0879 0x1180  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:08:52.0986 0x1180  Sidebar - ok
23:08:53.0014 0x1180  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:08:53.0033 0x1180  mctadmin - ok
23:08:53.0063 0x1180  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:08:53.0101 0x1180  Sidebar - ok
23:08:53.0107 0x1180  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:08:53.0122 0x1180  mctadmin - ok
23:08:53.0123 0x1180  Waiting for KSN requests completion. In queue: 92
23:08:54.0123 0x1180  Waiting for KSN requests completion. In queue: 92
23:08:55.0123 0x1180  Waiting for KSN requests completion. In queue: 92
23:08:56.0125 0x1180  Waiting for KSN requests completion. In queue: 92
23:08:57.0125 0x1180  Waiting for KSN requests completion. In queue: 92
23:08:58.0125 0x1180  Waiting for KSN requests completion. In queue: 92
23:08:59.0125 0x1180  Waiting for KSN requests completion. In queue: 92
23:09:00.0215 0x1180  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5751 ), 0x41000 ( enabled : updated )
23:09:00.0235 0x1180  Win FW state via NFP2: enabled
23:09:03.0035 0x1180  ============================================================
23:09:03.0035 0x1180  Scan finished
23:09:03.0035 0x1180  ============================================================
23:09:03.0055 0x1758  Detected object count: 1
23:09:03.0055 0x1758  Actual detected object count: 1
23:09:26.0376 0x1758  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:09:26.0376 0x1758  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

schrauber 11.03.2015 12:11
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

molchi 11.03.2015 23:39
was mach ich nun mit dem 1 gefundenen von TDSSKiller? :)

Logfile Combofix:

Code:
ComboFix 15-03-09.01 - molchi 11.03.2015  23:27:05.1.3 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1033.18.3199.1624 [GMT 1:00]
ausgeführt von:: c:\users\molchi\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-02-11 bis 2015-03-11  ))))))))))))))))))))))))))))))
.
.
2015-03-11 22:35 . 2015-03-11 22:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-03-10 21:53 . 2015-03-10 22:02        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-10 21:37 . 2015-03-10 21:37        --------        d-----w-        c:\program files\VS Revo Group
2015-03-10 05:48 . 2015-03-10 05:54        --------        d-----w-        C:\FRST
2015-03-09 22:07 . 2015-03-09 22:07        35992        ----a-w-        c:\windows\system32\drivers\hitmanpro37.sys
2015-03-09 05:48 . 2015-03-09 22:49        --------        d-----w-        c:\programdata\HitmanPro
2015-03-09 03:24 . 2015-03-10 21:53        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-09 03:24 . 2015-03-10 21:52        92888        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-03-09 03:24 . 2014-11-21 05:14        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-03-09 03:24 . 2014-11-21 05:14        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-03-09 03:24 . 2015-03-09 22:49        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2015-02-27 22:02 . 2015-03-09 22:49        --------        d-----w-        c:\program files\Mozilla Thunderbird
2015-02-27 05:55 . 2015-03-09 22:49        --------        d-----w-        c:\programdata\Avg_Update_0215tb
2015-02-19 20:28 . 2015-02-19 20:28        217568        ----a-w-        c:\windows\system32\drivers\avgidsdriverx.sys
2015-02-18 21:47 . 2015-02-18 21:47        --------        d-----w-        c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 00:57 . 2014-04-24 20:22        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 00:57 . 2014-04-24 20:22        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-02-03 09:47 . 2015-02-03 09:47        265184        ----a-w-        c:\windows\system32\drivers\avglogx.sys
2015-01-23 08:40 . 2015-01-23 08:40        107488        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2015-01-16 10:15 . 2015-01-16 10:15        210400        ----a-w-        c:\windows\system32\drivers\avgtdix.sys
2014-02-13 12:20        3057808        --sha-r-        c:\windows\System32\avcodec-lav-55.dll
2014-02-13 12:20        98960        --sha-r-        c:\windows\System32\avfilter-lav-3.dll
2014-02-13 12:20        539280        --sha-r-        c:\windows\System32\avformat-lav-55.dll
2009-09-27 07:39        415744        --sh--w-        c:\windows\System32\avisynth.dll
2014-02-13 12:20        59536        --sha-r-        c:\windows\System32\avresample-lav-1.dll
2005-07-14 10:31        32256        --sh--w-        c:\windows\System32\AVSredirect.dll
2014-02-13 12:20        180368        --sha-r-        c:\windows\System32\avutil-lav-52.dll
2004-02-22 08:11        764416        --sh--w-        c:\windows\System32\devil.dll
2014-02-13 12:20        122512        --sha-r-        c:\windows\System32\HLaudio.dll
2014-02-13 12:20        202384        --sha-r-        c:\windows\System32\HLsplit.dll
2014-02-13 12:20        313520        --sha-r-        c:\windows\System32\HLvideo.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\System32\i420vfw.dll
2014-02-13 12:20        152720        --sha-r-        c:\windows\System32\IntelQuickSyncDecoder.dll
2014-02-13 12:20        109200        --sha-r-        c:\windows\System32\swscale-lav-2.dll
2012-10-05 17:54        188416        --sha-r-        c:\windows\System32\winDCE32.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-19 3710416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-05-21 19:03        832272        ----a-w-        c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 12:53        1493288        ----a-w-        c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2015-01-30 22:25        55568        ----a-w-        c:\program files\Raptr\raptrstub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-11-20 20:41        748232        ----a-w-        c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37        517096        ----a-w-        c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2015-03-04 22:34        3033112        ----a-w-        c:\program files\AVG Web TuneUp\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2014-04-25 23:56        12288        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe_ID0EYTHM"=c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-02-19 3411408]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2014-04-23 23456]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-03-09 35992]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-02-03 265184]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-02-19 217568]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-01-16 210400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2014-11-20 276992]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys [2014-11-21 265416]
S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2014-11-20 107520]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-02-19 308720]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-05-21 113424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-05-21 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-05-21 774928]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files\AVG Web TuneUp\WtuSystemSupport.exe [2015-03-04 620056]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-04-23 693464]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-24 00:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://mysearch.avg.com?cid={170A8DC2-4607-4B3D-9606-C4EDEC211CCF}&mid=1f0fb2f3fd3847d281c799127f52ef80-4d67a5cd415e1d767b70e17ec044e3280a45347b&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-28 23:32&v=4.1.0.411&pid=wtu&sg=&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-11  23:37:15
ComboFix-quarantined-files.txt  2015-03-11 22:37
.
Vor Suchlauf: 10 Verzeichnis(se), 882.518.892.544 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 883.282.337.792 Bytes frei
.
- - End Of File - - 5097AF0160D7E1D1EC06CA7813AB7CFA
A36C5E4F47E84449FF07ED3517B43A31

