| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spy Eyes und blauer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.10.2013, 14:56
| #1 |
 |  Spy Eyes und blauer Bildschirm Hallo, gestern fiel mir auch, dass mein USB Stick, nachdem ich ihm vom Copyshop zurückbekommen hatte, alle Dateien nur noch als Verknüpfungen angab. Daraufhin ließ ich mehrere Virusprogramme durchlaufen und eins (Malware) gab mir dann an, dass mehrere Viren auf meinem PC sind, unter anderem auch Spyeyes. Daraufhin löschte ich diese... Heute wollte ich alles nochmal kontrollieren mit einer anderen Virus-Software (Malwarebytes Anti Malware) und daraufhin kam das während des Scans: eine Fehlermeldung (blauer Bildschirm) A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you see this stop error screen, restart your computer., etc. angezeigt wird und sich mein Laptop ausschaltet und wieder einschaltet. Jetzt habe ich noch ein paar Mal probiert den Scan durchzuführen, aber er wird immer wieder abgebrochen. Was kann/ muss ich tun??? Vielen Dank schon einmal für die Hilfe! Brauche meinen Laptop wirklich dringend und habe keinerlei Ahnung von so etwas :/ Vera |
|
26.10.2013, 15:07
| #2 | |
| /// TB-Ausbilder   | Spy Eyes und blauer Bildschirm Hallo Vera,
__________________Zitat:
Zusätzlich: Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.
__________________ |
|
26.10.2013, 15:36
| #3 |
| | Spy Eyes und blauer Bildschirm wie poste ich den Logfile?Einfach kopieren?
__________________[Spoiler]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01 Ran by Vera at 2013-10-26 16:28:58 Running from E:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Adobe Bridge 1.0 (Version: 001.000.001) Adobe Common File Installer (Version: 1.00.001) Adobe Flash Player 10 ActiveX (Version: 10.0.45.2) Adobe Flash Player 11 Plugin (Version: 11.1.102.55) Adobe Help Center 1.0 (Version: 1.0.1) Adobe Photoshop CS2 (Version: 9.0) Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6) Adobe Stock Photos 1.0 (Version: 1.0.1) Apple Application Support (Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (Version: 2.1.3.127) Avira Free Antivirus (Version: 14.0.0.383) Bonanza Deals (remove only) (Version: 5.0.1.0) Bonjour (Version: 3.0.0.10) Brother MFL-Pro Suite DCP-165C (Version: 1.0.1.0) CDBurnerXP (Version: 4.4.1.3184) Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495) Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495) Command & Conquer Generals (Version: 0.50.0000) Command and ConquerTM Generals Zero Hour (Version: 1.00.0000) DAEMON Tools Lite (Version: 4.46.1.0327) DivX-Setup (Version: 1.0.0.450) Dropbox (HKCU Version: 2.0.22) Facebook Video Calling 1.2.0.287 (Version: 1.2.287) Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0) Foto-Mosaik-Edda Standard V5.8.0 Google Update Helper (Version: 1.3.23.0) HitmanPro 3.7 (Version: 3.7.8.207) iPhone Backup Extractor (HKCU Version: 4.6.6.0) iTunes (Version: 11.0.0.163) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) Kreuzworträtsel Freeware MAGIX Music Maker MX Premium Download-Version (Einführungsvideos) (Version: 1.0.0.0) MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) (Version: 1.0.0.0) MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) (Version: 1.0.0.0) MAGIX Music Maker MX Premium Download-Version (Version: 18.0.0.42) MAGIX Screenshare (Version: 4.3.6.1987) MAGIX Speed burnR (MSI) (Version: 7.0.2.6) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.8.130.8) Mediscript-CD GK1 Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Rosetta Stone Version 3 (Version: 3.4.5.0) Skype™ 6.9 (Version: 6.9.106) Spotify (HKCU Version: 0.9.4.185.g7545a404) SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0) Synaptics Pointing Device Driver (Version: 13.2.4.12) Text-To-Speech-Runtime (Version: 1.0.0.0) Unity Web Player (HKCU Version: ) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0) VirtualCloneDrive VLC media player 2.0.3 (Version: 2.0.3) Winamp (Version: 5.572 ) Winamp Anwendungserkennung (HKCU Version: 1.0.0.1) WinRAR ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2C392EBA-5683-404D-A16D-1C846075EFE8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals) Task: {549BE28E-3410-45CF-8EF5-499C41DD628D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {5FF1AA53-F159-4149-B782-E887C0FFBC86} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {9B360EC4-303D-42CD-B166-348140940616} - System32\Tasks\DigitalSite => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: {C7D4C442-B4BB-44EF-9FDB-B72320D8C478} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {D1AD3161-06D7-4F36-9D48-99C3B295D239} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals) Task: {FDF8DD9B-3B6F-45AF-A96D-E072EA5E0190} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-10-15 20:27 - 2013-10-15 20:27 - 34604032 _____ () C:\Users\Vera\AppData\Roaming\Spotify\Data\libcef.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vera\AppData\Roaming\Dropbox\bin\libcef.dll 2011-03-11 16:24 - 2013-05-24 16:40 - 00740352 _____ () C:\Program Files\SRWare Iron\libglesv2.dll 2011-03-11 16:24 - 2013-05-24 17:58 - 00130048 _____ () C:\Program Files\SRWare Iron\libegl.dll 2013-06-30 23:33 - 2013-04-10 01:39 - 00970240 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll 2010-01-27 03:07 - 2012-02-15 15:23 - 08527008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 419175 Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 419175 Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 418161 Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 418161 Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 417162 Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 417162 Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/26/2013 02:03:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 416164 System errors: ============= Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (10/26/2013 03:36:47 PM) (Source: BugCheck) (User: ) Description: 0x000000d1 (0x00000030, 0x00000002, 0x00000000, 0x952f28a5)C:\Windows\MEMORY.DMP102613-43056-01 Error: (10/26/2013 03:36:14 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 26.10.2013 um 15:34:44 unerwartet heruntergefahren. Error: (10/26/2013 03:25:23 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (10/26/2013 03:21:54 PM) (Source: atikmdag) (User: ) Description: Display is not active Microsoft Office Sessions: ========================= Error: (02/17/2012 10:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/17/2012 10:58:05 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1543 seconds with 480 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3036.61 MB Available physical RAM: 1356.52 MB Total Pagefile: 6069.46 MB Available Pagefile: 3888.65 MB Total Virtual: 2047.88 MB Available Virtual: 1885.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:50 GB) (Free:1.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:92.09 GB) (Free:26.5 GB) NTFS Drive e: () (Fixed) (Total:143 GB) (Free:122.04 GB) NTFS Drive k: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7407B56E) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 956 MB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=956 MB) - (Type=06) ==================== End Of Log ============================[/Spoiler] FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01
Ran by Vera (administrator) on VERA-PC on 26-10-2013 16:25:01
Running from E:\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Roof] - C:\Users\Vera\AppData\Local\Temp\Roof.vbs [60040 2013-09-29] () <===== ATTENTION
HKCU\...\Run: [Iexplorerprog1] - C:\Users\Vera\AppData\Local\Temp\Iexplorerprog1.vbs [60040 2013-09-29] () <===== ATTENTION
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
MountPoints2: {25d2fadd-904d-11e0-b80c-00265e9f4dce} - M:\LaunchU3.exe -a
MountPoints2: {9a5967c7-70a5-11e0-a6ab-00265e9f4dce} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {9a596853-70a5-11e0-a6ab-00265e9f4dce} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {e7182a56-926a-11e0-9241-00265e9f4dce} - G:\LaunchU3.exe -a
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-02] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-02] (BonanzaDeals)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-25] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-26] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-05] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-26 16:24 - 2013-10-26 16:24 - 00000000 ____D C:\FRST
2013-10-26 16:17 - 2013-10-26 16:18 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 15:36 - 2013-10-26 15:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 15:25 - 2013-10-26 16:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-26 15:22 - 2013-10-26 15:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 14:06 - 2013-10-26 14:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 10:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 17:42 - 2013-10-25 17:43 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-25 14:52 - 2013-10-25 17:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 14:52 - 2013-10-25 16:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 14:52 - 2013-10-25 14:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 12:55 - 2013-10-25 12:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 20:25 - 2013-10-22 20:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 16:05 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 16:05 - 2013-10-21 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 16:05 - 2013-10-21 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 16:05 - 2013-10-21 16:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 16:05 - 2013-10-21 16:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 16:04 - 2013-10-21 16:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 10:38 - 2013-09-23 13:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi
2013-10-19 02:24 - 2013-10-19 02:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 02:15 - 2013-10-19 02:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 02:14 - 2013-10-19 02:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 01:34 - 2013-10-19 02:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 01:28 - 2013-10-19 01:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 14:02 - 2013-10-18 14:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 18:20 - 2013-10-17 18:23 - 00000000 ____D C:\Windows\rescache
