| |
| |||||||
Log-Analyse und Auswertung: ClickCompare Malware auf Win 8 x64Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.08.2013, 17:48
| #1 |
| |  ClickCompare Malware auf Win 8 x64 Hallo an das Forum, ich habe mir auf einem PC diese "nette" Malware eingefangen, die im Firefox einige Links auf die Seite "clickcompare.info umleitet". Es wäre nett, wenn mir jemand bei dem Versuch des Entfernens helfen könnte. Die zuerst benötigten Logfiles sind beigefügt. Besten Dank Stephan edit: Logfiles zu groß, daher als Anhang. Geändert von elmausi (05.08.2013 um 17:54 Uhr) Grund: Logs leider zu groß, daher als Anhang. |
|
05.08.2013, 18:17
| #2 |
| /// Malware-holic   | ClickCompare Malware auf Win 8 x64 Hi,
__________________1. logs bitte immer, wenn möglcih, direkt in die Antwort kopieren. 2. aus der additions.txt: Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig
__________________ |
|
05.08.2013, 18:30
| #3 |
| | ClickCompare Malware auf Win 8 x64 Oh, sorry, ich dachte, dass wenn die Logs zu groß sind, dann alle in einer Datei gepackt werden sollen. Kommt nicht wieder vor.
__________________ Hier die installierten Programme: Code:
ATTFilter µTorrent (x32 Version: 3.3.0.29126) - nötig 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) - nötig Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7) - nötig Adobe AIR (x32 Version: 3.7.0.2090) - unnötig Adobe Community Help (x32 Version: 3.0.0) - unnötig Adobe Community Help (x32 Version: 3.0.0.400) - unnötig Adobe Creative Suite 5 Master Collection (x32 Version: 5.0) - nötig Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) - nötig Adobe Media Player (x32 Version: 1.8) - nötig Adobe Photoshop Lightroom 3.4.1 64-bit (Version: 3.4.2) - nötig Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) - nötig Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) - unnötig AMD Accelerated Video Transcoding (Version: 12.5.100.21116) - unbekannt AMD APP SDK Runtime (Version: 10.0.937.2) - unbekannt AMD Catalyst Install Manager (Version: 8.0.877.0) - nötig AMD Drag and Drop Transcoding (Version: 2.00.0000) - unbekannt AMD Media Foundation Decoders (Version: 1.0.71116.1554) - unbekannt AnyDVD (x32 Version: 7.1.4.5) - nötig Apple Application Support (x32 Version: 2.3.4) - nötig Apple Mobile Device Support (Version: 6.1.0.13) - nötig Apple Software Update (x32 Version: 2.1.3.127) - nötig ATI AVIVO64 Codecs (Version: 11.6.0.10419)- unbekannt avast! Free Antivirus (x32 Version: 8.0.1489.0) - nötig AVCHDCoder (x32 Version: 11.12.27) - unbekannt AviSynth 2.5 (x32) - unbekannt Bonjour (Version: 3.0.0.10) - unnötig Cas Studio 9.1.0 (x32 Version: 9.1.0) - nötig Catalyst Control Center - Branding (x32 Version: 1.00.0000) - nötig Catalyst Control Center (x32 Version: 2012.1116.1515.27190) - nötig Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190) - nötig Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190) - nötig Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190) - nötig CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Czech (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Danish (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Dutch (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help English (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Finnish (x32 Version: 2012.1116.1514.27190) - unnötig - unnötig CCC Help French (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help German (x32 Version: 2012.1116.1514.27190) - nötig CCC Help Greek (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Hungarian (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Italian (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Japanese (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Korean (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Norwegian (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Polish (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Portuguese (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Russian (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Spanish (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Swedish (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Thai (x32 Version: 2012.1116.1514.27190) - unnötig CCC Help Turkish (x32 Version: 2012.1116.1514.27190) - unnötig ccc-utility64 (Version: 2012.1116.1515.27190) - unbekannt cera Product Library (Version: 2.0.0713) - unbekannt Classic Shell (Version: 3.6.8) - nötig CloneDVD2 (x32 Version: 2.9.3.0) - unnötig CyberLink PowerDVD 11 (x32 Version: 11.0.1719.51) - nötig Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) - unbekannt DivX Tech Preview: MKV on Windows 7 (x32) - nötig DivX-Setup (x32 Version: 2.6.1.44) - unbekannt DVDFab (remove only) (x32) - unnötig ElsterFormular (x32 Version: 14.1.11318) - nötig File Type Assistant (x32 Version: 2013.4.8.0) - unbekannt Final Media Player 2012 (x32 Version: 2012.10.9.0) Google Earth (x32 Version: 7.1.1.1888) - nötig Google Update Helper (x32 Version: 1.3.21.153) - unbekannt ImgBurn (x32 Version: 2.5.7.0) - nötig IrfanView (remove only) (x32 Version: 4.35) - nötig iSafe (x32) - nötig iTunes (Version: 11.0.4.4) - nötig Java 7 Update 25 (x32 Version: 7.0.250) - nötig Java Auto Updater (x32 Version: 2.1.9.5) - unbekannt K-Lite Codec Pack 9.9.4 (Full) (x32 Version: 9.9.4) - nötig Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) - nötig Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Office 2010 Service Pack 1 (SP1) (x32) - nötig Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) - nötig Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) - nötig Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) - nötig Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) - nötig Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) - nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) - nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) - nötig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) - nötig Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) - nötig Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) - nötig Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) - nötig Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) - nötig Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) - nötig Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) - nötig Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) - nötig Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) - nötig Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) - nötig Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) - nötig Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) - nötig Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) - nötig Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) - nötig Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) - nötig MOV Download Tool 1.2.1 (x32 Version: 1.2.1) - nötig Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) - nötig Mozilla Maintenance Service (x32 Version: 22.0) - nötig Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) - nötig MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) - unbekannt MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) - unbekannt PDF Settings CS5 (x32 Version: 10.0) - unbekannt PDF-XChange Lite 4 (Version: 4.0.195.0) - nötig QuickTime (x32 Version: 7.74.80.86) - nötig Realtek High Definition Audio Driver (x32 Version: 6.0.1.6383) - nötig Samsung Kies (x32 Version: 2.5.2.13021_10) - nötig Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1) - nötig SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0) - nötig swMSM (x32 Version: 12.0.0.1) - unbekannt System Requirements Lab for Intel (x32 Version: 4.5.13.0) - unbekannt TeamViewer 8 Host (x32 Version: 8.0.17396) - nötig Unlocker 1.9.1-x64 (Version: 1.9.1) - unnötig Update for Microsoft Office 2010 (KB2494150) (x32) - nötig Update for Microsoft Office 2010 (KB2553065) (x32) - nötig Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2566458) (x32) - nötig Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) - nötig Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) - nötig Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) - nötig Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) - nötig Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) - nötig Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) - nötig Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) - nötig Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) - nötig VaudiX (Version: 1.0) - unbekannt VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) - unbekannt VIO Player version 1.0.1 (x32 Version: 1.0.1) - nötig VirtualCloneDrive (x32) - unnötig VLC media player 2.0.2 (x32 Version: 2.0.2) - nötig VueScan - nötig VueScan x64 - nötig Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) - nötig |
|
06.08.2013, 16:50
| #4 |
| /// Malware-holic | ClickCompare Malware auf Win 8 x64 Hi, ok, wenn sie zu groß sind, erst mal in Codetaks versuchen, sonst natürlich packen :-) Es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig. 1. Deinstaliere: Adobe: alle unnötigen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: CloneDVD2 DVDFab Unlocker starte neu. 2. Scan mit Combofix
3. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 20:23
| #5 |
| | ClickCompare Malware auf Win 8 x64 Hallo Markus, hier die beiden Logfiles. Code:
ATTFilter Combofix Logfile: Code:
ATTFilter 21:17:51. TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:17:51. ============================================================
21:17:51. Current date / time: 2013/08/07 21:17:51.0448
21:17:51. SystemInfo:
21:17:51.