schrauber 12.03.2015 18:51
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

molchi 12.03.2015 22:35
Die besagten programme hatte ich schon or dem Forenpost erfolgreich arbeiten lassen. Seit gestern hab ich auch keine nervigen pop-up's mehr, irgendeins deiner Programme scheint offenbar gegriffen zu haben, was mach ich mit dem einen Fund von TDSSKiller den ich nach dem scan einfach geskipped habe??

Zur sicherheit trotzdem die logs, malwarebtes ohne fund:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.03.2015
Suchlauf-Zeit: 22:38:00
Logdatei: mbscan.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.12.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: molchi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 332153
Verstrichene Zeit: 7 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Adwcleaner fand nur 1 Registryeintrag:

Code:
# AdwCleaner v4.112 - Logfile created 12/03/2015 at 22:52:51
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate  (x86)
# Username : molchi - MOLCHI-PC
# Running from : C:\Users\molchi\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v36.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [3286 bytes] - [26/04/2014 05:36:20]
AdwCleaner[R1].txt - [873 bytes] - [05/05/2014 06:24:54]
AdwCleaner[R2].txt - [3833 bytes] - [31/05/2014 02:09:06]
AdwCleaner[R3].txt - [3195 bytes] - [09/01/2015 05:35:54]
AdwCleaner[R4].txt - [3482 bytes] - [09/03/2015 04:05:56]
AdwCleaner[R5].txt - [3637 bytes] - [09/03/2015 04:13:01]
AdwCleaner[R6].txt - [1492 bytes] - [12/03/2015 22:49:20]
AdwCleaner[S0].txt - [3423 bytes] - [26/04/2014 05:37:09]
AdwCleaner[S1].txt - [933 bytes] - [05/05/2014 06:26:25]
AdwCleaner[S2].txt - [3653 bytes] - [31/05/2014 02:11:02]
AdwCleaner[S3].txt - [3253 bytes] - [09/01/2015 05:38:25]
AdwCleaner[S4].txt - [3774 bytes] - [09/03/2015 04:14:49]
AdwCleaner[S5].txt - [1421 bytes] - [12/03/2015 22:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1480  bytes] ##########
JRT-Scan:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x86
Ran by molchi on 12.03.2015 at 22:56:22,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (molchi)
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2015 at 23:00:09,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frisches FRSt-Log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by molchi (administrator) on MOLCHI-PC on 12-03-2015 23:01:27
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {844F9710-987C-4933-9B00-028A0D8F8C33} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: [NameServer] 8.8.4.4,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [107520 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [265416 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-23] (Phoenix Technologies) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 catchme; \??\C:\Users\molchi\AppData\Local\Temp\catchme.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 23:01 - 2015-03-12 23:01 - 00000000 ____D () C:\Users\molchi\Desktop\FRST-OlderVersion
2015-03-12 23:00 - 2015-03-12 23:00 - 00001642 _____ () C:\Users\molchi\Desktop\JRT.txt
2015-03-12 22:55 - 2015-03-12 22:55 - 01388333 _____ (Thisisu) C:\Users\molchi\Desktop\JRT.exe
2015-03-12 22:48 - 2015-03-12 22:48 - 02171392 _____ () C:\Users\molchi\Desktop\adwcleaner_4.112.exe
2015-03-12 22:46 - 2015-03-12 22:46 - 00001190 _____ () C:\Users\molchi\Desktop\mbscan.txt
2015-03-11 23:37 - 2015-03-11 23:37 - 00012776 _____ () C:\ComboFix.txt
2015-03-11 23:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-11 23:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-11 23:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-11 23:24 - 2015-03-11 23:37 - 00000000 ____D () C:\Qoobox
2015-03-11 23:24 - 2015-03-11 23:36 - 00000000 ____D () C:\Windows\erdnt
2015-03-11 23:23 - 2015-03-11 23:24 - 05613296 ____R (Swearware) C:\Users\molchi\Desktop\ComboFix.exe
2015-03-10 23:04 - 2015-03-10 23:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\molchi\Desktop\tdsskiller.exe
2015-03-10 22:53 - 2015-03-10 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-10 22:51 - 2015-03-10 23:02 - 00000000 ____D () C:\Users\molchi\Desktop\mbar