2013-10-15 20:27 - 2013-10-25 20:13 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-15 20:27 - 2013-10-15 20:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 20:27 - 2013-10-15 20:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 20:25 - 2013-10-26 16:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-10 02:06 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:06 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:06 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 02:06 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 02:06 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:06 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 01:00 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 01:00 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 01:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 01:00 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 01:00 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 01:00 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 01:00 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 01:00 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 01:00 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 01:00 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 01:00 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 01:00 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 01:00 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 01:00 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 01:00 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 01:00 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 01:00 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 01:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 01:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 01:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 01:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 00:59 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 00:59 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 00:59 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 00:59 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 00:59 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 00:59 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 19:49 - 2013-10-07 19:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-02 01:14 - 2013-10-03 00:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 01:14 - 2013-10-03 00:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-02 00:15 - 2013-10-26 16:20 - 00000906 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-02 00:15 - 2013-10-26 15:20 - 00000910 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-02 00:14 - 2013-10-03 08:14 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\DigitalSite
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-09-30 09:02 - 2013-09-30 09:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
==================== One Month Modified Files and Folders =======
2013-10-26 16:25 - 2013-10-26 15:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-26 16:25 - 2013-10-15 20:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-26 16:25 - 2010-03-01 20:43 - 01279772 _____ C:\Windows\WindowsUpdate.log
2013-10-26 16:24 - 2013-10-26 16:24 - 00000000 ____D C:\FRST
2013-10-26 16:21 - 2011-11-14 22:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox
2013-10-26 16:20 - 2013-10-02 00:15 - 00000906 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-26 16:20 - 2011-11-14 22:44 - 00000000 ___RD C:\Users\Vera\Dropbox
2013-10-26 16:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 16:20 - 2009-07-14 06:39 - 00214134 _____ C:\Windows\setupact.log
2013-10-26 16:18 - 2013-10-26 16:17 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 16:17 - 2010-03-01 20:56 - 00000000 ____D C:\Users\Vera
2013-10-26 15:45 - 2009-07-14 06:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 15:45 - 2009-07-14 06:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 15:36 - 2013-10-26 15:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 15:36 - 2013-03-15 09:26 - 00000000 ____D C:\Windows\Minidump
2013-10-26 15:27 - 2010-03-01 22:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype
2013-10-26 15:22 - 2013-10-26 15:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 15:20 - 2013-10-02 00:15 - 00000910 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-26 14:06 - 2013-10-26 14:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 13:41 - 2012-01-09 20:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 20:13 - 2013-10-15 20:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-25 17:43 - 2013-10-25 17:42 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-25 17:30 - 2013-10-25 14:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 16:58 - 2013-10-25 14:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 16:38 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-25 16:36 - 2013-03-09 20:40 - 00000000 ____D C:\Program Files\7-Zip
2013-10-25 16:36 - 2010-03-01 23:04 - 00096052 _____ C:\Windows\PFRO.log
2013-10-25 14:52 - 2013-10-25 14:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 12:55 - 2013-10-25 12:55 - 00000000 ____D C:\PPF_Scan1
2013-10-24 20:15 - 2012-01-09 20:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
2013-10-22 20:27 - 2013-10-22 20:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 16:09 - 2010-04-02 12:52 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-21 16:05 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 16:04 - 2013-10-21 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 16:04 - 2013-10-21 16:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 16:04 - 2013-10-21 16:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 16:04 - 2013-10-21 16:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 16:04 - 2013-10-21 16:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 09:39 - 2009-07-14 06:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 02:24 - 2013-10-19 02:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 02:15 - 2013-10-19 02:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 02:14 - 2013-10-19 02:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 02:07 - 2013-10-19 01:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 01:29 - 2010-03-01 22:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 01:28 - 2013-10-19 01:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 16:36 - 2010-03-11 20:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 14:15 - 2013-10-18 14:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 18:23 - 2013-10-17 18:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 17:39 - 2013-01-31 18:26 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 17:39 - 2012-02-15 15:23 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 10:22 - 2010-03-01 21:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 20:27 - 2013-10-15 20:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 20:27 - 2013-10-15 20:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-11 08:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 07:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 02:11 - 2013-08-15 00:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 02:09 - 2010-03-28 19:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 02:08 - 2012-05-23 21:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-07 19:49 - 2013-10-07 19:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-07 13:00 - 2013-08-15 12:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 13:00 - 2013-08-15 12:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 13:00 - 2013-08-15 12:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 13:00 - 2013-08-15 12:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-03 08:14 - 2013-10-02 00:14 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-03 00:16 - 2013-10-02 01:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-03 00:16 - 2013-10-02 01:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\DigitalSite
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-02 00:14 - 2009-10-05 18:01 - 00001721 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 09:02 - 2013-09-30 09:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
Files to move or delete:
====================
C:\Users\Vera\AppData\Local\Temp\Roof.vbs
C:\Users\Vera\AppData\Local\Temp\Iexplorerprog1.vbs
C:\Users\Vera\Opera_1101_int_Setup.exe
Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\Temp\20130514090632366jniverify.dll
C:\Users\Vera\AppData\Local\Temp\5d6843831c37d47abbbd4bebfcad6ef6.exe
C:\Users\Vera\AppData\Local\Temp\AskSLib.dll
C:\Users\Vera\AppData\Local\Temp\avgnt.exe
C:\Users\Vera\AppData\Local\Temp\contentDATs.exe
C:\Users\Vera\AppData\Local\Temp\FileSystemView.dll
C:\Users\Vera\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Vera\AppData\Local\Temp\iPodVoiceOverSetup.exe
C:\Users\Vera\AppData\Local\Temp\ose00000.exe
C:\Users\Vera\AppData\Local\Temp\ose00002.exe
C:\Users\Vera\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Vera\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Vera\AppData\Local\Temp\SpotifyUninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-23 17:16
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-26 16:28:58
Running from E:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 14.0.0.383)
Bonanza Deals (remove only) (Version: 5.0.1.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-165C (Version: 1.0.1.0)
CDBurnerXP (Version: 4.4.1.3184)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.46.1.0327)
DivX-Setup (Version: 1.0.0.450)
Dropbox (HKCU Version: 2.0.22)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foto-Mosaik-Edda Standard V5.8.0
Google Update Helper (Version: 1.3.23.0)
HitmanPro 3.7 (Version: 3.7.8.207)
iPhone Backup Extractor (HKCU Version: 4.6.6.0)
iTunes (Version: 11.0.0.163)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Kreuzworträtsel Freeware
MAGIX Music Maker MX Premium Download-Version (Einführungsvideos) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Version: 18.0.0.42)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mediscript-CD GK1
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Skype™ 6.9 (Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Text-To-Speech-Runtime (Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VirtualCloneDrive
VLC media player 2.0.3 (Version: 2.0.3)
Winamp (Version: 5.572 )
Winamp Anwendungserkennung (HKCU Version: 1.0.0.1)
WinRAR
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2C392EBA-5683-404D-A16D-1C846075EFE8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {549BE28E-3410-45CF-8EF5-499C41DD628D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5FF1AA53-F159-4149-B782-E887C0FFBC86} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {9B360EC4-303D-42CD-B166-348140940616} - System32\Tasks\DigitalSite => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: {C7D4C442-B4BB-44EF-9FDB-B72320D8C478} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D1AD3161-06D7-4F36-9D48-99C3B295D239} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {FDF8DD9B-3B6F-45AF-A96D-E072EA5E0190} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-10-15 20:27 - 2013-10-15 20:27 - 34604032 _____ () C:\Users\Vera\AppData\Roaming\Spotify\Data\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vera\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-11 16:24 - 2013-05-24 16:40 - 00740352 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-03-11 16:24 - 2013-05-24 17:58 - 00130048 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-06-30 23:33 - 2013-04-10 01:39 - 00970240 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2010-01-27 03:07 - 2012-02-15 15:23 - 08527008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 419175
Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 419175
Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 418161
Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 418161
Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 417162
Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 417162
Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/26/2013 02:03:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 416164
System errors:
=============
Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (10/26/2013 03:36:47 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000030, 0x00000002, 0x00000000, 0x952f28a5)C:\Windows\MEMORY.DMP102613-43056-01
Error: (10/26/2013 03:36:14 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 26.10.2013 um 15:34:44 unerwartet heruntergefahren.