21:17:51. OS Version: 6.2.9200 ServicePack: 0.0
21:17:51. Product type: Workstation
21:17:51. ComputerName: MAUSI
21:17:51. UserName: Stephan
21:17:51. Windows directory: C:\WINDOWS
21:17:51. System windows directory: C:\WINDOWS
21:17:51. Running under WOW64
21:17:51. Processor architecture: Intel x64
21:17:51. Number of processors: 2
21:17:51. Page size: 0x1000
21:17:51. Boot type: Normal boot
21:17:51. ============================================================
21:17:52. Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:17:52. Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3F16B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
21:17:52. Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:17:52. Drive \Device\Harddisk3\DR3 - Size: 0x3D7FFE00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:17:52. ============================================================
21:17:52. \Device\Harddisk0\DR0:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x951A0C5
21:17:52. \Device\Harddisk1\DR1:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:17:52. \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEFCE000
21:17:52. \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xF000CF3, BlocksNum 0xE1C3C4D
21:17:52. \Device\Harddisk2\DR2:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BFF00D
21:17:52. \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x3BFF08B, BlocksNum 0x9FFEACC
21:17:52. \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0xDBFDB96, BlocksNum 0xF5C69EB
21:17:52. \Device\Harddisk3\DR3:
21:17:52. MBR partitions:
21:17:52. \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1EBFC0
21:17:52. ============================================================
21:17:52. C: <-> \Device\Harddisk1\DR1\Partition2
21:17:52. D: <-> \Device\Harddisk2\DR2\Partition2
21:17:52. E: <-> \Device\Harddisk1\DR1\Partition3
21:17:52. F: <-> \Device\Harddisk2\DR2\Partition3
21:17:52. G: <-> \Device\Harddisk0\DR0\Partition1
21:17:52. T: <-> \Device\Harddisk2\DR2\Partition1
21:17:52. ============================================================
21:17:52. Initialize success
21:17:52. ============================================================
21:18:47. ============================================================
21:18:47. Scan started
21:18:47. Mode: Manual; SigCheck; TDLFS;
21:18:47. ============================================================
21:18:48. ================ Scan system memory ========================
21:18:48. System memory - ok
21:18:48. ================ Scan services =============================
21:18:48. [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
21:18:48.ohci - ok
21:18:48. [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
21:18:48.ware - ok
21:18:48. [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
21:18:48. ACPI - ok
21:18:48. [ DC968C37822117E576B933F34A2D130C ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
21:18:48. acpiex - ok
21:18:48. [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
21:18:48. acpipagr - ok
21:18:48. [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
21:18:48. AcpiPmi - ok
21:18:48. [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
21:18:48. acpitime - ok
21:18:48. [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:48. AdobeARMservice - ok
21:18:49. [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:49. AdobeFlashPlayerUpdateSvc - ok
21:18:49. [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\WINDOWS\system32\drivers\adp94xx.sys
21:18:49. adp94xx - ok
21:18:49. [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\WINDOWS\system32\drivers\adpahci.sys
21:18:49. adpahci - ok
21:18:49. [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\WINDOWS\system32\drivers\adpu320.sys
21:18:49. adpu320 - ok
21:18:49. [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
21:18:49. AeLookupSvc - ok
21:18:49. [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\WINDOWS\system32\drivers\afd.sys
21:18:49. AFD - ok
21:18:49. [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
21:18:49. agp440 - ok
21:18:49. [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\WINDOWS\System32\alg.exe
21:18:49. ALG - ok
21:18:49. [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
21:18:49. AllUserInstallAgent - ok
21:18:49. [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
21:18:49. AMD External Events Utility - ok
21:18:49. [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
21:18:49. AmdK8 - ok
21:18:49. [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
21:18:50. amdkmdag - ok
21:18:50. [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
21:18:50. amdkmdap - ok
21:18:50. [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
21:18:50. AmdPPM - ok
21:18:50. [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
21:18:50. amdsata - ok
21:18:50. [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
21:18:50. amdsbs - ok
21:18:50. [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
21:18:50. amdxata - ok
21:18:50. [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
21:18:50. AnyDVD - ok
21:18:50. [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\WINDOWS\system32\drivers\appid.sys
21:18:50. AppID - ok
21:18:50. [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
21:18:50. AppIDSvc - ok
21:18:50. [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\WINDOWS\System32\appinfo.dll
21:18:50. Appinfo - ok
21:18:50. [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:18:50. Apple Mobile Device - ok
21:18:50. [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:18:50. AppMgmt - ok
21:18:50. [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\WINDOWS\system32\drivers\arc.sys
21:18:50. arc - ok
21:18:50. [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
21:18:50. arcsas - ok
21:18:50. [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:18:50. aswFsBlk - ok
21:18:50. [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:18:50. aswMonFlt - ok
21:18:50. [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\WINDOWS\System32\Drivers\aswrdr2.sys
21:18:50. aswRdr - ok
21:18:50. [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
21:18:50. aswRvrt - ok
21:18:50. [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:18:50. aswSnx - ok
21:18:51. [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:18:51. aswSP - ok
21:18:51. [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:18:51. aswTdi - ok
21:18:51. [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
21:18:51. aswVmm - ok
21:18:51. [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:51. AsyncMac - ok
21:18:51. [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
21:18:51. atapi - ok
21:18:51. [ 940E5B876251E04FFFE058AD71FE0F1C ] AtcL001 C:\WINDOWS\system32\DRIVERS\l160x64.sys
21:18:51. AtcL001 - ok
21:18:51. [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW76.sys
21:18:51. AtiHDAudioService - ok
21:18:51. [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:18:51. AudioEndpointBuilder - ok
21:18:51. [ 599B3F685A263A114FFAF3BE29C49C75 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
21:18:51. Audiosrv - ok
21:18:51. [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:18:51. avast! Antivirus - ok
21:18:51. [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
21:18:51. AxInstSV - ok
21:18:51. [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
21:18:51. b06bdrv - ok
21:18:51. [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:18:51. BasicDisplay - ok
21:18:51. [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
21:18:51. BasicRender - ok
21:18:51. [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
21:18:51. BDESVC - ok
21:18:51. [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:18:51. Beep - ok
21:18:51. [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\WINDOWS\System32\bfe.dll
21:18:51. BFE - ok
21:18:51. [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\WINDOWS\system32\qmgr.dll
21:18:51. BITS - ok
21:18:51. [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:18:51. Bonjour Service - ok
21:18:51. [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
21:18:52. bowser - ok
21:18:52. [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:18:52. BrokerInfrastructure - ok
21:18:52. [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\WINDOWS\System32\browser.dll
21:18:52. Browser - ok
21:18:52. [ 6695200F455E251F0BCC9CE4D0978D59 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:18:52. BthAvrcpTg - ok
21:18:52. [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
21:18:52. BthHFEnum - ok
21:18:52. [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
21:18:52. bthhfhid - ok
21:18:52. [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
21:18:52. BTHMODEM - ok
21:18:52. [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\WINDOWS\system32\bthserv.dll
21:18:52. bthserv - ok
21:18:52. catchme - ok
21:18:52. [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:18:52. cdfs - ok
21:18:52. [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
21:18:52. cdrom - ok
21:18:52. [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
21:18:52. CertPropSvc - ok
21:18:52. [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
21:18:52. circlass - ok
21:18:52. [ 55FE970B500F6D2A550B5E80AB8C4EAC ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
21:18:52. ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
21:18:52. ClassicShellService - detected UnsignedFile.Multi.Generic (1)
21:18:52. [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
21:18:52. CLFS - ok
21:18:52. [ 9F7DBE12A2B5BE09F9C9E3BE20D81E38 ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:18:52. CLHNServiceForPowerDVD - ok
21:18:52. [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
21:18:52. CmBatt - ok
21:18:52. [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
21:18:52. CNG - ok
21:18:52. [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
21:18:52. CompositeBus - ok
21:18:52. COMSysApp - ok
21:18:53. [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\WINDOWS\system32\drivers\condrv.sys
21:18:53. condrv - ok
21:18:53. [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
21:18:53. CryptSvc - ok
21:18:53. [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\WINDOWS\system32\drivers\csc.sys
21:18:53. CSC - ok
21:18:53. [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\WINDOWS\System32\cscsvc.dll
21:18:53. CscService - ok
21:18:53. [ 9DEEDBD844F84E3B7BC163974E3FDCAD ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:18:53. CyberLink PowerDVD 11.0 Monitor Service - ok
21:18:53. [ E2A1450811017E781A1F886DCA52EC23 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
21:18:53. CyberLink PowerDVD 11.0 Service - ok
21:18:53. [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\WINDOWS\system32\drivers\dam.sys
21:18:53. dam - ok
21:18:53. [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:18:53. DcomLaunch - ok
21:18:53. [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
21:18:53. defragsvc - ok
21:18:53. [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:18:53. DeviceAssociationService - ok
21:18:53. [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
21:18:53. DeviceInstall - ok
21:18:53. [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
21:18:53. Dfsc - ok
21:18:53. [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:18:53. dg_ssudbus - ok
21:18:53. [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
21:18:53. Dhcp - ok
21:18:53. [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\WINDOWS\system32\drivers\discache.sys
21:18:53. discache - ok
21:18:53. [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\WINDOWS\system32\drivers\disk.sys
21:18:53. disk - ok
21:18:53. [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
21:18:53. dmvsc - ok
21:18:53. [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:18:53. Dnscache - ok
21:18:53. [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\WINDOWS\System32\dot3svc.dll
21:18:53. dot3svc - ok
21:18:53. [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\WINDOWS\system32\dps.dll
21:18:53. DPS - ok
21:18:54. [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:18:54. drmkaud - ok
21:18:54. [ F87F4AAAF6664906248D11D5E579A53B ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
21:18:54. DsmSvc - ok
21:18:54. [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:18:54. DXGKrnl - ok
21:18:54. [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\WINDOWS\System32\eapsvc.dll
21:18:54. Eaphost - ok
21:18:54. [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
21:18:54. ebdrv - ok
21:18:54. [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\WINDOWS\System32\lsass.exe
21:18:54. EFS - ok
21:18:54. [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
21:18:54. EhStorClass - ok
21:18:54. [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:18:54. EhStorTcgDrv - ok
21:18:54. [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:18:54. ElbyCDIO - ok
21:18:54. [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
21:18:54. ErrDev - ok
21:18:54. [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\WINDOWS\system32\es.dll
21:18:54. EventSystem - ok
21:18:54. [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
21:18:54. exfat - ok
21:18:54. [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
21:18:54. fastfat - ok
21:18:54. [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\WINDOWS\system32\fxssvc.exe
21:18:54. Fax - ok
21:18:54. [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
21:18:54. fdc - ok
21:18:54. [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\WINDOWS\system32\fdPHost.dll
21:18:54. fdPHost - ok
21:18:54. [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\WINDOWS\system32\fdrespub.dll
21:18:54. FDResPub - ok
21:18:55. [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
21:18:55. fhsvc - ok
21:18:55. [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
21:18:55. FileInfo - ok
21:18:55. [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
21:18:55. Filetrace - ok
21:18:55. [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
21:18:55. flpydisk - ok
21:18:55. [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:18:55. FltMgr - ok