2015-03-10 22:50 - 2015-03-10 22:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\molchi\Desktop\mbar-1.09.1.1004.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\molchi\Desktop\revosetup95.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 00001226 _____ () C:\Users\molchi\Desktop\Revo Uninstaller.lnk
2015-03-10 22:37 - 2015-03-10 22:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-10 06:54 - 2015-03-10 06:54 - 00025492 _____ () C:\Users\molchi\Desktop\Addition.txt
2015-03-10 06:49 - 2015-03-12 23:01 - 00010762 _____ () C:\Users\molchi\Desktop\FRST.txt
2015-03-10 06:48 - 2015-03-12 23:01 - 00000000 ____D () C:\FRST
2015-03-10 06:47 - 2015-03-12 23:01 - 01135104 _____ (Farbar) C:\Users\molchi\Desktop\FRST.exe
2015-03-10 00:00 - 2015-03-10 00:00 - 00008321 _____ () C:\Users\molchi\Desktop\hijackthis.log
2015-03-09 23:58 - 2015-03-09 23:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\molchi\Desktop\HiJackThis204.exe
2015-03-09 23:23 - 2015-03-09 23:28 - 00000760 _____ () C:\Users\molchi\Desktop\TP-LINK Modem Router Settings.txt
2015-03-09 23:07 - 2015-03-09 23:07 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-09 07:03 - 2015-03-09 07:03 - 00000830 _____ () C:\Windows\system32\.crusader
2015-03-09 06:48 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-09 06:47 - 2015-03-09 06:47 - 10085648 _____ (SurfRight B.V.) C:\Users\molchi\Downloads\HitmanPro.exe
2015-03-09 04:30 - 2015-03-09 04:45 - 132625648 _____ (Microsoft Corporation) C:\Users\molchi\Desktop\msert.exe
2015-03-09 04:24 - 2015-03-12 22:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 04:24 - 2015-03-10 22:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 04:24 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-09 04:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-05 23:00 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 23:02 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 06:55 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 23:01 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 23:01 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 22:56 - 2014-04-24 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 22:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 22:53 - 2014-04-23 07:20 - 01465067 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 22:53 - 2014-04-23 03:29 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-12 22:53 - 2009-07-14 05:39 - 00099317 _____ () C:\Windows\setupact.log
2015-03-12 22:52 - 2014-04-25 23:03 - 00000000 ____D () C:\AdwCleaner
2015-03-12 22:32 - 2014-04-23 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-12 08:58 - 2014-04-23 17:24 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\TS3Client
2015-03-12 08:55 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Local\Battle.net
2015-03-11 23:40 - 2014-04-23 02:28 - 00146704 _____ () C:\Windows\PFRO.log
2015-03-11 23:37 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-11 23:36 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-11 07:01 - 2014-04-26 01:33 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Skype
2015-03-10 06:53 - 2014-05-10 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-09 23:49 - 2015-01-28 23:31 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-09 23:49 - 2015-01-09 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-09 23:49 - 2015-01-04 18:24 - 00000000 ____D () C:\Users\molchi\Desktop\ReBot
2015-03-09 23:49 - 2014-07-25 02:02 - 00000000 ____D () C:\Program Files\Hearthstone
2015-03-09 23:49 - 2014-04-26 02:46 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\vlc
2015-03-09 23:49 - 2014-04-23 09:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 23:49 - 2014-04-23 07:18 - 00000000 ____D () C:\Users\molchi
2015-03-09 23:49 - 2014-04-23 02:08 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Battle.net
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Program Files\Battle.net
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-25 18:01 - 2015-01-09 05:53 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-13 22:47 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-12-01 17:30 - 2014-12-01 17:30 - 0000032 _____ () C:\Users\molchi\AppData\Roaming\UserIdentity.dat
2014-07-06 04:04 - 2014-07-06 04:04 - 0007609 _____ () C:\Users\molchi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\molchi\AppData\Local\Temp\Quarantine.exe
C:\Users\molchi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 19:03