Error: (10/26/2013 03:25:23 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/26/2013 03:21:54 PM) (Source: atikmdag) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
Error: (02/17/2012 10:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/17/2012 10:58:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1543 seconds with 480 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3036.61 MB
Available physical RAM: 1356.52 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3888.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:50 GB) (Free:1.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:92.09 GB) (Free:26.5 GB) NTFS
Drive e: () (Fixed) (Total:143 GB) (Free:122.04 GB) NTFS
Drive k: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7407B56E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 956 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=956 MB) - (Type=06)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.26.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16721 Vera :: VERA-PC [Administrator] Schutz: Aktiviert 26.10.2013 10:40:49 mbam-log-2013-10-26 (10-40-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 421565 Laufzeit: 3 Stunde(n), 13 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 74 HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealslive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BONANZADEALSLIVE.EXE (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3COMClassService (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3WebSvc (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.ProcessLauncher (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3WebMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLive.OneClickCtrl.9 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLive.OneClickProcessLauncherMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{6802463D-636F-41FE-9924-4CAD56906590} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CoreMachineClass.1 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CoreMachineClass (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CoreClass.1 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CoreClass (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLive.Update3WebControl.3 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CoCreateAsync (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.CredentialDialogMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\BonanzaDealsLiveUpdate.Update3WebMachineFallback (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0041858.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0041858.BHO.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0041858.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0041858.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\AppID\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealslivem (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0B2O1B1F1H2Y0G -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 19 C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\Download (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\Install (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\Offline (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\Offline\{DD3AB20C-15B1-486E-B8F9-A7DDBBC759CF} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 95 C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Temp\eIntaller\9104687149004e359984111BE6629508\eXQ.exe (PUP.Optional.Wilsys.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Temp\is1590112554\33237332_stp.EXE (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Temp\is1590112554\33237285_stp\cor_ar_201392319852_qvo6.exe (PUP.Optional.Elex) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Temp\is1590112554\33237425_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Windows\Temp\41858_updater.exe (PUP.Optional.Lyrics.A) -> Keine Aktion durchgeführt. E:\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\BonanzaDeals.crx (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\BonanzaDeals.xpi (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\BonanzaDealsIE64.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\BonanzaDealsUpdate.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\BonanzaDealsUpdateRun.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\icon.ico (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDeals\uninst.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals Help.url (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals.url (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Uninstall Bonanza Deals.lnk (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\background.js (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\manifest.json (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon128.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon16.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon48.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHelper.msi (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter 2013/10/26 10:36:31 +0200 VERA-PC Vera MESSAGE Starting protection
2013/10/26 10:36:31 +0200 VERA-PC Vera MESSAGE Protection started successfully
2013/10/26 10:36:31 +0200 VERA-PC Vera MESSAGE Starting IP protection
2013/10/26 10:37:01 +0200 VERA-PC Vera MESSAGE IP Protection started successfully
2013/10/26 10:37:26 +0200 VERA-PC Vera MESSAGE Starting database refresh
2013/10/26 10:37:26 +0200 VERA-PC Vera MESSAGE Stopping IP protection
2013/10/26 10:37:34 +0200 VERA-PC Vera MESSAGE IP Protection stopped successfully
2013/10/26 10:37:38 +0200 VERA-PC Vera MESSAGE Database refreshed successfully
2013/10/26 10:37:38 +0200 VERA-PC Vera MESSAGE Starting IP protection
2013/10/26 10:37:42 +0200 VERA-PC Vera MESSAGE IP Protection started successfully
2013/10/26 11:48:30 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50531, Process: iron.exe)
2013/10/26 11:48:30 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50537, Process: iron.exe)
2013/10/26 11:48:54 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50540, Process: iron.exe)
2013/10/26 11:48:54 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50546, Process: iron.exe)
2013/10/26 11:49:03 +0200 VERA-PC Vera IP-BLOCK 37.221.167.121 (Type: outgoing, Port: 50573, Process: iron.exe)
2013/10/26 11:49:03 +0200 VERA-PC Vera IP-BLOCK 37.221.167.121 (Type: outgoing, Port: 50575, Process: iron.exe)
2013/10/26 11:49:11 +0200 VERA-PC Vera IP-BLOCK 37.221.167.121 (Type: outgoing, Port: 50576, Process: iron.exe)
2013/10/26 11:51:52 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50689, Process: iron.exe)
2013/10/26 11:51:52 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50694, Process: iron.exe)
2013/10/26 11:52:01 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50699, Process: iron.exe)
2013/10/26 11:52:01 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50703, Process: iron.exe)
2013/10/26 11:52:09 +0200 VERA-PC Vera IP-BLOCK 37.221.167.126 (Type: outgoing, Port: 50714, Process: iron.exe)
2013/10/26 11:52:09 +0200 VERA-PC Vera IP-BLOCK 37.221.167.126 (Type: outgoing, Port: 50715, Process: iron.exe)
2013/10/26 11:52:09 +0200 VERA-PC Vera IP-BLOCK 37.221.161.131 (Type: outgoing, Port: 50720, Process: iron.exe)
2013/10/26 11:52:09 +0200 VERA-PC Vera IP-BLOCK 37.221.161.131 (Type: outgoing, Port: 50721, Process: iron.exe)
2013/10/26 11:52:17 +0200 VERA-PC Vera IP-BLOCK 37.221.161.131 (Type: outgoing, Port: 50739, Process: iron.exe)
2013/10/26 11:52:17 +0200 VERA-PC Vera IP-BLOCK 37.221.161.131 (Type: outgoing, Port: 50740, Process: iron.exe)
2013/10/26 11:53:06 +0200 VERA-PC Vera IP-BLOCK 78.140.143.6 (Type: outgoing, Port: 50775, Process: iron.exe)
2013/10/26 12:43:19 +0200 VERA-PC Vera MESSAGE Executing scheduled update: Daily
2013/10/26 12:43:23 +0200 VERA-PC Vera MESSAGE Database already up-to-date
2013/10/26 15:22:51 +0200 VERA-PC Vera MESSAGE Starting protection
2013/10/26 15:22:51 +0200 VERA-PC Vera MESSAGE Protection started successfully
2013/10/26 15:22:51 +0200 VERA-PC Vera MESSAGE Starting IP protection
2013/10/26 15:22:57 +0200 VERA-PC Vera MESSAGE IP Protection started successfully
2013/10/26 15:37:02 +0200 VERA-PC Vera MESSAGE Starting protection
2013/10/26 15:37:02 +0200 VERA-PC Vera MESSAGE Protection started successfully
2013/10/26 15:37:02 +0200 VERA-PC Vera MESSAGE Starting IP protection
2013/10/26 15:37:06 +0200 VERA-PC Vera MESSAGE IP Protection started successfully
2013/10/26 16:20:29 +0200 VERA-PC Vera MESSAGE Starting protection
2013/10/26 16:20:29 +0200 VERA-PC Vera MESSAGE Protection started successfully
2013/10/26 16:20:29 +0200 VERA-PC Vera MESSAGE Starting IP protection
2013/10/26 16:20:36 +0200 VERA-PC Vera MESSAGE IP Protection started successfully
|
|
26.10.2013, 17:20
| #4 |
| /// TB-Ausbilder | Spy Eyes und blauer Bildschirm Hallo, ja da läuft unschöne Malware.  Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
27.10.2013, 20:26
| #5 |
| | Spy Eyes und blauer BildschirmCode:
ATTFilter ComboFix 13-10-26.01 - Vera 27.10.2013 19:43:25.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1885 [GMT 1:00]
ausgeführt von:: c:\users\Vera\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-27 bis 2013-10-27 ))))))))))))))))))))))))))))))
.
.