21:18:55. [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\WINDOWS\system32\FntCache.dll
21:18:55. FontCache - ok
21:18:55. [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:18:55. FontCache3.0.0.0 - ok
21:18:55. [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
21:18:55. FsDepends - ok
21:18:55. [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:18:55. Fs_Rec - ok
21:18:55. [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:18:55. fvevol - ok
21:18:55. [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
21:18:55. FxPPM - ok
21:18:55. [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
21:18:55. gagp30kx - ok
21:18:55. [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:18:55. GEARAspiWDM - ok
21:18:55. [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
21:18:55. gencounter - ok
21:18:55. [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:18:55. GPIOClx0101 - ok
21:18:55. [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
21:18:55. gpsvc - ok
21:18:55. [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:18:55. gupdate - ok
21:18:55. [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:18:55. gupdatem - ok
21:18:55. [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
21:18:55. HDAudBus - ok
21:18:55. [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
21:18:55. HidBatt - ok
21:18:55. [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
21:18:56. HidBth - ok
21:18:56. [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
21:18:56. hidi2c - ok
21:18:56. [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
21:18:56. HidIr - ok
21:18:56. [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\WINDOWS\System32\hidserv.dll
21:18:56. hidserv - ok
21:18:56. [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
21:18:56. HidUsb - ok
21:18:56. [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
21:18:56. hkmsvc - ok
21:18:56. [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:18:56. HomeGroupListener - ok
21:18:56. [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:18:56. HomeGroupProvider - ok
21:18:56. [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
21:18:56. HpSAMD - ok
21:18:56. [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
21:18:56. HTTP - ok
21:18:56. [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
21:18:56. hwpolicy - ok
21:18:56. [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
21:18:56. hyperkbd - ok
21:18:56. [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:18:56. HyperVideo - ok
21:18:56. [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
21:18:56. i8042prt - ok
21:18:56. [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
21:18:56. iaStorV - ok
21:18:56. [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\WINDOWS\system32\drivers\iirsp.sys
21:18:56. iirsp - ok
21:18:56. [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
21:18:56. IKEEXT - ok
21:18:56. [ A3C9367A02B2A1FC22536ADD3601B64F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:18:57. IntcAzAudAddService - ok
21:18:57. [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
21:18:57. intelide - ok
21:18:57. [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
21:18:57. intelppm - ok
21:18:57. [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:18:57. IpFilterDriver - ok
21:18:57. [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
21:18:57. iphlpsvc - ok
21:18:57. [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:18:57. IPMIDRV - ok
21:18:57. [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
21:18:57. IPNAT - ok
21:18:57. [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:18:57. iPod Service - ok
21:18:57. [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
21:18:57. IRENUM - ok
21:18:57. [ AABE14D15F7831CDC7618F09C5CE5239 ] iSafeKrnl C:\Program Files (x86)\iSafe\iSafeKrnl.sys
21:18:57. iSafeKrnl - ok
21:18:57. [ AD12E488E77AE2F7CB057FD6CD89FA2D ] iSafeService C:\Program Files (x86)\iSafe\iSafeSvc.exe
21:18:57. iSafeService - ok
21:18:57. [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
21:18:57. isapnp - ok
21:18:57. [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
21:18:57. iScsiPrt - ok
21:18:57. [ 73A968D4A85BB2552DDCF72CB15F06D2 ] JRAID C:\WINDOWS\system32\drivers\jraid.sys
21:18:57. JRAID - ok
21:18:57. [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
21:18:57. kbdclass - ok
21:18:57. [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
21:18:57. kbdhid - ok
21:18:57. [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:18:57. kdnic - ok
21:18:57. [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\WINDOWS\system32\lsass.exe
21:18:57. KeyIso - ok
21:18:57. [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
21:18:57. KSecDD - ok
21:18:57. [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:18:57. KSecPkg - ok
21:18:57. [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:18:57. ksthunk - ok
21:18:57. [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
21:18:57. KtmRm - ok
21:18:57. [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:18:57. LanmanServer - ok
21:18:58. [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:18:58. LanmanWorkstation - ok
21:18:58. [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:18:58. lltdio - ok
21:18:58. [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
21:18:58. lltdsvc - ok
21:18:58. [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
21:18:58. lmhosts - ok
21:18:58. [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
21:18:58. LSI_SAS - ok
21:18:58. [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:18:58. LSI_SAS2 - ok
21:18:58. [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\WINDOWS\system32\drivers\lsi_scsi.sys
21:18:58. LSI_SCSI - ok
21:18:58. [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
21:18:58. LSI_SSS - ok
21:18:58. [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\WINDOWS\System32\lsm.dll
21:18:58. LSM - ok
21:18:58. [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
21:18:58. luafv - ok
21:18:58. [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:18:58. MBAMProtector - ok
21:18:58. [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:18:58. MBAMScheduler - ok
21:18:58. [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:18:58. MBAMService - ok
21:18:58. [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\WINDOWS\system32\drivers\megasas.sys
21:18:58. megasas - ok
21:18:58. [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\WINDOWS\system32\drivers\MegaSR.sys
21:18:58. MegaSR - ok
21:18:58. [ 54CECB92EE2140BE1A9EC19C16EED57A ] mf C:\WINDOWS\System32\drivers\mf.sys
21:18:58. mf - ok
21:18:58. [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\WINDOWS\system32\mmcss.dll
21:18:58. MMCSS - ok
21:18:58. [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\WINDOWS\system32\drivers\modem.sys
21:18:58. Modem - ok
21:18:58. [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\WINDOWS\System32\drivers\monitor.sys
21:18:58. monitor - ok
21:18:58. [ 618446B98C79776654340CE27C73485E ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
21:18:58. mouclass - ok
21:18:58. [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
21:18:58. mouhid - ok
21:18:58. [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
21:18:58. mountmgr - ok
21:18:58. [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:18:58. MozillaMaintenance - ok
21:18:58. [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
21:18:59. mpsdrv - ok
21:18:59. [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
21:18:59. MpsSvc - ok
21:18:59. [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
21:18:59. MRxDAV - ok
21:18:59. [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:18:59. mrxsmb - ok
21:18:59. [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:18:59. mrxsmb10 - ok
21:18:59. [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:18:59. mrxsmb20 - ok
21:18:59. [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
21:18:59. MsBridge - ok
21:18:59. [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:18:59. MSDTC - ok
21:18:59. [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:18:59. Msfs - ok
21:18:59. [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:18:59. msgpiowin32 - ok
21:18:59. [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:18:59. mshidkmdf - ok
21:18:59. [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
21:18:59. mshidumdf - ok
21:18:59. [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
21:18:59. msisadrv - ok
21:18:59. [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
21:18:59. MSiSCSI - ok
21:18:59. msiserver - ok
21:18:59. [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:18:59. MSKSSRV - ok
21:18:59. [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:18:59. MsLldp - ok
21:18:59. [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:18:59. MSPCLOCK - ok
21:18:59. [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:18:59. MSPQM - ok
21:18:59. [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
21:18:59. MsRPC - ok
21:18:59. [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
21:18:59. mssmbios - ok
21:18:59. [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:18:59. MSTEE - ok
21:18:59. [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
21:18:59. MTConfig - ok
21:18:59. [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:18:59. MTsensor - ok
21:18:59. [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\WINDOWS\system32\Drivers\mup.sys
21:19:00. Mup - ok
21:19:00. [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
21:19:00. mvumis - ok
21:19:00. [ 4B18840511D720BA118D3017E8165875 ] napagent C:\WINDOWS\system32\qagentRT.dll
21:19:00. napagent - ok
21:19:00. [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:19:00. NativeWifiP - ok
21:19:00. [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
21:19:00. NcaSvc - ok
21:19:00. [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
21:19:00. NcdAutoSetup - ok
21:19:00. [ A10E176F3B2BF83EDE7B5C4658C93B66 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
21:19:00. NDIS - ok
21:19:00. [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:19:00. NdisCap - ok
21:19:00. [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:19:00. NdisImPlatform - ok
21:19:00. [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:19:00. NdisTapi - ok
21:19:00. [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:19:00. Ndisuio - ok
21:19:00. [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:00. NdisWan - ok
21:19:00. [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:19:00. NDISWANLEGACY - ok
21:19:00. [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:19:00. NDProxy - ok
21:19:00. [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
21:19:00. Ndu - ok
21:19:00. [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:19:00. NetBIOS - ok
21:19:00. [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:19:00. NetBT - ok
21:19:00. [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\WINDOWS\system32\lsass.exe
21:19:00. Netlogon - ok
21:19:00. [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\WINDOWS\System32\netman.dll
21:19:00. Netman - ok
21:19:00. [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
21:19:00. netprofm - ok
21:19:00. [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364 C:\WINDOWS\system32\DRIVERS\netr7364.sys
21:19:00. netr7364 - ok
21:19:00. [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:00. NetTcpPortSharing - ok
21:19:00. [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\WINDOWS\system32\drivers\nfrd960.sys
21:19:00. nfrd960 - ok
21:19:01. [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
21:19:01. NlaSvc - ok
21:19:01. [ 2F48AB72B6D554A41817020171DC53D6 ] NmPar C:\WINDOWS\system32\DRIVERS\NmPar.sys
21:19:01. NmPar - ok
21:19:01. [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:19:01. Npfs - ok
21:19:01. [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
21:19:01. npsvctrig - ok
21:19:01. [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\WINDOWS\system32\nsisvc.dll
21:19:01. nsi - ok
21:19:01. [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
21:19:01. nsiproxy - ok
21:19:01. [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:19:01. Ntfs - ok
21:19:01. [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:19:01. ntk_PowerDVD - ok
21:19:01. [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\WINDOWS\system32\drivers\Null.sys
21:19:01. Null - ok
21:19:01. [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
21:19:01. nvraid - ok
21:19:01. [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
21:19:01. nvstor - ok
21:19:01. [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
21:19:01. nv_agp - ok
21:19:01. [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:01. ose - ok
21:19:01. [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:19:01. osppsvc - ok
21:19:01. [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
21:19:01. p2pimsvc - ok
21:19:01. [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
21:19:01. p2psvc - ok
21:19:01. [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\WINDOWS\System32\drivers\parport.sys
21:19:01. Parport - ok
21:19:01. [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
21:19:01. partmgr - ok
21:19:02. [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
21:19:02. PcaSvc - ok
21:19:02. [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\WINDOWS\system32\drivers\pci.sys
21:19:02. pci - ok
21:19:02. [ F9908D274D458220F91E89B54D78D837 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
21:19:02. pciide - ok
21:19:02. [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
21:19:02. pcmcia - ok
21:19:02. [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
21:19:02. pcw - ok
21:19:02. [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
21:19:02. pdc - ok
21:19:02. [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
21:19:02. PEAUTH - ok
21:19:02. [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
21:19:02. PeerDistSvc - ok
21:19:02. [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
21:19:02. PerfHost - ok