==================== End Of Log ============================
--- --- ---

schrauber 13.03.2015 12:34

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

molchi 14.03.2015 00:57
logfile eset mit 28 funden.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f276d6bc175456479330dfaacfb9556c
# engine=22899
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-13 11:53:53
# local_time=2015-03-14 12:53:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 6616 113424817 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7917149 177922024 0 0
# scanned=391626
# found=28
# cleaned=0
# scan_time=5789
sh=B52FD6403E1D1F8CB9D3BACFBE3FEDDE5B428BA4 ft=1 fh=a0ce568e482fc573 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir"
sh=6C2A540166FA9D494C6295CB67C0E090C2A534FD ft=1 fh=0efc383dfd3d144d vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\AtuZi\AtuZiBHO.dll.vir"
sh=C6C61D8056DD0FDCE3D9E2010BBCFA0A9CADE3EB ft=1 fh=d24c614fb0f939ac vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\AtuZi\AtuZiUninstall.exe.vir"
sh=7AFD70B805F472B442C109791F51FF65E6C883F8 ft=1 fh=2b635b2e5b118e14 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\SlickSavings\SlickSavingsSetup.exe.vir"
sh=B06CEDEC6BF5107AF2D0C5EFC7C65B42FB59AA39 ft=1 fh=746c44b02a751ec7 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir"
sh=59E697C9F5BB3D86352B1FACA3AAD8BCB30A73D9 ft=1 fh=5340284e173e7526 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll.vir"
sh=9745BBE8290C1CE3C3A805E4B49071ED7B6DB888 ft=1 fh=ccd023872ef98989 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE64.dll.vir"
sh=B152F93C2F68A07FE8E4B9E32914A035F9AB1AB5 ft=1 fh=c71c0011c1b5643e vn="Variante von Win32/AdWare.AddLyrics.BH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PassShow-soft\170.dll.vir"
sh=E2B1FD8D92C97E369BF777F802C6E6C7FE380980 ft=1 fh=c71c00115fe5870f vn="Variante von Win32/AdWare.AddLyrics.AM Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PassShow-soft\PassShowT01.exe.vir"
sh=39533BB3C9822C0ECEE56F293AD38168CDC1E9D3 ft=1 fh=e187698507402098 vn="Variante von Win32/AdWare.AddLyrics.AS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PassShow-soft\Uninstall.exe.vir"
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=9BA6DC699104472080E202066F9A6194C861BBC4 ft=1 fh=644180d9ce5cd441 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=311437CF4EC68FC9E3F298BBF883F8D286FB793C ft=1 fh=6d2ccfecc66b253f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\RHEng\4589E28CA1DF42BBAFD0472861CF8A9E\13443.exe.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=312B4326F089F044FEFE73A81FD94223E3F36410 ft=1 fh=789dc111d976203c vn="Variante von Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe"
sh=3F021F9BE3A9F9A63F9FDA3F91BAE2EF0B74A6CC ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js"
securitycheck-log:

Code:
Results of screen317's Security Check version 0.99.97 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2015 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 AVG Web TuneUp 
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (36.0.1)
 Mozilla Thunderbird (31.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
und das aktuelle frst-log:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by molchi (administrator) on MOLCHI-PC on 14-03-2015 01:18:43
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3838\Agent.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5566\Battle.net.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {844F9710-987C-4933-9B00-028A0D8F8C33} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: [NameServer] 8.8.4.4,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [107520 2014-11-20] (Advanced Micro Devices) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [265416 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-23] (Phoenix Technologies) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 catchme; \??\C:\Users\molchi\AppData\Local\Temp\catchme.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 00:59 - 2015-03-14 00:59 - 00852604 _____ () C:\Users\molchi\Desktop\SecurityCheck.exe
2015-03-13 23:04 - 2015-03-13 23:04 - 02347384 _____ (ESET) C:\Users\molchi\Desktop\esetsmartinstaller_deu.exe
2015-03-12 23:01 - 2015-03-12 23:01 - 00000000 ____D () C:\Users\molchi\Desktop\FRST-OlderVersion
2015-03-12 23:00 - 2015-03-12 23:00 - 00001642 _____ () C:\Users\molchi\Desktop\JRT.txt
2015-03-12 22:55 - 2015-03-12 22:55 - 01388333 _____ (Thisisu) C:\Users\molchi\Desktop\JRT.exe
2015-03-12 22:48 - 2015-03-12 22:48 - 02171392 _____ () C:\Users\molchi\Desktop\adwcleaner_4.112.exe
2015-03-12 22:46 - 2015-03-12 22:46 - 00001190 _____ () C:\Users\molchi\Desktop\mbscan.txt
2015-03-11 23:37 - 2015-03-11 23:37 - 00012776 _____ () C:\ComboFix.txt
2015-03-11 23:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-11 23:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-11 23:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-11 23:24 - 2015-03-11 23:37 - 00000000 ____D () C:\Qoobox
2015-03-11 23:24 - 2015-03-11 23:36 - 00000000 ____D () C:\Windows\erdnt
2015-03-11 23:23 - 2015-03-11 23:24 - 05613296 ____R (Swearware) C:\Users\molchi\Desktop\ComboFix.exe
2015-03-10 23:04 - 2015-03-10 23:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\molchi\Desktop\tdsskiller.exe
2015-03-10 22:53 - 2015-03-10 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-10 22:51 - 2015-03-10 23:02 - 00000000 ____D () C:\Users\molchi\Desktop\mbar
2015-03-10 22:50 - 2015-03-10 22:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\molchi\Desktop\mbar-1.09.1.1004.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\molchi\Desktop\revosetup95.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 00001226 _____ () C:\Users\molchi\Desktop\Revo Uninstaller.lnk
2015-03-10 22:37 - 2015-03-10 22:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-10 06:54 - 2015-03-10 06:54 - 00025492 _____ () C:\Users\molchi\Desktop\Addition.txt
2015-03-10 06:49 - 2015-03-14 01:18 - 00010915 _____ () C:\Users\molchi\Desktop\FRST.txt
2015-03-10 06:48 - 2015-03-14 01:18 - 00000000 ____D () C:\FRST
2015-03-10 06:47 - 2015-03-12 23:01 - 01135104 _____ (Farbar) C:\Users\molchi\Desktop\FRST.exe
2015-03-10 00:00 - 2015-03-10 00:00 - 00008321 _____ () C:\Users\molchi\Desktop\hijackthis.log
2015-03-09 23:58 - 2015-03-09 23:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\molchi\Desktop\HiJackThis204.exe
2015-03-09 23:23 - 2015-03-09 23:28 - 00000760 _____ () C:\Users\molchi\Desktop\TP-LINK Modem Router Settings.txt
2015-03-09 23:07 - 2015-03-09 23:07 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-09 07:03 - 2015-03-09 07:03 - 00000830 _____ () C:\Windows\system32\.crusader
2015-03-09 06:48 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-09 06:47 - 2015-03-09 06:47 - 10085648 _____ (SurfRight B.V.) C:\Users\molchi\Downloads\HitmanPro.exe
2015-03-09 04:30 - 2015-03-09 04:45 - 132625648 _____ (Microsoft Corporation) C:\Users\molchi\Desktop\msert.exe
2015-03-09 04:24 - 2015-03-12 22:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 04:24 - 2015-03-10 22:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 04:24 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-09 04:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-05 23:00 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 23:02 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 06:55 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 01:16 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Local\Battle.net
2015-03-14 00:56 - 2014-04-24 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 00:50 - 2014-04-23 07:20 - 01490149 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 23:57 - 2014-04-23 17:24 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\TS3Client
2015-03-13 23:55 - 2009-07-14 05:39 - 00099877 _____ () C:\Windows\setupact.log
2015-03-13 23:07 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 23:07 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 23:03 - 2014-04-23 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-13 23:00 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 07:24 - 2014-04-23 03:29 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-12 22:52 - 2014-04-25 23:03 - 00000000 ____D () C:\AdwCleaner
2015-03-11 23:40 - 2014-04-23 02:28 - 00146704 _____ () C:\Windows\PFRO.log
2015-03-11 23:37 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-11 23:36 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-11 07:01 - 2014-04-26 01:33 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Skype
2015-03-10 06:53 - 2014-05-10 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-09 23:49 - 2015-01-28 23:31 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-09 23:49 - 2015-01-09 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-09 23:49 - 2015-01-04 18:24 - 00000000 ____D () C:\Users\molchi\Desktop\ReBot
2015-03-09 23:49 - 2014-07-25 02:02 - 00000000 ____D () C:\Program Files\Hearthstone
2015-03-09 23:49 - 2014-04-26 02:46 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\vlc
2015-03-09 23:49 - 2014-04-23 09:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 23:49 - 2014-04-23 07:18 - 00000000 ____D () C:\Users\molchi
2015-03-09 23:49 - 2014-04-23 02:08 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Battle.net
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Program Files\Battle.net
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-25 18:01 - 2015-01-09 05:53 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-13 22:47 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-12-01 17:30 - 2014-12-01 17:30 - 0000032 _____ () C:\Users\molchi\AppData\Roaming\UserIdentity.dat
2014-07-06 04:04 - 2014-07-06 04:04 - 0007609 _____ () C:\Users\molchi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\molchi\AppData\Local\Temp\Quarantine.exe
C:\Users\molchi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 19:03