2013-10-26 18:17 . 2013-10-27 18:32 -------- d-----w- C:\AdwCleaner
2013-10-26 14:24 . 2013-10-26 14:24 -------- d-----w- C:\FRST
2013-10-26 08:35 . 2013-10-26 08:35 -------- d-----w- c:\users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 08:35 . 2013-10-26 08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-26 08:35 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-25 15:42 . 2013-10-25 15:50 -------- d-----w- c:\programdata\HitmanPro
2013-10-25 12:53 . 2013-10-25 12:53 -------- d-----w- c:\programdata\Malwarebytes
2013-10-25 12:53 . 2013-10-25 15:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-25 12:52 . 2013-10-25 14:58 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-25 10:55 . 2013-10-25 10:55 -------- d-----w- C:\PPF_Scan1
2013-10-21 14:09 . 2013-10-21 14:09 -------- d-----w- c:\program files\Microsoft
2013-10-21 14:05 . 2013-10-21 14:05 -------- d-----w- c:\program files\Common Files\Java
2013-10-21 14:05 . 2013-10-21 14:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-21 14:04 . 2013-10-21 14:04 -------- d-----w- c:\program files\Java
2013-10-18 23:28 . 2013-10-18 23:28 -------- d-----w- c:\users\Vera\AppData\Roaming\Reincubate
2013-10-17 16:20 . 2013-10-17 16:23 -------- d-----w- c:\windows\rescache
2013-10-15 18:27 . 2013-10-27 10:06 -------- d-----w- c:\users\Vera\AppData\Local\Spotify
2013-10-15 18:25 . 2013-10-27 18:35 -------- d-----w- c:\users\Vera\AppData\Roaming\Spotify
2013-10-09 23:00 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-09 22:59 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-09 22:59 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-09 22:59 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-09 22:59 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-09 22:59 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-09 22:59 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-07 17:49 . 2013-10-07 17:49 -------- d-----w- c:\program files\Common Files\Skype
2013-10-01 22:14 . 2013-10-01 22:14 -------- d-----w- c:\users\Vera\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 18:55 . 2013-10-26 18:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A2EB6B0-7CB4-41A2-ABB5-459C40083D70}\offreg.dll
2013-10-14 06:39 . 2013-10-25 07:32 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A2EB6B0-7CB4-41A2-ABB5-459C40083D70}\mpengine.dll
2013-10-07 11:00 . 2013-08-15 10:36 67680 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-10-07 11:00 . 2013-08-15 10:24 89376 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-10-07 11:00 . 2013-08-15 10:24 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-10-07 11:00 . 2013-08-15 10:24 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-03 12:35 . 2010-03-05 10:10 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 01:56 . 2013-09-11 22:44 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-11 22:44 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-11 22:44 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 22:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-11 22:44 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-11 22:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cxlacuxatx.exe"="c:\cxlacuxatx.exe\cxlacuxatx.exe" [BU]
"Facebook Update"="c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Spotify"="c:\users\Vera\AppData\Roaming\Spotify\Spotify.exe" [2013-10-15 4752384]
"Spotify Web Helper"="c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-15 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-07 681032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Iexplorerprog1.vbs [2013-9-29 60040]
Roof.vbs [2013-9-29 60040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Vera^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 14:28 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 14:46 1159168 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 08:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46 3673728 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
c:\program files\ICQ7.0\ICQ.exe [BU]
.
R2 SkypeUpdate;Skype Updater;c:\windows.old\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-08-03 87976]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-02 1343400]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-10-07 1164360]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-07 440392]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
- c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 17:36]
.
2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
- c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 17:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 62.81.16.148 62.81.16.213
TCP: Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: NameServer = 129.143.2.1,129.143.2.4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Kreuzworträtsel Freeware - c:\windows\unin0407.exe
AddRemove-{BF962E1B-D17A-4713-A100-6531A132D83D}_is1 - c:\program files\Foto-Mosaik-Edda\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5920)
c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\windows\system32\sppsvc.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-27 20:04:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-10-27 19:04
.
Vor Suchlauf: 2.884.231.168 Bytes frei
Nach Suchlauf: 2.736.218.112 Bytes frei
.
- - End Of File - - 4D6D6ACACE0370FC1D9251839A76F171
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 27/10/2013 um 19:32:58
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Vera - VERA-PC
# Gestartet von : E:\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
*************************
AdwCleaner[R0].txt - [4486 octets] - [26/10/2013 19:17:30]
AdwCleaner[R1].txt - [3754 octets] - [26/10/2013 19:51:22]
AdwCleaner[R2].txt - [833 octets] - [26/10/2013 19:55:51]
AdwCleaner[R3].txt - [892 octets] - [27/10/2013 19:32:13]
AdwCleaner[S0].txt - [3429 octets] - [26/10/2013 19:52:08]
AdwCleaner[S1].txt - [814 octets] - [27/10/2013 19:32:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 octets] ##########
Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 26/10/2013 um 20:52:08
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Vera - VERA-PC
# Gestartet von : E:\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Vera\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Vera\AppData\Roaming\digitalsite
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\digitalsite
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B360EC4-303D-42CD-B166-348140940616}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B360EC4-303D-42CD-B166-348140940616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455185558}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444184458}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\Software\qvo6Software
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
*************************
AdwCleaner[R0].txt - [4486 octets] - [26/10/2013 20:17:30]
AdwCleaner[R1].txt - [3754 octets] - [26/10/2013 20:51:22]
AdwCleaner[S0].txt - [3289 octets] - [26/10/2013 20:52:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3349 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013
Ran by Vera (administrator) on VERA-PC on 27-10-2013 20:21:50
Running from C:\Users\Vera\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox
2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt
2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:17 - 2013-10-26 15:18 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 13:52 - 2013-10-25 16:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-27 11:06 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 19:25 - 2013-10-27 20:08 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
==================== One Month Modified Files and Folders =======
2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:08 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-27 20:05 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 20:05 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix
2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox
2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-10-27 20:02 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 20:00 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox
2013-10-27 19:59 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox
2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-10-27 19:56 - 2010-03-01 22:04 - 00097744 _____ C:\Windows\PFRO.log
2013-10-27 19:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 19:56 - 2009-07-14 05:39 - 00214694 _____ C:\Windows\setupact.log
2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt
2013-10-27 19:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
2013-10-27 19:39 - 2010-03-01 19:43 - 01353725 _____ C:\Windows\WindowsUpdate.log
2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner
2013-10-27 11:06 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:47 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump
2013-10-26 19:35 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera
2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:18 - 2013-10-26 15:17 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:27 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 16:30 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 06:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
Files to move or delete:
====================
C:\Users\Vera\Opera_1101_int_Setup.exe
Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-23 16:16
==================== End Of Log ============================
--- --- --- Hey, also ich habe alle Scans durchgeführt und alles hat soweit funktioniert. Es gibt zwei AdwCleaner Dateien, da ich erst noch nicht alle Programme geschlossen hatte. Hoffe ich habe alles richtig gemacht. Während ich das erste Mal CombaFix durchgeführt habe, ist mein Computer wieder abgestürzt ("blauer Bildschirm"), das zweite Mal hat es dann aber funktionert. Ich habe während aller Scans meinen USB-Stick stecken gelassen, da ich vermute, dass dieser auch infiziert ist. Ist das richtig oder sollte ich den lieber entfernen? Vielen Dank schon mal bisher, Vera |
|
28.10.2013, 09:31
| #6 |
| /// TB-Ausbilder | Spy Eyes und blauer Bildschirm Hallo Vera, du hast es richtig gemacht. Aber noch ist nicht alle Malware erwischt worden. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
C:\cxlacuxatx.exe
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte den Rechner neu auf und mach danach einen FRST-Scan: Starte noch einmal FRST.
__________________ --> Spy Eyes und blauer Bildschirm |
|
28.10.2013, 09:49
| #7 |
| | Spy Eyes und blauer Bildschirm Guten Morgen, hierFix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01 Ran by Vera at 2013-10-28 09:38:41 Run:1 Running from E:\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe C:\cxlacuxatx.exe Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs () Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs () ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe => Value deleted successfully. "C:\cxlacuxatx.exe" => File/Directory not found. C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs => Moved successfully. C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs => Moved successfully. ==== End of Fixlog ==== das erste Dokument... Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-28 09:38:41 Run:1
Running from E:\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
C:\cxlacuxatx.exe
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe => Value deleted successfully.