21:19:02. [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\WINDOWS\system32\pla.dll
21:19:02. pla - ok
21:19:02. [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
21:19:02. PlugPlay - ok
21:19:02. [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
21:19:02. PNRPAutoReg - ok
21:19:02. [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
21:19:02. PNRPsvc - ok
21:19:02. [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
21:19:02. PolicyAgent - ok
21:19:02. [ F1E067F56373F11EA4B785CAE823740A ] Power C:\WINDOWS\system32\umpo.dll
21:19:02. Power - ok
21:19:02. [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:19:02. PptpMiniport - ok
21:19:03. [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
21:19:03. PrintNotify - ok
21:19:03. [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\WINDOWS\System32\drivers\processr.sys
21:19:03. Processor - ok
21:19:03. [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\WINDOWS\system32\profsvc.dll
21:19:03. ProfSvc - ok
21:19:03. [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
21:19:03. Psched - ok
21:19:03. [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\WINDOWS\system32\qwave.dll
21:19:03. QWAVE - ok
21:19:03. [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
21:19:03. QWAVEdrv - ok
21:19:03. [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:19:03. RasAcd - ok
21:19:03. [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
21:19:03. RasAgileVpn - ok
21:19:03. [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:19:03. RasAuto - ok
21:19:03. [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:19:03. Rasl2tp - ok
21:19:03. [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:19:03. RasMan - ok
21:19:03. [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:19:03. RasPppoe - ok
21:19:03. [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
21:19:03. RasSstp - ok
21:19:03. [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:19:03. rdbss - ok
21:19:03. [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
21:19:03. rdpbus - ok
21:19:03. [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
21:19:03. RDPDR - ok
21:19:03. [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:19:03. RdpVideoMiniport - ok
21:19:03. [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:19:03. RDPWD - ok
21:19:03. [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
21:19:03. rdyboost - ok
21:19:03. [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:19:03. RemoteAccess - ok
21:19:03. [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:19:04. RemoteRegistry - ok
21:19:04. [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
21:19:04. RpcEptMapper - ok
21:19:04. [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\WINDOWS\system32\locator.exe
21:19:04. RpcLocator - ok
21:19:04. [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:19:04. RpcSs - ok
21:19:04. [ E04E770DD198B9399640717145E79EBF ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:19:04. rspndr - ok
21:19:04. [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
21:19:04. s3cap - ok
21:19:04. [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\WINDOWS\system32\lsass.exe
21:19:04. SamSs - ok
21:19:04. [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
21:19:04. sbp2port - ok
21:19:04. [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
21:19:04. SCardSvr - ok
21:19:04. [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:19:04. scfilter - ok
21:19:04. [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:19:04. Schedule - ok
21:19:04. [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
21:19:04. SCPolicySvc - ok
21:19:04. [ 98636FB2973B8876A7F0BECD076CF109 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
21:19:04. sdbus - ok
21:19:04. [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
21:19:04. SDRSVC - ok
21:19:04. [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
21:19:04. sdstor - ok
21:19:04. [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
21:19:04. secdrv - ok
21:19:04. [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\WINDOWS\system32\seclogon.dll
21:19:04. seclogon - ok
21:19:04. [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\WINDOWS\system32\sens.dll
21:19:04. SENS - ok
21:19:04. [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
21:19:04. SensrSvc - ok
21:19:04. [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
21:19:04. SerCx - ok
21:19:04. [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
21:19:04. Serenum - ok
21:19:04. [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\WINDOWS\System32\drivers\serial.sys
21:19:05. Serial - ok
21:19:05. [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
21:19:05. sermouse - ok
21:19:05. [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\WINDOWS\system32\sessenv.dll
21:19:05. SessionEnv - ok
21:19:05. [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
21:19:05. sfloppy - ok
21:19:05. [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:19:05. SharedAccess - ok
21:19:05. [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:19:05. ShellHWDetection - ok
21:19:05. [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:19:05. SiSRaid2 - ok
21:19:05. [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
21:19:05. SiSRaid4 - ok
21:19:05. [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
21:19:05. SNMPTRAP - ok
21:19:05. [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
21:19:05. spaceport - ok
21:19:05. [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
21:19:05. SpbCx - ok
21:19:05. [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\WINDOWS\System32\spoolsv.exe
21:19:05. Spooler - ok
21:19:05. [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\WINDOWS\system32\sppsvc.exe
21:19:05. sppsvc - ok
21:19:05. [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:19:05. srv - ok
21:19:05. [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
21:19:05. srv2 - ok
21:19:05. [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:19:06. srvnet - ok
21:19:06. [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:19:06. SSDPSRV - ok
21:19:06. [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
21:19:06. SstpSvc - ok
21:19:06. [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:19:06. ssudmdm - ok
21:19:06. [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
21:19:06. stexstor - ok
21:19:06. [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\WINDOWS\System32\wiaservc.dll
21:19:06. stisvc - ok
21:19:06. [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
21:19:06. storahci - ok
21:19:06. [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
21:19:06. storflt - ok
21:19:06. [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\WINDOWS\system32\storsvc.dll
21:19:06. StorSvc - ok
21:19:06. [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
21:19:06. storvsc - ok
21:19:06. [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys
21:19:06. storvsp - ok
21:19:06. [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\WINDOWS\system32\svsvc.dll
21:19:06. svsvc - ok
21:19:06. [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
21:19:06. swenum - ok
21:19:06. [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:19:06. SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:19:06. SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:19:06. [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\WINDOWS\System32\swprv.dll
21:19:06. swprv - ok
21:19:06. [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain C:\WINDOWS\system32\sysmain.dll
21:19:06. SysMain - ok
21:19:06. [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:19:06. SystemEventsBroker - ok
21:19:06. [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:19:06. TabletInputService - ok
21:19:06. [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:19:06. TapiSrv - ok
21:19:06. [ 0D05E0147C1329C53AAF97882DEDD96A ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
21:19:06. Tcpip - ok
21:19:07. [ 0D05E0147C1329C53AAF97882DEDD96A ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:19:07. TCPIP6 - ok
21:19:07. [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
21:19:07. tcpipreg - ok
21:19:07. [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
21:19:07. tdx - ok
21:19:07. [ 419FEE773EC33963FE32C3AB96733B32 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:19:07. TeamViewer8 - ok
21:19:07. [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
21:19:07. terminpt - ok
21:19:07. [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\WINDOWS\System32\termsrv.dll
21:19:07. TermService - ok
21:19:07. [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\WINDOWS\system32\themeservice.dll
21:19:07. Themes - ok
21:19:07. [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
21:19:07. THREADORDER - ok
21:19:07. [ D74D0045F5671538286B6944B6FFAB0E ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:19:07. tifsfilter - ok
21:19:07. [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
21:19:07. TimeBroker - ok
21:19:07. [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\WINDOWS\system32\drivers\tpm.sys
21:19:07. TPM - ok
21:19:07. [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\WINDOWS\System32\trkwks.dll
21:19:07. TrkWks - ok
21:19:07. [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:19:07. TrustedInstaller - ok
21:19:07. [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
21:19:07. TsUsbFlt - ok
21:19:07. [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:19:07. TsUsbGD - ok
21:19:07. [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:19:07. tunnel - ok
21:19:07. [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
21:19:07. uagp35 - ok
21:19:07. [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
21:19:07. UASPStor - ok
21:19:07. [ 4834158B8D06A153FADAB6B85320FBBE ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
21:19:07. UCX01000 - ok
21:19:08. [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
21:19:08. udfs - ok
21:19:08. [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
21:19:08. UI0Detect - ok
21:19:08. [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
21:19:08. uliagpkx - ok
21:19:08. [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
21:19:08. umbus - ok
21:19:08. [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
21:19:08. UmPass - ok
21:19:08. [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
21:19:08. UmRdpService - ok
21:19:08. [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\WINDOWS\System32\upnphost.dll
21:19:08. upnphost - ok
21:19:08. [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
21:19:08. usbccgp - ok
21:19:08. [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
21:19:08. usbcir - ok
21:19:08. [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
21:19:08. usbehci - ok
21:19:08. [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
21:19:08. usbhub - ok
21:19:08. [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
21:19:08. USBHUB3 - ok
21:19:08. [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
21:19:08. usbohci - ok
21:19:08. [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
21:19:08. usbprint - ok
21:19:08. [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:19:08. usbscan - ok
21:19:08. [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:19:08. USBSTOR - ok
21:19:08. [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
21:19:08. usbuhci - ok
21:19:08. [ 1ADCF0A490C2845637B334626669CD6F ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:19:08. USBXHCI - ok
21:19:08. [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\WINDOWS\system32\lsass.exe
21:19:08. VaultSvc - ok
21:19:08. [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
21:19:08. VClone - ok
21:19:08. [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
21:19:08. vdrvroot - ok
21:19:08. [ 1B4488988E5E7512E6C5CD1255E9E973 ] vds C:\WINDOWS\System32\vds.exe
21:19:08. vds - ok
21:19:08. [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
21:19:08. VerifierExt - ok
21:19:09. [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
21:19:09. vhdmp - ok
21:19:09. [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\WINDOWS\system32\drivers\viaide.sys
21:19:09. viaide - ok
21:19:09. [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\WINDOWS\System32\drivers\Vid.sys
21:19:09. Vid - ok
21:19:09. [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
21:19:09. vmbus - ok
21:19:09. [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
21:19:09. VMBusHID - ok
21:19:09. [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys
21:19:09. vmbusr - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicheartbeat - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmickvpexchange - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicrdv - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicshutdown - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmictimesync - ok
21:19:09. [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
21:19:09. vmicvss - ok
21:19:09. [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
21:19:09. volmgr - ok
21:19:09. [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
21:19:09. volmgrx - ok
21:19:09. [ 78A5BBA3819FFFC62FFEC3E2220D102D ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
21:19:09. volsnap - ok
21:19:09. [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\WINDOWS\System32\drivers\vpci.sys
21:19:09. vpci - ok
21:19:09. [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys
21:19:09. vpcivsp - ok
21:19:09. [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
21:19:09. vsmraid - ok
21:19:09. [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS C:\WINDOWS\system32\vssvc.exe
21:19:09. VSS - ok
21:19:09. [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
21:19:09. VSTXRAID - ok
21:19:09. [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
21:19:09. vwifibus - ok
21:19:09. [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:19:09. vwififlt - ok
21:19:09. [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\WINDOWS\system32\w32time.dll
21:19:09. W32Time - ok
21:19:09. [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