==================== End Of Log ============================
--- --- ---


Probleme spürbar keine vorhanden, bleibt die frage was mach ich mit den 28 Fundenvon eset wo ja "nicht entfernen" eingstellt war, und dem einen von tdsskiller der ja auf skip anstatt entfernen stand?

schrauber 14.03.2015 12:37
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe

C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe

C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




JEtzt bitte die versäumten 5 Jahre WIndows Updates machen inkl. Servicepack 1, dann nochmal ein frisches FRST Log.

molchi 14.03.2015 22:34
frst-log:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by molchi at 2015-03-14 22:25:25 Run:1
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe

C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe

C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js
Emptytemp:
*****************

C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe => Moved successfully.
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe => Moved successfully.
C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js => Moved successfully.
EmptyTemp: => Removed 415.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:26:55 ====
Updates der letzten 5 Monate (nicht Jahre ;) ) mach ich gleich, schieb ich schon ewig vor mir her *schäm*

Bleibt die Frage ob ich die 28 infizierten dateien die Eset erkannte, aber "nicht entfernen" eingestellt war ignoriere oder jetzt noch entfernen soll, ebenso der 1 Fund den TDSSKiller hatte welcher aber ja auf Skip stand. :balla:

Dank dir vielmals :dankeschoen:

schrauber 15.03.2015 13:44
Zitat:
Updates der letzten 5 Monate (nicht Jahre ;) )
Servicepack 1 gibt es seit 2011, fehlt bei dir. Jahre ;)

Wir haben alle Funde von Interesse gelöscht, Rest ist schon in Quarantäne.

molchi 15.03.2015 16:46
Ok, war nur irritiert weil die beiden programme ja auf nur erkennen standen :)

Seit 2011? o.O ich habs erst 2013 oder so installiert und alles, aber gut, updates sin drauf.

Dank dir vieeelmals für die super Hilfe, ihr seid die besten hier :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131