"C:\cxlacuxatx.exe" => File/Directory not found.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs => Moved successfully.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs => Moved successfully.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01
Ran by Vera (administrator) on VERA-PC on 28-10-2013 09:44:13
Running from E:\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\4ym0zwfx.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Vera\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vera\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp
2013-10-27 20:59 - 2013-10-27 20:59 - 00017772 _____ C:\Users\Vera\Desktop\Opera 12 Notes.html
2013-10-27 20:59 - 2013-10-27 20:59 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software
2013-10-27 20:57 - 2013-10-27 20:58 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe
2013-10-27 20:44 - 2013-10-27 23:38 - 316550734 _____ C:\Windows\MEMORY.DMP
2013-10-27 20:44 - 2013-10-27 20:45 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla
2013-10-27 20:23 - 2013-10-27 20:23 - 00028226 _____ C:\Users\Vera\Downloads\FRST.txt
2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox
2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt
2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:17 - 2013-10-26 15:18 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 13:52 - 2013-10-25 16:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-27 11:06 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 19:25 - 2013-10-28 09:45 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
==================== One Month Modified Files and Folders =======
2013-10-28 09:46 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox
2013-10-28 09:45 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-28 09:42 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox
2013-10-28 09:41 - 2010-03-01 19:43 - 01391039 _____ C:\Windows\WindowsUpdate.log
2013-10-28 09:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 09:41 - 2009-07-14 05:39 - 00215030 _____ C:\Windows\setupact.log
2013-10-28 09:36 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 09:36 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 08:12 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp
2013-10-27 23:38 - 2013-10-27 20:44 - 316550734 _____ C:\Windows\MEMORY.DMP
2013-10-27 23:38 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump
2013-10-27 22:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
2013-10-27 20:59 - 2013-10-27 20:59 - 00017772 _____ C:\Users\Vera\Desktop\Opera 12 Notes.html
2013-10-27 20:59 - 2013-10-27 20:59 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software
2013-10-27 20:59 - 2010-03-01 22:22 - 00000000 ____D C:\Program Files\Opera
2013-10-27 20:58 - 2013-10-27 20:57 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe
2013-10-27 20:45 - 2013-10-27 20:44 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp
2013-10-27 20:44 - 2010-03-01 22:04 - 00098078 _____ C:\Windows\PFRO.log
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla
2013-10-27 20:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-27 20:23 - 2013-10-27 20:23 - 00028226 _____ C:\Users\Vera\Downloads\FRST.txt
2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix
2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox
2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt
2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner
2013-10-27 11:06 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:35 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera
2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:18 - 2013-10-26 15:17 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:27 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 16:30 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 06:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
Files to move or delete:
====================
C:\Users\Vera\Opera_1101_int_Setup.exe
Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-23 16:16
==================== End Of Log ============================
--- --- --- ODE][/CODE] Nach den ganzen Scans gestern ist auch noch zwei Mal dieser blaue Kasten erschienen. Also scheint mein PC wirklich noch nicht sauber zu sein. Außerdem spinnt mein Browser immer wieder, denn es kommt immer wieder die Meldung: Kein Zugriff auf das Netzwerk Die Verbindung zu 3c.gmx.net wurde durch eine Änderungen in der Netzwerkverbindung unterbrochen. Hängt das auch mit dem Virus zusammen? |
|
28.10.2013, 10:18
| #8 | |
| /// TB-Ausbilder | Spy Eyes und blauer BildschirmZitat:
__________________ cheers, Leo |
|
28.10.2013, 10:20
| #9 |
| | Spy Eyes und blauer Bildschirm auch scannen lassen...habe ich in meinem zweiten Post geschickt. |
|
28.10.2013, 10:24
| #10 | |
| /// TB-Ausbilder | Spy Eyes und blauer BildschirmZitat:
Hast du das MBAR-Log auch noch? (Vielleicht im Ordner C:\Users\Vera\Desktop\mbar)
__________________ cheers, Leo |
|
28.10.2013, 10:27
| #11 |
| | Spy Eyes und blauer BildschirmCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.10.02.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Vera :: VERA-PC [administrator]
25.10.2013 14:53:41
mbar-log-2013-10-25 (14-53-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 208505
Time elapsed: 1 hour(s), 4 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
Folders Detected: 1
C:\cxlacuxatx.exe (Trojan.SpyEyes.Gen) -> Delete on reboot.
Files Detected: 1
C:\cxlacuxatx.exe\config.bin (Trojan.SpyEyes.Gen) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.10.02.12
Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16721
Vera :: VERA-PC [administrator]
25.10.2013 16:58:39
mbar-log-2013-10-25 (16-58-39).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 203419
Time elapsed: 26 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
28.10.2013, 10:29
| #12 |
| /// TB-Ausbilder | Spy Eyes und blauer Bildschirm ok. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ cheers, Leo |
|
28.10.2013, 10:47
| #13 |
| | Spy Eyes und blauer Bildschirm [CODE][/--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3184119808, free: 798097408 Initializing... ====================== ------------ Kernel report ------------ 10/25/2013 14:53:35 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\athr.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\yk62x86.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\System32\Drivers\ast03e87.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\VClone.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Program Files\DAEMON Tools Lite\Engine.dll \Windows\System32\comdlg32.dll \Windows\System32\setupapi.dll \Windows\System32\user32.dll \Windows\System32\ole32.dll \Windows\System32\usp10.dll \Windows\System32\urlmon.dll \Windows\System32\sechost.dll \Windows\System32\wininet.dll \Windows\System32\Wldap32.dll \Windows\System32\oleaut32.dll \Windows\System32\msvcrt.dll \Windows\System32\msctf.dll \Windows\System32\imm32.dll \Windows\System32\lpk.dll \Windows\System32\gdi32.dll \Windows\System32\iertutil.dll \Windows\System32\ws2_32.dll \Windows\System32\nsi.dll \Windows\System32\kernel32.dll \Windows\System32\rpcrt4.dll \Windows\System32\shlwapi.dll \Windows\System32\clbcatq.dll \Windows\System32\shell32.dll \Windows\System32\normaliz.dll \Windows\System32\difxapi.dll \Windows\System32\advapi32.dll \Windows\System32\psapi.dll \Windows\System32\imagehlp.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xffffffff85ea5ac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008b\ Lower Device Object: 0xffffffff85e792e8 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xffffffff85ea5ac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008b\ Lower Device Object: 0xffffffff85e792e8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86490798 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff863a8908 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86490798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff864903d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86490798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff863a8908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffbdbf94a8, 0xffffffff86490798, 0xffffffff87996ac8 Lower DeviceData: 0xffffffff88139de8, 0xffffffff863a8908, 0xffffffff861b6128 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7407B56E Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 104857600 Partition is not bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 132122624 Numsec = 193120256 Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 325242880 Numsec = 299896832 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff85ea5ac8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff861e1580, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85ea5ac8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85e792e8, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffff96f9ce60, 0xffffffff85ea5ac8, 0xffffffff860b4818 Lower DeviceData: 0xffffffff88094b40, 0xffffffff85e792e8, 0xffffffff85934370 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 1957856 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1002438656 bytes Sector size: 512 bytes Done! Infected: C:\cxlacuxatx.exe --> [Trojan.SpyEyes.Gen] Infected: C:\cxlacuxatx.exe\config.bin --> [Trojan.SpyEyes.Gen] Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage] Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL --> [Hijack.StartPage] Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL --> [Hijack.StartPage] Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage] Scan finished Creating System Restore point... Cleaning up... Removal successful. No system shutdown is required. ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_27265024_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3184119808, free: 1979482112 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3184119808, free: 2322128896 Initializing... ====================== ------------ Kernel report ------------ 10/25/2013 16:58:34 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\VClone.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\wininet.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\rpcrt4.dll \Windows\System32\normaliz.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\msctf.dll \Windows\System32\sechost.dll \Windows\System32\oleaut32.dll \Windows\System32\imm32.dll \Windows\System32\clbcatq.dll \Windows\System32\iertutil.dll \Windows\System32\ws2_32.dll \Windows\System32\comdlg32.dll \Windows\System32\psapi.dll \Windows\System32\lpk.dll \Windows\System32\gdi32.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\urlmon.dll \Windows\System32\shell32.dll \Windows\System32\nsi.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8604b318 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xffffffff86053030 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85868090 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff85701908 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85868090, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85869cc8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85868090, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85701908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7407B56E Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 104857600 Partition is not bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 132122624 Numsec = 193120256 Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 325242880 Numsec = 299896832 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8604b318, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8604a568, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8604b318, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86053030, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 1957856 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1002438656 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_27265024_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished CODE] Sorry für den langen Post...mein PC ist gerade wieder zwei Mal abgestürzt, das zweite Mal ging nichts mehr... ok, werde mir das herunterladen. |
|
28.10.2013, 10:55
| #14 |
| | Spy Eyes und blauer BildschirmCode:
ATTFilter 10:51:10.0789 0x19d4 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
10:51:24.0470 0x19d4 ============================================================
10:51:24.0470 0x19d4 Current date / time: 2013/10/28 10:51:24.0470
10:51:24.0470 0x19d4 SystemInfo:
10:51:24.0470 0x19d4
10:51:24.0470 0x19d4 OS Version: 6.1.7601 ServicePack: 1.0
10:51:24.0470 0x19d4 Product type: Workstation
10:51:24.0470 0x19d4 ComputerName: VERA-PC
10:51:24.0470 0x19d4 UserName: Vera
10:51:24.0470 0x19d4 Windows directory: C:\Windows
10:51:24.0470 0x19d4 System windows directory: C:\Windows
10:51:24.0470 0x19d4 Processor architecture: Intel x86
10:51:24.0470 0x19d4 Number of processors: 2
10:51:24.0470 0x19d4 Page size: 0x1000
10:51:24.0470 0x19d4 Boot type: Normal boot
10:51:24.0470 0x19d4 ============================================================
10:51:30.0523 0x19d4 System UUID: {CF24AD63-2F1F-2C1A-7EED-0CF0D376C1BD}
10:51:31.0662 0x19d4 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:51:31.0678 0x19d4 Drive \Device\Harddisk1\DR1 - Size: 0x3BC00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:51:31.0678 0x19d4 ============================================================
10:51:31.0678 0x19d4 \Device\Harddisk0\DR0:
10:51:31.0678 0x19d4 MBR partitions:
10:51:31.0678 0x19d4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x6400000
10:51:31.0678 0x19d4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7E00800, BlocksNum 0xB82C800
10:51:31.0678 0x19d4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
10:51:31.0678 0x19d4 \Device\Harddisk1\DR1:
10:51:31.0678 0x19d4 MBR partitions:
10:51:31.0678 0x19d4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DDFE0
10:51:31.0678 0x19d4 ============================================================
10:51:31.0709 0x19d4 C: <-> \Device\Harddisk0\DR0\Partition1
10:51:31.0740 0x19d4 D: <-> \Device\Harddisk0\DR0\Partition2
10:51:31.0771 0x19d4 E: <-> \Device\Harddisk0\DR0\Partition3
10:51:31.0771 0x19d4 ============================================================
10:51:31.0771 0x19d4 Initialize success
10:51:31.0771 0x19d4 ============================================================
10:52:24.0963 0x18a4 ============================================================
10:52:24.0963 0x18a4 Scan started
10:52:24.0963 0x18a4 Mode: Manual; SigCheck; TDLFS;
10:52:24.0963 0x18a4 ============================================================
10:52:24.0963 0x18a4 KSN ping started
10:52:28.0582 0x18a4 KSN ping finished: true
10:52:30.0220 0x18a4 ================ Scan system memory ========================
10:52:30.0220 0x18a4 System memory - ok
10:52:30.0220 0x18a4 ================ Scan services =============================
10:52:30.0407 0x18a4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:52:30.0563 0x18a4 1394ohci - ok
10:52:30.0610 0x18a4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:52:30.0641 0x18a4 ACPI - ok
10:52:30.0672 0x18a4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:52:30.0766 0x18a4 AcpiPmi - ok
10:52:30.0813 0x18a4 [ 45D8E2A2D8B9F33C32A7ADB6900C6E04, 45E4866FCA09C9C5B9C740ED99990F02E5838BE496A3EDDB66C60016BC6821E3 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
10:52:30.0860 0x18a4 acsock - ok
10:52:30.0953 0x18a4 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:52:31.0016 0x18a4 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
10:52:34.0338 0x18a4 Detect skipped due to KSN trusted
10:52:34.0338 0x18a4 Adobe LM Service - ok
10:52:34.0510 0x18a4 [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:52:34.0541 0x18a4 AdobeARMservice - ok
10:52:34.0604 0x18a4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:34.0666 0x18a4 adp94xx - ok
10:52:34.0697 0x18a4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:52:34.0744 0x18a4 adpahci - ok
10:52:34.0775 0x18a4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:52:34.0806 0x18a4 adpu320 - ok
10:52:34.0853 0x18a4 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:52:34.0916 0x18a4 AeLookupSvc - ok
10:52:34.0978 0x18a4 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
10:52:35.0072 0x18a4 AFD - ok
10:52:35.0103 0x18a4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:52:35.0134 0x18a4 agp440 - ok
10:52:35.0165 0x18a4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:52:35.0212 0x18a4 aic78xx - ok
10:52:35.0259 0x18a4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
10:52:35.0384 0x18a4 ALG - ok
10:52:35.0415 0x18a4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
10:52:35.0446 0x18a4 aliide - ok
10:52:35.0508 0x18a4 [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:52:35.0586 0x18a4 AMD External Events Utility - ok
10:52:35.0618 0x18a4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:52:35.0649 0x18a4 amdagp - ok
10:52:35.0696 0x18a4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
10:52:35.0727 0x18a4 amdide - ok
10:52:35.0774 0x18a4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:52:35.0836 0x18a4 AmdK8 - ok
10:52:35.0852 0x18a4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:52:35.0914 0x18a4 AmdPPM - ok
10:52:35.0961 0x18a4 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:52:35.0992 0x18a4 amdsata - ok
10:52:36.0023 0x18a4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:36.0070 0x18a4 amdsbs - ok
10:52:36.0101 0x18a4 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:52:36.0132 0x18a4 amdxata - ok
10:52:36.0257 0x18a4 [ 3478F48B23A0D9F6EADD4A2405BA70EF, 421BDDCEFEF491915EF8D9BFB756A56778437D98B136758A15AE5A0672738C9D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:52:36.0304 0x18a4 AntiVirSchedulerService - ok
10:52:36.0398 0x18a4 [ AFFE7C21A4FCA1963371F10066911D3A, DC7A94A784C9389792F3C9A1F435CD9B2D5F74AC9E56F35831B65820FA6A0EDE ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:52:36.0429 0x18a4 AntiVirService - ok
10:52:36.0538 0x18a4 [ 48543D304F54C8997462208555662BA4, ADA3B62E6D1513FF24D044B03EFCBBD4268DB32C213F575D8AD3867D3F82B340 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:52:36.0600 0x18a4 AntiVirWebService - ok
10:52:36.0756 0x18a4 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
10:52:37.0146 0x18a4 AppID - ok
10:52:37.0178 0x18a4 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:52:37.0271 0x18a4 AppIDSvc - ok
10:52:37.0302 0x18a4 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
10:52:37.0365 0x18a4 Appinfo - ok
10:52:37.0458 0x18a4 [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:52:37.0490 0x18a4 Apple Mobile Device - ok
10:52:37.0568 0x18a4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:52:37.0599 0x18a4 arc - ok
10:52:37.0614 0x18a4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:52:37.0661 0x18a4 arcsas - ok
10:52:37.0692 0x18a4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:37.0817 0x18a4 AsyncMac - ok
10:52:37.0848 0x18a4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
10:52:37.0880 0x18a4 atapi - ok
10:52:37.0973 0x18a4 [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr C:\Windows\system32\DRIVERS\athr.sys
10:52:38.0129 0x18a4 athr - ok
10:52:38.0441 0x18a4 [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:52:38.0894 0x18a4 atikmdag - ok