21:19:09. WacomPen - ok
21:19:10. [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:10. Wanarp - ok
21:19:10. [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:19:10. Wanarpv6 - ok
21:19:10. [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\WINDOWS\system32\wbengine.exe
21:19:10. wbengine - ok
21:19:10. [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
21:19:10. WbioSrvc - ok
21:19:10. [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
21:19:10. Wcmsvc - ok
21:19:10. [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
21:19:10. wcncsvc - ok
21:19:10. [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:19:10. WcsPlugInService - ok
21:19:10. [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\WINDOWS\system32\drivers\wd.sys
21:19:10. Wd - ok
21:19:10. [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
21:19:10. WdBoot - ok
21:19:10. [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
21:19:10. Wdf01000 - ok
21:19:10. [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
21:19:10. WdFilter - ok
21:19:10. [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
21:19:10. WdiServiceHost - ok
21:19:10. [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
21:19:10. WdiSystemHost - ok
21:19:10. [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:19:10. WebClient - ok
21:19:10. [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
21:19:10. Wecsvc - ok
21:19:10. [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
21:19:10. wercplsupport - ok
21:19:10. [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
21:19:10. WerSvc - ok
21:19:10. [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:19:10. WFPLWFS - ok
21:19:10. [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
21:19:10. WiaRpc - ok
21:19:10. [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
21:19:11. WIMMount - ok
21:19:11. WinDefend - ok
21:19:11. [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:19:11. WinHttpAutoProxySvc - ok
21:19:11. [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:19:11. Winmgmt - ok
21:19:11. [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:19:11. WinRM - ok
21:19:11. [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
21:19:11. WlanSvc - ok
21:19:11. [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
21:19:11. wlidsvc - ok
21:19:11. [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
21:19:11. WmiAcpi - ok
21:19:11. [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:19:11. wmiApSrv - ok
21:19:11. WMPNetworkSvc - ok
21:19:11. [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:19:11. wpcfltr - ok
21:19:11. [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
21:19:11. WPCSvc - ok
21:19:11. [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
21:19:11. WPDBusEnum - ok
21:19:11. [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:19:11. WpdUpFltr - ok
21:19:12. [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:19:12. ws2ifsl - ok
21:19:12. [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:19:12. wscsvc - ok
21:19:12. WSearch - ok
21:19:12. [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\WINDOWS\System32\WSService.dll
21:19:12. WSService - ok
21:19:12. [ BE302BABE45EC05995F8DC66E37BBB3D ] wuauserv C:\WINDOWS\system32\wuaueng.dll
21:19:12. wuauserv - ok
21:19:12. [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
21:19:12. WudfPf - ok
21:19:12. [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
21:19:12. WUDFRd - ok
21:19:12. [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:19:12. WUDFSensorLP - ok
21:19:12. [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
21:19:12. wudfsvc - ok
21:19:12. [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:19:12. WUDFWpdFs - ok
21:19:12. [ FBB9B00D7A5756B0AA8E10BF7619E604 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
21:19:12. WwanSvc - ok
21:19:12. [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:19:12. {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:19:12. ================ Scan global ===============================
21:19:12. [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll
21:19:12. [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll
21:19:12. [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll
21:19:12. [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe
21:19:12. [Global] - ok
21:19:12. ================ Scan MBR ==================================
21:19:12. [ 2AFC9745D484D280064F071B86296281 ] \Device\Harddisk0\DR0
21:19:13. \Device\Harddisk0\DR0 - ok
21:19:13. [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:19:13. \Device\Harddisk1\DR1 - ok
21:19:13. [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
21:19:13. \Device\Harddisk2\DR2 - ok
21:19:13. [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk3\DR3
21:19:19. \Device\Harddisk3\DR3 - ok
21:19:19. ================ Scan VBR ==================================
21:19:19. [ 4EAFE3335CEC03398BA68F35610163C3 ] \Device\Harddisk0\DR0\Partition1
21:19:19. \Device\Harddisk0\DR0\Partition1 - ok
21:19:19. [ 6AF9C417139A88C7A3E2E96C9AA561DB ] \Device\Harddisk1\DR1\Partition1
21:19:19. \Device\Harddisk1\DR1\Partition1 - ok
21:19:19. [ A049880A81AF59787EA90FE59311176F ] \Device\Harddisk1\DR1\Partition2
21:19:19. \Device\Harddisk1\DR1\Partition2 - ok
21:19:19. [ 14EBD0267752D4025792389E878675DA ] \Device\Harddisk1\DR1\Partition3
21:19:19. \Device\Harddisk1\DR1\Partition3 - ok
21:19:19. [ 8AACF7E7307DF732B24036DCB4ACFB4B ] \Device\Harddisk2\DR2\Partition1
21:19:19. \Device\Harddisk2\DR2\Partition1 - ok
21:19:19. [ 677F9E1B13F08E66D190631B947AB33E ] \Device\Harddisk2\DR2\Partition2
21:19:19. \Device\Harddisk2\DR2\Partition2 - ok
21:19:19. [ 880ADF0894A426D86F73DE873CA3F364 ] \Device\Harddisk2\DR2\Partition3
21:19:19. \Device\Harddisk2\DR2\Partition3 - ok
21:19:19. [ F0109BF8F76D6301B50854B92462406D ] \Device\Harddisk3\DR3\Partition1
21:19:19. \Device\Harddisk3\DR3\Partition1 - ok
21:19:19. ============================================================
21:19:19. Scan finished
21:19:19. ============================================================
21:19:19. Detected object count: 2
21:19:19. Actual detected object count: 2
21:19:35. ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:35. ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:35. SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:35. SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:20:04. Deinitialize success
Stephan |
|
07.08.2013, 20:26
| #6 |
| /// Malware-holic | ClickCompare Malware auf Win 8 x64 Hi, reiche noch das Hitmanpro log nach welches du erstellt hastb
__________________ --> ClickCompare Malware auf Win 8 x64 |
|
07.08.2013, 20:33
| #7 |
| | ClickCompare Malware auf Win 8 x64 Bitteschön! Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : MAUSI
Windows . . . . . . . : 6.2.0.9200.X64/2
User name . . . . . . : Mausi\Stephan
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-08-04 22:43:24
Scan mode . . . . . . : Quick
Scan duration . . . . : 1m 42s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Objects scanned . . . : 4.422
Files scanned . . . . : 4.422
Remnants scanned . . : 0 files / 0 keys
|
|
07.08.2013, 21:05
| #8 |
| /// Malware-holic | ClickCompare Malware auf Win 8 x64 Hi, es sind 2 Logs zu erstellen, möglichst gleichzeitig posten. 1. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten. 2. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 21:37
| #9 |
| | ClickCompare Malware auf Win 8 x64 OK, hier sind sie dann: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 07/08/2013 um 22:22:41 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzer : Stephan - MAUSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stephan\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Ordner Gelöscht : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default-1352675556171\jetpack
***** [Registrierungsdatenbank] *****
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v23.0 (de)
Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9su0hifd.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default-1352675556171\prefs.js
Gelöscht : user_pref("extensions.50e584dfe1837.scode", "if(window.self==window.top){var script=document.createE[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Stephan\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [1674 octets] - [07/08/2013 22:22:41]
########## EOF - C:\AdwCleaner[S2].txt - [1734 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.6 (08.07.2013:2)
OS: Windows 8 Pro x64
Ran by Stephan on 07.08.2013 at 22:27:57,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafeservice
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealplylive.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-341466373-3681085009-323642726-1000\Software\SweetIM"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Stephan\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Program Files (x86)\isafe"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\invalidprefs.js
Successfully deleted the following from C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\prefs.js
user_pref("extensions.50e584dfe1837.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.
Emptied folder: C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\minidumps [68 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2013 at 22:31:59,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
07.08.2013, 21:44
| #10 |
| /// Malware-holic | ClickCompare Malware auf Win 8 x64 Hi, mal neustarten, f8 drücken, abgesicherter Modus wählen, in deinem Konto anmelden. junkware removal Tool erneut ausführen, neustarten in den normalen Modus, das neue Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.08.2013, 20:55
| #11 |
| | ClickCompare Malware auf Win 8 x64 So, hier noch das Log aus dem abgesicherten Modus: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.6 (08.07.2013:2)
OS: Windows 8 Pro x64
Ran by Stephan on 08.08.2013 at 20:51:19,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] isafekrnl
Successfully deleted: [Service] isafekrnl
Successfully stopped: [Service] isafeservice
Successfully deleted: [Service] isafeservice
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\premium"
~~~ FireFox
Successfully deleted the following from C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\wri0mq58.default-1352675556171\prefs.js
user_pref("extensions.50e584dfe1837.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.08.2013 at 20:52:53,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 |
|
09.08.2013, 17:39
| #12 |
| /// Malware-holic | ClickCompare Malware auf Win 8 x64 Hi, neues FRST Log bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.08.2013, 19:36
| #13 |
| | ClickCompare Malware auf Win 8 x64 Sehr gerne, bitteschön! FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Stephan (administrator) on 09-08-2013 20:34:43
Running from C:\Users\Stephan\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-31] (Realtek Semiconductor)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6864984 2013-02-09] (SlySoft, Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl11] - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [234792 2011-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Tcpip\Parameters: [DhcpNameServer] 193.189.250.101 193.189.250.100 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\wri0mq58.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Stephan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Stephan\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Vaudix) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcfmobmbmkkbclfglefpicikipmpkhn\1.3_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ldcfmobmbmkkbclfglefpicikipmpkhn] - C:\ProgramData\Vaudix\ldcfmobmbmkkbclfglefpicikipmpkhn.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-05-19] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-05-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-05-12] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 AtcL001; C:\Windows\system32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NmPar; C:\Windows\system32\DRIVERS\NmPar.sys [95744 2010-01-12] (Windows (R) Codename Longhorn DDK provider)
R2 ntk_PowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-05-19] (Cyberlink Corp.)
R2 ntk_PowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [75248 2011-05-19] (Cyberlink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-05-20] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-05-20] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 idsvc;
S3 NPF; system32\drivers\NPF.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
C:\Windows\system32\drivers\afd.sys 36D6A3201721558A8AFBCC09C2DA4C2C
C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
C:\Windows\system32\DRIVERS\atikmdag.sys 5B871F3E4A4A6C4693A413E3138B51D0
C:\Windows\system32\DRIVERS\atikmpag.sys 9BE1140CE8D2C5E878F136A7B85D41B3
C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
C:\Windows\System32\Drivers\AnyDVD.sys B5C0F65D6657C6ADD9ED75EC7583390B
C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
C:\Windows\System32\Drivers\aswFsBlk.sys 0BAEFD3F648C6E7AB52990DD9565E4E2
C:\WINDOWS\system32\drivers\aswMonFlt.sys FA562F34ED6633C66170B09182B4C049
C:\Windows\System32\Drivers\aswrdr2.sys 64E2BAB4096C13D2342BC4661C967E07
C:\Windows\System32\Drivers\aswRvrt.sys 5573AA70993A2BB81525B1C704B88763
C:\Windows\System32\Drivers\aswSnx.sys 8C0800CDB501CFC1164B286A0478DC10
C:\Windows\System32\Drivers\aswSP.sys 3815DB16CDA62190F5C0A65118F3D714
C:\Windows\System32\Drivers\aswTdi.sys 29DD8E458A84171202AA4979364C30C0
C:\Windows\System32\Drivers\aswVmm.sys 22F521108881DC59837F6FC614E0568F
C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
C:\Windows\system32\DRIVERS\l160x64.sys 940E5B876251E04FFFE058AD71FE0F1C
C:\Windows\system32\drivers\AtihdW76.sys 2B3B05C0A7768BF033217EB8F33F9C35
C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59
C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56
C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
C:\Windows\System32\drivers\csc.sys F2C69C3D98249DE14D4B2832516D4FD5
C:\Windows\System32\drivers\dam.sys C4D01BD86D6B207275FC143EEA951D75
C:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9
C:\Windows\system32\DRIVERS\ssudbus.sys 421D371E96480DD3A14EA37D0D2757D1
C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
C:\Windows\System32\drivers\disk.sys 560495FF4CA22E1D9B1972FA18F43B6F
C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
C:\Windows\System32\drivers\dxgkrnl.sys 6D1B8A9A2C0BD4851D8AF1AB43E67AD9
C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
C:\Windows\System32\DRIVERS\fvevol.sys FA228F4BB10DC7ED7E7D131C034E2331
C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
C:\Windows\System32\Drivers\msgpioclx.sys CA18ECFCFFDD638ECE80799A9056B238
C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111
C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143
C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
C:\Windows\System32\drivers\hidusb.sys 9E11EE0F2E117B2D5A835B2B91752827
C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C
C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
C:\Windows\system32\drivers\RTKVHD64.sys A3C9367A02B2A1FC22536ADD3601B64F
C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6E
C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EF
C:\Windows\System32\drivers\jraid.sys 73A968D4A85BB2552DDCF72CB15F06D2
C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800
C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5
C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
C:\WINDOWS\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\WINDOWS\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
C:\Windows\System32\drivers\mf.sys 54CECB92EE2140BE1A9EC19C16EED57A
C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B
C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB
C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD
C:\Windows\System32\drivers\mpsdrv.sys 0D1609DD82C7440F5D5BF21A9D4D5C0C
C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC
C:\Windows\System32\DRIVERS\mrxsmb.sys 93179D48066918323628CB016D8C94DC
C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C7DD2E5759FFCCD2C7341C1B90F2B26
C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
C:\Windows\system32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66
C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650
C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
C:\Windows\system32\DRIVERS\netr7364.sys F3A1D8B7317939813568992D1BFDDE37
C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
C:\Windows\system32\DRIVERS\NmPar.sys 2F48AB72B6D554A41817020171DC53D6
C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys 7420B2E1F65642129B6E23BD42F752AA
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys 7420B2E1F65642129B6E23BD42F752AA
C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF
C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493
C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69
C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
C:\Windows\System32\drivers\sdbus.sys 98636FB2973B8876A7F0BECD076CF109
C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
C:\Windows\System32\drivers\spaceport.sys FD3AF5575B99871BADB94E7699DBCE08
C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
C:\Windows\System32\DRIVERS\srv2.sys 56218A571ECF8D55E0CDFF8DF2546CF1
C:\Windows\System32\DRIVERS\srvnet.sys 14FC338B80CFF7E04215133B568D15C4
C:\Windows\system32\DRIVERS\ssudmdm.sys A97BFF59B3B983FDBDCD8AE6CF3C1E2D
C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57
C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
C:\Windows\System32\drivers\storvsp.sys 1A36AC469140F87CDE62D7F8524E270C
C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
C:\Windows\System32\drivers\tcpip.sys 0D05E0147C1329C53AAF97882DEDD96A
C:\Windows\system32\DRIVERS\tcpip.sys 0D05E0147C1329C53AAF97882DEDD96A
C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
C:\Windows\System32\DRIVERS\tifsfilt.sys D74D0045F5671538286B6944B6FFAB0E
C:\Windows\system32\drivers\tpm.sys 6F0BFF80EE2A5BC841286A51F893CBAD
C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
C:\Windows\System32\drivers\ucx01000.sys 4834158B8D06A153FADAB6B85320FBBE
C:\Windows\System32\DRIVERS\udfs.sys DC5A461591C71AF7F19DC048A81E3F88
C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
C:\Windows\System32\drivers\usbccgp.sys 2AF9F0E16D75B8F783A1ACE74EF51C9B
C:\Windows\System32\drivers\usbcir.sys B395B62B62F28106218FA6FB17F4C797
C:\Windows\System32\drivers\usbehci.sys 52F267AEE8CA5AA5CEB88C6A71EE1E86
C:\Windows\System32\drivers\usbhub.sys ADBF89B8E0BB372FEFE2E4B84E1E20AE
C:\Windows\System32\drivers\UsbHub3.sys EA040D4C6C94F315A85F3D0EAA884B37
C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
C:\Windows\System32\drivers\usbprint.sys BA3ABE0CD1C14B3295BAD0F076B84CAC
C:\Windows\system32\DRIVERS\usbscan.sys A9858597B6DB695F78A37F6755A6FF98
C:\Windows\System32\drivers\USBSTOR.SYS F77177F6C95B2116EE7AD23B5EF57007
C:\Windows\System32\drivers\usbuhci.sys D25EF4A6EC244C5DE85D88A05B7C149D
C:\Windows\System32\drivers\USBXHCI.SYS 1ADCF0A490C2845637B334626669CD6F
C:\Windows\system32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3
C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
C:\Windows\System32\drivers\Vid.sys 0E43886F01C85B47BA0A3157274BCF59
C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
C:\Windows\System32\drivers\vmbusr.sys B4F432A51826FFC66F4DF72A83E8E4B1
C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D
C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
C:\Windows\System32\drivers\vpcivsp.sys 0190AFFF28F600461C0164353CC7EE27
C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
C:\Windows\system32\drivers\WdBoot.sys 6F4B5DDDC3B86091E94BC47347A78AF7
C:\Windows\System32\drivers\Wdf01000.sys 2ADC985B85A71BD7D99712EC0C24358B
C:\Windows\system32\drivers\WdFilter.sys 99D404A9A0AFC4734E014EBEBAC13F8F
C:\Windows\System32\DRIVERS\wfplwfs.sys FE762D3498719C3A23471BBA62F747B4
C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl 1870A74EE2901CA09FFBFE79A5EE0E94
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl 1870A74EE2901CA09FFBFE79A5EE0E94
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 20:23 - 2013-08-09 20:23 - 00001096 _____ C:\Users\Stephan\Desktop\MyPC Backup.lnk
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 20:22 - 2013-08-09 20:28 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Systweak
2013-08-09 20:22 - 2013-08-09 20:22 - 00003322 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-08-09 20:22 - 2013-08-09 20:22 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-08-09 20:22 - 2013-08-09 20:22 - 00001210 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 20:22 - 2013-05-07 16:51 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2013-08-09 20:22 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2013-08-08 20:52 - 2013-08-08 20:52 - 00001200 _____ C:\Users\Stephan\Desktop\JRT.txt
2013-08-07 22:57 - 2013-08-07 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 22:27 - 2013-08-07 22:27 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-07 22:26 - 2013-08-07 21:59 - 00563082 _____ (Oleg N. Scherbakov) C:\Users\Stephan\Desktop\Junkware Removal Tool JRT.exe
2013-08-07 22:22 - 2013-08-07 22:22 - 00001803 _____ C:\Users\Stephan\Desktop\AdwCleaner[S2].txt
2013-08-07 21:35 - 2013-08-07 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 21:33 - 2013-08-07 21:33 - 00001340 _____ C:\Users\Stephan\Desktop\HitmanPro_20130807_2133.log
2013-08-07 21:14 - 2013-08-07 21:14 - 00017675 _____ C:\Users\Stephan\Desktop\ComboFix.txt
2013-08-07 21:07 - 2013-08-09 20:19 - 00473730 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-07 20:55 - 2013-08-07 21:14 - 00000000 ____D C:\Qoobox
2013-08-07 20:55 - 2013-08-07 21:11 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-07 20:55 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-07 20:55 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-07 20:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-07 20:55 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-05 18:40 - 2013-08-05 18:40 - 00096375 _____ C:\Users\Stephan\Desktop\GMER.txt
2013-08-05 18:23 - 2013-08-05 18:23 - 00000000 ____D C:\FRST
2013-08-05 18:22 - 2013-08-05 18:22 - 00000476 _____ C:\Users\Stephan\Desktop\defogger_disable.log
2013-08-05 18:22 - 2013-08-05 18:22 - 00000000 _____ C:\Users\Stephan\defogger_reenable
2013-08-04 22:42 - 2013-08-07 21:30 - 09853928 _____ (SurfRight B.V.) C:\Users\Stephan\Desktop\HitmanPro_x64.exe
2013-08-04 22:42 - 2013-08-04 22:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 22:39 - 2013-08-04 22:15 - 00891098 _____ C:\Users\Stephan\Desktop\SecurityCheck.exe
2013-08-04 22:39 - 2013-08-04 22:13 - 02347384 _____ (ESET) C:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe
2013-08-04 22:38 - 2013-08-04 22:36 - 04429440 _____ (Piriform Ltd) C:\Users\Stephan\Desktop\ccsetup404.exe
2013-08-04 22:36 - 2013-08-04 22:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Stephan\Desktop\tdsskiller.exe
2013-08-04 22:30 - 2013-08-04 22:16 - 00377856 _____ C:\Users\Stephan\Desktop\gmer.exe
2013-08-04 22:30 - 2013-08-04 22:16 - 00050477 _____ C:\Users\Stephan\Desktop\Defogger.exe
2013-08-04 22:06 - 2013-08-09 18:30 - 00489962 _____ C:\WINDOWS\setupact.log
2013-08-04 22:06 - 2013-08-04 22:06 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-04 22:05 - 2013-08-07 21:06 - 00007448 _____ C:\WINDOWS\PFRO.log
2013-08-04 22:03 - 2013-08-07 22:22 - 00000180 _____ C:\WINDOWS\DeleteOnReboot.bat
2013-08-04 22:01 - 2013-08-04 21:57 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Desktop\OTL.exe
2013-08-04 22:00 - 2013-08-07 20:27 - 05100713 ____R (Swearware) C:\Users\Stephan\Desktop\ComboFix.exe
2013-08-04 22:00 - 2013-08-04 21:56 - 00666633 _____ C:\Users\Stephan\Desktop\adwcleaner.exe
2013-08-04 21:49 - 2013-08-04 21:49 - 00000000 ____D D:\Stephan\Documents\Add-in Express
2013-08-02 23:43 - 2013-08-02 23:43 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\eCyber
2013-08-02 23:42 - 2013-08-02 23:42 - 00615752 _____ (Woodtale Technology Inc) C:\Users\Stephan\Downloads\iSafe_Virus_Removal.exe
2013-08-02 23:42 - 2013-08-02 23:42 - 00001789 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\WINDOWS\system32\log
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\ProgramData\Real
2013-08-02 19:24 - 2013-08-02 19:24 - 00317685 _____ C:\Users\Stephan\AppData\Local\census.cache
2013-08-02 19:23 - 2013-08-02 19:23 - 00128916 _____ C:\Users\Stephan\AppData\Local\ars.cache
2013-08-02 18:59 - 2013-08-02 18:59 - 00000036 _____ C:\Users\Stephan\AppData\Local\housecall.guid.cache
2013-08-02 18:15 - 2013-08-02 18:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-02 18:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-28 13:44 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-07-28 13:44 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-07-28 13:44 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-07-28 13:44 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-07-28 13:44 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-07-28 13:44 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-07-28 13:44 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-07-28 13:44 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-07-28 13:44 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-07-28 13:44 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-07-28 13:44 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-07-28 13:44 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-07-28 13:44 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-07-28 13:44 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-07-28 13:44 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-07-28 13:44 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-07-28 13:44 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-07-28 13:44 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-07-28 13:44 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-07-28 13:44 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-07-28 13:44 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-07-28 13:44 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-07-28 13:44 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-07-28 13:44 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-07-28 13:44 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-07-28 13:44 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-07-28 13:44 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-07-28 13:44 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-07-28 13:44 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-07-28 13:44 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-07-28 13:44 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-07-28 10:46 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-07-26 23:46 - 2013-07-26 23:46 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-21 00:01 - 2013-07-21 00:01 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 23:44 - 2013-07-20 23:44 - 05019952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-17 17:55 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-07-17 17:20 - 2013-07-17 17:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-16 22:14 - 2013-05-02 06:23 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2013-07-16 22:14 - 2013-05-02 06:23 - 00103064 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-07-14 13:00 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 14:22 - 2013-07-13 15:21 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\vlc
2013-07-13 14:22 - 2013-07-13 14:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-12 22:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-07-12 22:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-07-12 22:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-07-12 22:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-07-12 22:47 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-12 22:47 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-12 22:47 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-12 22:47 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-12 22:47 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-12 22:47 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2013-07-12 22:47 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-12 22:47 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-12 22:47 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-12 22:47 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2013-07-12 22:47 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2013-07-12 22:47 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-11 22:36 - 2013-07-11 22:36 - 00000000 ____D C:\Program Files\Classic Shell