10:52:38.0972 0x18a4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:52:39.0050 0x18a4 AudioEndpointBuilder - ok
10:52:39.0065 0x18a4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:52:39.0143 0x18a4 Audiosrv - ok
10:52:39.0206 0x18a4 [ 683A089D14B60CD58E06ECE079065235, AD6B637FF32C3249D17D0029E55ED1EA8D1B878C99066AF76D452408B009D311 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:52:39.0252 0x18a4 avgntflt - ok
10:52:39.0330 0x18a4 [ D62D0CFABA19B111067613101D43FA7E, 0A0B7886AA48A9E6716CADB52CE02EE1EF40002636EBF04AC02E0AF3FBC22970 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:52:39.0362 0x18a4 avipbb - ok
10:52:39.0377 0x18a4 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:52:39.0408 0x18a4 avkmgr - ok
10:52:39.0455 0x18a4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:52:39.0533 0x18a4 AxInstSV - ok
10:52:39.0611 0x18a4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:52:39.0720 0x18a4 b06bdrv - ok
10:52:39.0783 0x18a4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:52:39.0830 0x18a4 b57nd60x - ok
10:52:39.0892 0x18a4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
10:52:39.0954 0x18a4 BDESVC - ok
10:52:39.0970 0x18a4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
10:52:40.0032 0x18a4 Beep - ok
10:52:40.0110 0x18a4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
10:52:40.0204 0x18a4 BFE - ok
10:52:40.0266 0x18a4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
10:52:40.0344 0x18a4 BITS - ok
10:52:40.0454 0x18a4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:40.0500 0x18a4 blbdrive - ok
10:52:40.0625 0x18a4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:52:40.0672 0x18a4 Bonjour Service - ok
10:52:40.0719 0x18a4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:52:40.0797 0x18a4 bowser - ok
10:52:40.0844 0x18a4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:40.0906 0x18a4 BrFiltLo - ok
10:52:40.0906 0x18a4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:40.0953 0x18a4 BrFiltUp - ok
10:52:40.0984 0x18a4 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:52:41.0062 0x18a4 BridgeMP - ok
10:52:41.0109 0x18a4 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
10:52:41.0171 0x18a4 Browser - ok
10:52:41.0202 0x18a4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:52:41.0280 0x18a4 Brserid - ok
10:52:41.0296 0x18a4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:41.0343 0x18a4 BrSerWdm - ok
10:52:41.0374 0x18a4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:41.0390 0x18a4 BrUsbMdm - ok
10:52:41.0405 0x18a4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:41.0452 0x18a4 BrUsbSer - ok
10:52:41.0483 0x18a4 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:52:41.0577 0x18a4 BthEnum - ok
10:52:41.0577 0x18a4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:41.0639 0x18a4 BTHMODEM - ok
10:52:41.0702 0x18a4 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:52:41.0748 0x18a4 BthPan - ok
10:52:41.0811 0x18a4 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:52:41.0904 0x18a4 BTHPORT - ok
10:52:41.0951 0x18a4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
10:52:42.0014 0x18a4 bthserv - ok
10:52:42.0060 0x18a4 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:52:42.0123 0x18a4 BTHUSB - ok
10:52:42.0466 0x18a4 catchme - ok
10:52:42.0513 0x18a4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:52:42.0575 0x18a4 cdfs - ok
10:52:42.0638 0x18a4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:52:42.0700 0x18a4 cdrom - ok
10:52:42.0747 0x18a4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
10:52:42.0794 0x18a4 CertPropSvc - ok
10:52:42.0840 0x18a4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:52:42.0887 0x18a4 circlass - ok
10:52:42.0934 0x18a4 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
10:52:42.0965 0x18a4 CLFS - ok
10:52:43.0059 0x18a4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:52:43.0106 0x18a4 clr_optimization_v2.0.50727_32 - ok
10:52:43.0184 0x18a4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:52:43.0230 0x18a4 clr_optimization_v4.0.30319_32 - ok
10:52:43.0262 0x18a4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:43.0308 0x18a4 CmBatt - ok
10:52:43.0340 0x18a4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:52:43.0371 0x18a4 cmdide - ok
10:52:43.0433 0x18a4 [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG C:\Windows\system32\Drivers\cng.sys
10:52:43.0496 0x18a4 CNG - ok
10:52:43.0527 0x18a4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:52:43.0558 0x18a4 Compbatt - ok
10:52:43.0605 0x18a4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:52:43.0652 0x18a4 CompositeBus - ok
10:52:43.0667 0x18a4 COMSysApp - ok
10:52:43.0714 0x18a4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:43.0745 0x18a4 crcdisk - ok
10:52:43.0792 0x18a4 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:52:43.0854 0x18a4 CryptSvc - ok
10:52:43.0901 0x18a4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
10:52:43.0964 0x18a4 DcomLaunch - ok
10:52:44.0010 0x18a4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
10:52:44.0104 0x18a4 defragsvc - ok
10:52:44.0151 0x18a4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:52:44.0213 0x18a4 DfsC - ok
10:52:44.0260 0x18a4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:52:44.0338 0x18a4 Dhcp - ok
10:52:44.0354 0x18a4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
10:52:44.0432 0x18a4 discache - ok
10:52:44.0494 0x18a4 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:52:44.0525 0x18a4 Disk - ok
10:52:44.0572 0x18a4 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:52:44.0619 0x18a4 Dnscache - ok
10:52:44.0666 0x18a4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
10:52:44.0744 0x18a4 dot3svc - ok
10:52:44.0822 0x18a4 [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:52:44.0868 0x18a4 dot4 - ok
10:52:44.0931 0x18a4 [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
10:52:44.0978 0x18a4 Dot4Print - ok
10:52:45.0024 0x18a4 [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:52:45.0071 0x18a4 Dot4Scan - ok
10:52:45.0118 0x18a4 [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:52:45.0165 0x18a4 dot4usb - ok
10:52:45.0227 0x18a4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
10:52:45.0305 0x18a4 DPS - ok
10:52:45.0352 0x18a4 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:52:45.0399 0x18a4 drmkaud - ok
10:52:45.0555 0x18a4 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:52:45.0633 0x18a4 DXGKrnl - ok
10:52:45.0711 0x18a4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
10:52:45.0773 0x18a4 EapHost - ok
10:52:45.0992 0x18a4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:52:46.0350 0x18a4 ebdrv - ok
10:52:46.0397 0x18a4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS C:\Windows\System32\lsass.exe
10:52:46.0428 0x18a4 EFS - ok
10:52:46.0522 0x18a4 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:52:46.0631 0x18a4 ehRecvr - ok
10:52:46.0662 0x18a4 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
10:52:46.0709 0x18a4 ehSched - ok
10:52:46.0850 0x18a4 [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
10:52:46.0912 0x18a4 ElbyCDIO - ok
10:52:47.0099 0x18a4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:52:47.0208 0x18a4 elxstor - ok
10:52:47.0255 0x18a4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:52:47.0286 0x18a4 ErrDev - ok
10:52:47.0349 0x18a4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
10:52:47.0442 0x18a4 EventSystem - ok
10:52:47.0458 0x18a4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
10:52:47.0552 0x18a4 exfat - ok
10:52:47.0614 0x18a4 Fabs - ok
10:52:47.0645 0x18a4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:52:47.0723 0x18a4 fastfat - ok
10:52:47.0786 0x18a4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
10:52:47.0879 0x18a4 Fax - ok
10:52:47.0910 0x18a4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:52:47.0957 0x18a4 fdc - ok
10:52:47.0988 0x18a4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
10:52:48.0051 0x18a4 fdPHost - ok
10:52:48.0098 0x18a4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
10:52:48.0207 0x18a4 FDResPub - ok
10:52:48.0238 0x18a4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:52:48.0300 0x18a4 FileInfo - ok
10:52:48.0347 0x18a4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:52:48.0503 0x18a4 Filetrace - ok
10:52:49.0018 0x18a4 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:52:49.0626 0x18a4 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
10:52:52.0746 0x18a4 Detect skipped due to KSN trusted
10:52:52.0746 0x18a4 FirebirdServerMAGIXInstance - ok
10:52:52.0902 0x18a4 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:52:52.0980 0x18a4 FLEXnet Licensing Service - ok
10:52:52.0996 0x18a4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:53.0027 0x18a4 flpydisk - ok
10:52:53.0058 0x18a4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:52:53.0121 0x18a4 FltMgr - ok
10:52:53.0183 0x18a4 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
10:52:53.0308 0x18a4 FontCache - ok
10:52:53.0402 0x18a4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:52:53.0417 0x18a4 FontCache3.0.0.0 - ok
10:52:53.0448 0x18a4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:52:53.0480 0x18a4 FsDepends - ok
10:52:53.0526 0x18a4 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:52:53.0558 0x18a4 Fs_Rec - ok
10:52:53.0604 0x18a4 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:52:53.0667 0x18a4 fvevol - ok
10:52:53.0698 0x18a4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:53.0729 0x18a4 gagp30kx - ok
10:52:53.0760 0x18a4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:52:53.0792 0x18a4 GEARAspiWDM - ok