==================== One Month Modified Files and Folders =======
2013-08-09 20:30 - 2013-08-09 20:30 - 01790169 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe
2013-08-09 20:28 - 2013-08-09 20:22 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Systweak
2013-08-09 20:26 - 2012-04-04 22:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-09 20:23 - 2013-08-09 20:23 - 00001096 _____ C:\Users\Stephan\Desktop\MyPC Backup.lnk
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-08-09 20:23 - 2013-08-09 20:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-09 20:23 - 2011-06-11 16:18 - 00000000 ___RD C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-09 20:22 - 2013-08-09 20:22 - 00003322 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-08-09 20:22 - 2013-08-09 20:22 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-08-09 20:22 - 2013-08-09 20:22 - 00001210 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-08-09 20:22 - 2013-08-09 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-08-09 20:19 - 2013-08-07 21:07 - 00473730 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-09 20:02 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-08-09 19:44 - 2011-06-11 20:16 - 00001112 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 18:53 - 2013-02-10 20:04 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341466373-3681085009-323642726-1000
2013-08-09 18:44 - 2011-06-11 20:16 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 18:36 - 2011-06-10 20:34 - 00000000 ____D D:\Stephan\Documents\Sonstiges
2013-08-09 18:34 - 2013-02-08 23:04 - 00000414 _____ C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2013-08-09 18:32 - 2013-02-10 20:01 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-08-09 18:31 - 2013-01-03 19:59 - 00000374 ____H C:\WINDOWS\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9}.job
2013-08-09 18:31 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-09 18:30 - 2013-08-04 22:06 - 00489962 _____ C:\WINDOWS\setupact.log
2013-08-08 22:07 - 2013-02-08 23:04 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2013-08-08 20:52 - 2013-08-08 20:52 - 00001200 _____ C:\Users\Stephan\Desktop\JRT.txt
2013-08-08 20:21 - 2011-06-18 16:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-08 20:20 - 2011-11-20 21:12 - 00040472 _____ D:\Stephan\Documents\Jahresdiagramm.xlsx
2013-08-07 23:01 - 2012-04-28 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 22:57 - 2013-08-07 22:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 22:27 - 2013-08-07 22:27 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-07 22:22 - 2013-08-07 22:22 - 00001803 _____ C:\Users\Stephan\Desktop\AdwCleaner[S2].txt
2013-08-07 22:22 - 2013-08-04 22:03 - 00000180 _____ C:\WINDOWS\DeleteOnReboot.bat
2013-08-07 21:59 - 2013-08-07 22:26 - 00563082 _____ (Oleg N. Scherbakov) C:\Users\Stephan\Desktop\Junkware Removal Tool JRT.exe
2013-08-07 21:35 - 2013-08-07 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 21:33 - 2013-08-07 21:33 - 00001340 _____ C:\Users\Stephan\Desktop\HitmanPro_20130807_2133.log
2013-08-07 21:30 - 2013-08-04 22:42 - 09853928 _____ (SurfRight B.V.) C:\Users\Stephan\Desktop\HitmanPro_x64.exe
2013-08-07 21:16 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-07 21:14 - 2013-08-07 21:14 - 00017675 _____ C:\Users\Stephan\Desktop\ComboFix.txt
2013-08-07 21:14 - 2013-08-07 20:55 - 00000000 ____D C:\Qoobox
2013-08-07 21:14 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-08-07 21:11 - 2013-08-07 20:55 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-07 21:08 - 2012-07-26 07:26 - 00000215 _____ C:\WINDOWS\system.ini
2013-08-07 21:06 - 2013-08-04 22:05 - 00007448 _____ C:\WINDOWS\PFRO.log
2013-08-07 21:05 - 2012-07-26 07:26 - 73400320 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 12582912 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-08-07 21:05 - 2012-07-26 07:26 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-08-07 21:05 - 2012-07-26 07:26 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-08-07 20:50 - 2012-06-09 20:42 - 00000000 ____D C:\Program Files\Unlocker
2013-08-07 20:49 - 2013-05-19 22:19 - 00000000 ____D C:\Program Files (x86)\DVDFab
2013-08-07 20:49 - 2011-06-11 17:13 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2013-08-07 20:27 - 2013-08-04 22:00 - 05100713 ____R (Swearware) C:\Users\Stephan\Desktop\ComboFix.exe
2013-08-05 18:40 - 2013-08-05 18:40 - 00096375 _____ C:\Users\Stephan\Desktop\GMER.txt
2013-08-05 18:23 - 2013-08-05 18:23 - 00000000 ____D C:\FRST
2013-08-05 18:22 - 2013-08-05 18:22 - 00000476 _____ C:\Users\Stephan\Desktop\defogger_disable.log
2013-08-05 18:22 - 2013-08-05 18:22 - 00000000 _____ C:\Users\Stephan\defogger_reenable
2013-08-05 18:22 - 2013-02-10 19:40 - 00000000 ____D C:\Users\Stephan
2013-08-04 22:45 - 2013-08-04 22:42 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 22:36 - 2013-08-04 22:38 - 04429440 _____ (Piriform Ltd) C:\Users\Stephan\Desktop\ccsetup404.exe
2013-08-04 22:35 - 2013-08-04 22:36 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Stephan\Desktop\tdsskiller.exe
2013-08-04 22:16 - 2013-08-04 22:30 - 00377856 _____ C:\Users\Stephan\Desktop\gmer.exe
2013-08-04 22:16 - 2013-08-04 22:30 - 00050477 _____ C:\Users\Stephan\Desktop\Defogger.exe
2013-08-04 22:15 - 2013-08-04 22:39 - 00891098 _____ C:\Users\Stephan\Desktop\SecurityCheck.exe
2013-08-04 22:13 - 2013-08-04 22:39 - 02347384 _____ (ESET) C:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe
2013-08-04 22:06 - 2013-08-04 22:06 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-04 21:57 - 2013-08-04 22:01 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Desktop\OTL.exe
2013-08-04 21:56 - 2013-08-04 22:00 - 00666633 _____ C:\Users\Stephan\Desktop\adwcleaner.exe
2013-08-04 21:49 - 2013-08-04 21:49 - 00000000 ____D D:\Stephan\Documents\Add-in Express
2013-08-04 21:47 - 2013-03-29 18:08 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-08-03 22:21 - 2013-02-12 22:45 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-02 23:43 - 2013-08-02 23:43 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\eCyber
2013-08-02 23:42 - 2013-08-02 23:42 - 00615752 _____ (Woodtale Technology Inc) C:\Users\Stephan\Downloads\iSafe_Virus_Removal.exe
2013-08-02 23:42 - 2013-08-02 23:42 - 00001789 _____ C:\Users\Public\Desktop\iSafe.lnk
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\WINDOWS\system32\log
2013-08-02 23:42 - 2013-08-02 23:42 - 00000000 ____D C:\ProgramData\Real
2013-08-02 23:41 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\Resources
2013-08-02 22:46 - 2012-06-09 21:12 - 00000000 ____D C:\Users\Stephan\Desktop\!!Video
2013-08-02 19:35 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-08-02 19:24 - 2013-08-02 19:24 - 00317685 _____ C:\Users\Stephan\AppData\Local\census.cache
2013-08-02 19:23 - 2013-08-02 19:23 - 00128916 _____ C:\Users\Stephan\AppData\Local\ars.cache
2013-08-02 18:59 - 2013-08-02 18:59 - 00000036 _____ C:\Users\Stephan\AppData\Local\housecall.guid.cache
2013-08-02 18:15 - 2013-08-02 18:15 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-02 18:15 - 2013-08-02 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-31 21:56 - 2013-02-10 19:59 - 00727040 ___SH C:\Users\Stephan\Desktop\Thumbs.db
2013-07-30 22:14 - 2012-07-26 12:27 - 00751892 _____ C:\WINDOWS\system32\perfh007.dat
2013-07-30 22:14 - 2012-07-26 12:27 - 00155620 _____ C:\WINDOWS\system32\perfc007.dat
2013-07-30 22:14 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-28 14:16 - 2012-07-26 02:40 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2013-07-28 14:16 - 2012-07-26 02:38 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-07-28 13:59 - 2011-06-10 20:34 - 00000000 ____D D:\Stephan\Documents\Haus Köln
2013-07-27 17:53 - 2011-07-31 18:37 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\uTorrent
2013-07-26 23:46 - 2013-07-26 23:46 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 23:46 - 2011-06-11 20:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-21 00:01 - 2013-07-21 00:01 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-07-21 00:01 - 2013-07-21 00:01 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 00:01 - 2012-06-09 21:19 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-07-21 00:01 - 2012-06-09 21:19 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-07-20 23:44 - 2013-07-20 23:44 - 05019952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-20 23:43 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2013-07-17 17:28 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-07-17 17:20 - 2013-07-17 17:20 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-16 22:36 - 2013-03-29 18:07 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-16 22:36 - 2013-03-29 18:06 - 00000000 ____D C:\Users\Stephan\AppData\Local\Downloaded Installations
2013-07-16 22:36 - 2011-06-11 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-16 22:15 - 2013-03-29 18:09 - 00002011 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-07-16 20:52 - 2011-06-11 17:23 - 00000000 ____D C:\Users\Stephan\AppData\Local\Adobe
2013-07-16 20:51 - 2012-04-04 22:10 - 00003796 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-07-16 18:39 - 2011-06-11 20:16 - 00004084 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 18:39 - 2011-06-11 20:16 - 00003848 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 12:58 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 17:10 - 2011-06-11 17:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 15:21 - 2013-07-13 14:22 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\vlc
2013-07-13 14:22 - 2013-07-13 14:22 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-12 22:42 - 2011-06-11 16:34 - 78185248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-11 22:36 - 2013-07-11 22:36 - 00000000 ____D C:\Program Files\Classic Shell
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {current}
resumeobject {d5b1b5a2-943c-11e0-b8ad-b018fc10e72a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 8
locale de-DE
inherit {bootloadersettings}
recoverysequence {d5b1b5a4-943c-11e0-b8ad-b018fc10e72a}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {d5b1b5a2-943c-11e0-b8ad-b018fc10e72a}
nx OptIn
bootmenupolicy Standard
Windows-Startladeprogramm
-------------------------
Bezeichner {d5b1b5a4-943c-11e0-b8ad-b018fc10e72a}
device ramdisk=[C:]\Recovery\d5b1b5a4-943c-11e0-b8ad-b018fc10e72a\Winre.wim,{d5b1b5a5-943c-11e0-b8ad-b018fc10e72a}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale de-DE
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[C:]\Recovery\d5b1b5a4-943c-11e0-b8ad-b018fc10e72a\Winre.wim,{d5b1b5a5-943c-11e0-b8ad-b018fc10e72a}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {d5b1b59e-943c-11e0-b8ad-b018fc10e72a}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {d5b1b5a2-943c-11e0-b8ad-b018fc10e72a}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
recoverysequence {d5b1b5a4-943c-11e0-b8ad-b018fc10e72a}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems No
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {d5b1b5a5-943c-11e0-b8ad-b018fc10e72a}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d5b1b5a4-943c-11e0-b8ad-b018fc10e72a\boot.sdi
LastRegBack: 2013-08-09 18:53
==================== End Of Log ============================
--- --- --- Additions.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02 Ran by Stephan at 2013-08-09 20:35:09 Running from C:\Users\Stephan\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 3.3.0.29126) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Creative Suite 5 Master Collection (x32 Version: 5.0) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop Lightroom 3.4.1 64-bit (Version: 3.4.2) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) Advanced System Protector (x32 Version: 2.1.1000.10905) AMD Accelerated Video Transcoding (Version: 12.5.100.21116) AMD APP SDK Runtime (Version: 10.0.937.2) AMD Catalyst Install Manager (Version: 8.0.877.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.71116.1554) AnyDVD (x32 Version: 7.1.4.5) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ATI AVIVO64 Codecs (Version: 11.6.0.10419) avast! Free Antivirus (x32 Version: 8.0.1489.0) AVCHDCoder (x32 Version: 11.12.27) AviSynth 2.5 (x32) Bonjour (Version: 3.0.0.10) Cas Studio 9.1.0 (x32 Version: 9.1.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.1116.1515.27190) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190) Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190) Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190) CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190) CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190) CCC Help Czech (x32 Version: 2012.1116.1514.27190) CCC Help Danish (x32 Version: 2012.1116.1514.27190) CCC Help Dutch (x32 Version: 2012.1116.1514.27190) CCC Help English (x32 Version: 2012.1116.1514.27190) CCC Help Finnish (x32 Version: 2012.1116.1514.27190) CCC Help French (x32 Version: 2012.1116.1514.27190) CCC Help German (x32 Version: 2012.1116.1514.27190) CCC Help Greek (x32 Version: 2012.1116.1514.27190) CCC Help Hungarian (x32 Version: 2012.1116.1514.27190) CCC Help Italian (x32 Version: 2012.1116.1514.27190) CCC Help Japanese (x32 Version: 2012.1116.1514.27190) CCC Help Korean (x32 Version: 2012.1116.1514.27190) CCC Help Norwegian (x32 Version: 2012.1116.1514.27190) CCC Help Polish (x32 Version: 2012.1116.1514.27190) CCC Help Portuguese (x32 Version: 2012.1116.1514.27190) CCC Help Russian (x32 Version: 2012.1116.1514.27190) CCC Help Spanish (x32 Version: 2012.1116.1514.27190) CCC Help Swedish (x32 Version: 2012.1116.1514.27190) CCC Help Thai (x32 Version: 2012.1116.1514.27190) CCC Help Turkish (x32 Version: 2012.1116.1514.27190) ccc-utility64 (Version: 2012.1116.1515.27190) cera Product Library (Version: 2.0.0713) Classic Shell (Version: 3.6.8) CyberLink PowerDVD 11 (x32 Version: 11.0.1719.51) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) DivX Tech Preview: MKV on Windows 7 (x32) DivX-Setup (x32 Version: 2.6.1.44) ElsterFormular (x32 Version: 14.1.11318) File Type Assistant (x32 Version: 2013.4.8.0) Final Media Player 2012 (x32 Version: 2012.10.9.0) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) ImgBurn (x32 Version: 2.5.7.0) IrfanView (remove only) (x32 Version: 4.35) iSafe (x32) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) K-Lite Codec Pack 9.9.4 (Full) (x32 Version: 9.9.4) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) MOV Download Tool 1.2.1 (x32 Version: 1.2.1) Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0) Mozilla Maintenance Service (x32 Version: 17.0.8) Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyPC Backup (Version: ) PDF Settings CS5 (x32 Version: 10.0) PDF-XChange Lite 4 (Version: 4.0.195.0) QuickTime (x32 Version: 7.74.80.86) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6383) Samsung Kies (x32 Version: 2.5.2.13021_10) Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0) swMSM (x32 Version: 12.0.0.1) System Requirements Lab for Intel (x32 Version: 4.5.13.0) TeamViewer 8 Host (x32 Version: 8.0.17396) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VaudiX (Version: 1.0) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) VIO Player version 1.0.1 (x32 Version: 1.0.1) VirtualCloneDrive (x32) VLC media player 2.0.2 (x32 Version: 2.0.2) VueScan VueScan x64 Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) ==================== Restore Points ========================= 28-07-2013 12:09:21 Windows Update 04-08-2013 19:48:00 Removed WinZip 17.0 07-08-2013 18:56:06 ComboFix created restore point ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-08-07 21:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {01129DCE-A128-454C-B980-8B40D3E9B9C2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe No File Task: {08D48572-52D6-44F0-9868-E5823E66F92B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {09791DBD-18C2-407C-B279-04FDC0ABBE44} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe No File Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1B6CF5DF-FEB4-468C-BACE-AF6D123EFB59} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe No File Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2D123B5F-62F5-4271-AA1E-44970BBA4D87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe No File Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {2EC43873-F1DE-4FBA-BAB4-AAB38CCDC3FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.) Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {31AF94BF-8B62-4762-BCAF-00298741E0F2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {326E7828-D307-41C8-99D6-4F99F92C1CE8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe No File Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3ADBED71-499D-40A3-8F0D-8131B12B1F1A} - System32\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9} => C:\ProgramData\Premium\VaudiX\VaudiX.exe No File Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C0C58D0-C4C3-4C8E-8368-48B778B7850C} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-09-02] (Bitberry Software) Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {42CA4EE0-2DCB-4D4F-B035-89309F2847FC} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation) Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {530494B8-8BB7-4171-9C72-58799BCE65AF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File Task: {55099EF4-E2F3-4700-A027-3B123CBE2D4E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {557EDF28-2A22-40D4-80B1-42EE3D6FE918} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe No File Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {57B943B8-9AC0-4C79-AB91-00358ECABFE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {620D4E35-AA31-461A-B300-AC45C8C3E238} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {62ECF2D8-24CE-4F54-ABE4-812CF67BBF83} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {668F9C79-F630-4726-8B86-0F08213F6282} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe No File Task: {6E8DF883-B949-4469-809C-C8D36CE6ABBA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {756DC2B2-5F88-4272-9C0D-56945CCD0B77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated) Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {822A19EB-6D0B-40F9-B138-648DF279A492} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {828EE0C6-A9CE-4992-8D07-7DBE90EDD1BC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe No File Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {854511E6-11B5-45F7-8183-AC53E0CEA72A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe No File Task: {86CC1C5C-8B87-49A2-A913-D36330C964F5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe No File Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {8A9C1AE5-900C-48CB-89F2-E8DC5D232969} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe No File Task: {8D0E3718-F5E2-4458-97B9-D47E679909C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe No File Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {950998B1-C05A-4821-9CC6-44B79B0826B7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe No File Task: {96CBAFDE-2640-4901-BBE5-D11C6334E057} - System32\Tasks\AdobeAAMUpdater-1.0-Mausi-Stephan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated) Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9C5859C9-CCE3-47F5-9717-220A85241F1B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {A65B27FA-6816-4AF8-B0E1-E606679C9041} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-09] ( ) Task: {A6870199-5A67-441B-92F0-7A6F6862D1EF} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341466373-3681085009-323642726-1000 Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {A83812D3-5929-4E7E-AF14-3C1B0758D898} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe No File Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {ACEFD461-F066-49B7-A719-38290494460C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {AFFDF4F4-F6AA-4659-9A65-F9B04D5D1DB6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation) Task: {B3AF2042-8CA0-44ED-B9E4-12E851D640A8} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak) Task: {B6054DC3-AC73-4A92-AA11-0662D801DD34} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BD8224C0-59FF-4153-B5CB-6F31563E4FE9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe No File Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C25FC45B-50C4-48E4-B8ED-AF46B5ECEA66} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe No File Task: {C2679F51-AEA2-4A24-A86A-DE4E4275C2DC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe No File Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D7FC5EC8-AD96-4DD9-A957-2E2D9940C72D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DD3AECEB-A37F-47D3-B7B4-09CCB639ADD0} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe No File Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F268526F-4241-4150-B51F-16F8DDA6B231} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe No File Task: {FC89B8F0-0208-4825-B326-FC9EB6B261C5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe No File Task: {FF71BE68-B908-4A80-AD8D-8A6BB20182CC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe No File Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\VaudiXUpdaterTask{DB82C180-3F90-457F-AA68-458770647DD9}.job => C:\ProgramData\Premium\VaudiX\VaudiX.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/09/2013 06:33:39 PM) (Source: Application Hang) (User: ) Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f78 Startzeit: 01ce951e1a2304f8 Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\system32\wwahost.exe Berichts-ID: 6b58c6c1-0111-11e3-beb0-001bfc796d9a Vollständiger Name des fehlerhaften Pakets: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Bing Error: (08/09/2013 06:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mausi) Description: Das Paket „Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte. Error: (08/09/2013 06:33:27 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (08/09/2013 06:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mausi) Description: Bei der Aktivierung der App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/09/2013 06:32:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Mausi) Description: Die App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (08/08/2013 09:03:04 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. System errors: ============= Error: (08/09/2013 06:33:12 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:11 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:10 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:10 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:33:09 PM) (Source: DCOM) (User: Mausi) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MausiStephanS-1-5-21-341466373-3681085009-323642726-1000LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (08/09/2013 06:30:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Microsoft Office Sessions: ========================= Error: (08/09/2013 06:33:39 PM) (Source: Application Hang)(User: ) Description: wwahost.exe6.2.9200.16420f7801ce951e1a2304f84294967295C:\WINDOWS\system32\wwahost.exe6b58c6c1-0111-11e3-beb0-001bfc796d9aMicrosoft.Bing_1.2.0.137_x64__8wekyb3d8bbweMicrosoft.Bing Error: (08/09/2013 06:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mausi) Description: Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe Error: (08/09/2013 06:33:27 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe Error: (08/09/2013 06:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mausi) Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing-2144927142 Error: (08/09/2013 06:32:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Mausi) Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing Error: (08/08/2013 09:03:04 PM) (Source: SideBySide)(User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Stephan\Desktop\esetsmartinstaller_enu.exe CodeIntegrity Errors: =================================== Date: 2013-08-07 21:04:14.609 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-31 17:43:03.504 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:03.426 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:03.364 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:02.833 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:02.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:02.708 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:01.663 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:43:00.696 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-31 17:41:27.922 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 6143.11 MB Available physical RAM: 4119.88 MB Total Pagefile: 12287.11 MB Available Pagefile: 10147.11 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:119.9 GB) (Free:44.1 GB) NTFS (Disk=1 Partition=2) Drive d: (Daten) (Fixed) (Total:80 GB) (Free:15.55 GB) NTFS (Disk=2 Partition=2) Drive e: (Bilder) (Fixed) (Total:112.88 GB) (Free:58.2 GB) NTFS (Disk=1 Partition=3) Drive f: (Filme und Videos) (Fixed) (Total:122.89 GB) (Free:21.43 GB) NTFS (Disk=2 Partition=3) Drive g: (BackUps) (Fixed) (Total:74.55 GB) (Free:56.07 GB) NTFS (Disk=0 Partition=1) Drive m: (USB-STICK) (Removable) (Total:0.96 GB) (Free:0.89 GB) FAT (Disk=3 Partition=1) Drive t: (WIN XP) (Fixed) (Total:30 GB) (Free:4.91 GB) NTFS (Disk=2 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 75 GB) (Disk ID: B92CB92C) Partition 2: (Active) - (Size=75 GB) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 443C443B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=120 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=113 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 44884487) Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=203 GB) - (Type=05) ======================================================== Disk: 3 (Size: 984 MB) (Disk ID: B50CCBA7) Partition 1: (Active) - (Size=984 MB) - (Type=06) ==================== End Of Log ============================ |
|
12.08.2013, 15:12
| #14 |
| /// Malware-holic | ClickCompare Malware auf Win 8 x64 Hi, 1. öffne google chrome, lösche die Erweiterung LyriXeeker https://support.google.com/chrome/answer/113907?hl=de PC neustarten, prüfen ob sie weg ist. 2. Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
HTML5
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\1
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files
(x86)\LyriXeeker\125.crx
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen. Wenn alles gut läuft: 4. Die Reihenfolge ist hier entscheidend.
5. PC absichern. Der Abschnitt windows 7 bzw Vista passt am besten für dein System. als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 8 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: http://support.google.com/chrome/bin...&answer=118663 anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Password Manager, Form Filler, Password Management | RoboForm Password Manager anleitung: RoboForm Manual
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet Geändert von markusg (12.08.2013 um 15:18 Uhr) |
|
15.08.2013, 21:18
| #15 |
| | ClickCompare Malware auf Win 8 x64 Sorry, hat ein wenig gedauert, hier das Log von FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013 01
Ran by Stephan at 2013-08-15 21:30:12 Run:1
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==============================================
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\odnofacmifkjndflfmmplhckcbfjckhj => Key deleted successfully.
"C:\Program Files (x86)\LyriXeeker\125.crx" => File/Directory not found.
==== End of Fixlog ====
Vielen Dank schon mal.  |
|
| Themen zu ClickCompare Malware auf Win 8 x64 |
| autostart, benötigte, clickcompare, code, disable, eingefangen, entferne, firefox, forum, gefangen, gen, links, logfiles, malware, nette, seite, versuch, win, win 8, win 8 x64 |
WARNUNG an die MITLESER: 
Linear-Darstellung