10:52:53.0854 0x18a4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
10:52:53.0932 0x18a4 gpsvc - ok
10:52:53.0963 0x18a4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:52:54.0010 0x18a4 hcw85cir - ok
10:52:54.0088 0x18a4 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:52:54.0150 0x18a4 HdAudAddService - ok
10:52:54.0213 0x18a4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:52:54.0260 0x18a4 HDAudBus - ok
10:52:54.0306 0x18a4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:54.0353 0x18a4 HidBatt - ok
10:52:54.0369 0x18a4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:52:54.0431 0x18a4 HidBth - ok
10:52:54.0447 0x18a4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:52:54.0509 0x18a4 HidIr - ok
10:52:54.0540 0x18a4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
10:52:54.0603 0x18a4 hidserv - ok
10:52:54.0634 0x18a4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:52:54.0696 0x18a4 HidUsb - ok
10:52:54.0728 0x18a4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
10:52:54.0774 0x18a4 hkmsvc - ok
10:52:54.0821 0x18a4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:52:54.0899 0x18a4 HomeGroupListener - ok
10:52:54.0930 0x18a4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:52:54.0993 0x18a4 HomeGroupProvider - ok
10:52:55.0055 0x18a4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:52:55.0086 0x18a4 HpSAMD - ok
10:52:55.0164 0x18a4 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:52:55.0258 0x18a4 HTTP - ok
10:52:55.0305 0x18a4 [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:52:55.0367 0x18a4 hwdatacard - ok
10:52:55.0414 0x18a4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:52:55.0445 0x18a4 hwpolicy - ok
10:52:55.0492 0x18a4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:52:55.0539 0x18a4 i8042prt - ok
10:52:55.0586 0x18a4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:52:55.0632 0x18a4 iaStorV - ok
10:52:55.0742 0x18a4 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:52:55.0882 0x18a4 idsvc - ok
10:52:55.0944 0x18a4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:52:55.0976 0x18a4 iirsp - ok
10:52:56.0054 0x18a4 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
10:52:56.0147 0x18a4 IKEEXT - ok
10:52:56.0194 0x18a4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
10:52:56.0225 0x18a4 intelide - ok
10:52:56.0272 0x18a4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:52:56.0303 0x18a4 intelppm - ok
10:52:56.0334 0x18a4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:52:56.0412 0x18a4 IPBusEnum - ok
10:52:56.0444 0x18a4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:56.0506 0x18a4 IpFilterDriver - ok
10:52:56.0584 0x18a4 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:52:56.0646 0x18a4 iphlpsvc - ok
10:52:56.0693 0x18a4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:52:56.0740 0x18a4 IPMIDRV - ok
10:52:56.0787 0x18a4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:52:56.0865 0x18a4 IPNAT - ok
10:52:56.0943 0x18a4 [ EF1C51222117B37AFBFF8F4642EA8C62, 7AC322295B33E9BF1548AB42773421609E11332E7E9B42EE58908EF6A298A8F3 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:52:56.0974 0x18a4 iPod Service - ok
10:52:57.0005 0x18a4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:52:57.0099 0x18a4 IRENUM - ok
10:52:57.0130 0x18a4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:52:57.0161 0x18a4 isapnp - ok
10:52:57.0192 0x18a4 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:52:57.0239 0x18a4 iScsiPrt - ok
10:52:57.0270 0x18a4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:57.0302 0x18a4 kbdclass - ok
10:52:57.0348 0x18a4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:57.0380 0x18a4 kbdhid - ok
10:52:57.0411 0x18a4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso C:\Windows\system32\lsass.exe
10:52:57.0426 0x18a4 KeyIso - ok
10:52:57.0458 0x18a4 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:52:57.0489 0x18a4 KSecDD - ok
10:52:57.0520 0x18a4 [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:52:57.0551 0x18a4 KSecPkg - ok
10:52:57.0614 0x18a4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:52:57.0707 0x18a4 KtmRm - ok
10:52:57.0770 0x18a4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:52:57.0879 0x18a4 LanmanServer - ok
10:52:57.0910 0x18a4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:52:57.0957 0x18a4 LanmanWorkstation - ok
10:52:58.0019 0x18a4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:52:58.0097 0x18a4 lltdio - ok
10:52:58.0144 0x18a4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:52:58.0206 0x18a4 lltdsvc - ok
10:52:58.0238 0x18a4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:52:58.0300 0x18a4 lmhosts - ok
10:52:58.0362 0x18a4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:58.0409 0x18a4 LSI_FC - ok
10:52:58.0425 0x18a4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:58.0456 0x18a4 LSI_SAS - ok
10:52:58.0472 0x18a4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:58.0503 0x18a4 LSI_SAS2 - ok
10:52:58.0518 0x18a4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:58.0565 0x18a4 LSI_SCSI - ok
10:52:58.0581 0x18a4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
10:52:58.0643 0x18a4 luafv - ok
10:52:58.0674 0x18a4 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:52:58.0706 0x18a4 MBAMProtector - ok
10:52:58.0784 0x18a4 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:52:58.0830 0x18a4 MBAMScheduler - ok
10:52:58.0877 0x18a4 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:52:58.0940 0x18a4 MBAMService - ok
10:52:58.0971 0x18a4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:52:59.0018 0x18a4 Mcx2Svc - ok
10:52:59.0049 0x18a4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:52:59.0080 0x18a4 megasas - ok
10:52:59.0127 0x18a4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:59.0174 0x18a4 MegaSR - ok
10:52:59.0205 0x18a4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
10:52:59.0267 0x18a4 MMCSS - ok
10:52:59.0283 0x18a4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
10:52:59.0361 0x18a4 Modem - ok
10:52:59.0392 0x18a4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:52:59.0439 0x18a4 monitor - ok
10:52:59.0470 0x18a4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:52:59.0501 0x18a4 mouclass - ok
10:52:59.0532 0x18a4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:52:59.0579 0x18a4 mouhid - ok
10:52:59.0610 0x18a4 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:52:59.0657 0x18a4 mountmgr - ok
10:52:59.0688 0x18a4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
10:52:59.0751 0x18a4 mpio - ok
10:52:59.0798 0x18a4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:52:59.0891 0x18a4 mpsdrv - ok
10:52:59.0938 0x18a4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:53:00.0016 0x18a4 MpsSvc - ok
10:53:00.0063 0x18a4 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:53:00.0141 0x18a4 MRxDAV - ok
10:53:00.0188 0x18a4 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:53:00.0250 0x18a4 mrxsmb - ok
10:53:00.0297 0x18a4 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:53:00.0344 0x18a4 mrxsmb10 - ok
10:53:00.0359 0x18a4 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:53:00.0406 0x18a4 mrxsmb20 - ok
10:53:00.0437 0x18a4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
10:53:00.0468 0x18a4 msahci - ok
10:53:00.0500 0x18a4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:53:00.0546 0x18a4 msdsm - ok
10:53:00.0578 0x18a4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
10:53:00.0640 0x18a4 MSDTC - ok
10:53:00.0687 0x18a4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:53:00.0765 0x18a4 Msfs - ok
10:53:00.0780 0x18a4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:53:00.0858 0x18a4 mshidkmdf - ok
10:53:00.0890 0x18a4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:53:00.0905 0x18a4 msisadrv - ok
10:53:00.0968 0x18a4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:53:01.0030 0x18a4 MSiSCSI - ok
10:53:01.0030 0x18a4 msiserver - ok
10:53:01.0077 0x18a4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:53:01.0155 0x18a4 MSKSSRV - ok
10:53:01.0170 0x18a4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:01.0233 0x18a4 MSPCLOCK - ok
10:53:01.0264 0x18a4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:53:01.0311 0x18a4 MSPQM - ok
10:53:01.0342 0x18a4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:53:01.0373 0x18a4 MsRPC - ok
10:53:01.0420 0x18a4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:53:01.0451 0x18a4 mssmbios - ok
10:53:01.0482 0x18a4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:53:01.0545 0x18a4 MSTEE - ok
10:53:01.0545 0x18a4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:53:01.0592 0x18a4 MTConfig - ok
10:53:01.0623 0x18a4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
10:53:01.0654 0x18a4 Mup - ok
10:53:01.0701 0x18a4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
10:53:01.0763 0x18a4 napagent - ok
10:53:01.0810 0x18a4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:53:01.0872 0x18a4 NativeWifiP - ok
10:53:01.0935 0x18a4 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:53:01.0997 0x18a4 NDIS - ok
10:53:02.0028 0x18a4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:53:02.0106 0x18a4 NdisCap - ok
10:53:02.0138 0x18a4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:02.0216 0x18a4 NdisTapi - ok
10:53:02.0262 0x18a4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:02.0325 0x18a4 Ndisuio - ok
10:53:02.0372 0x18a4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:02.0450 0x18a4 NdisWan - ok
10:53:02.0481 0x18a4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:53:02.0543 0x18a4 NDProxy - ok
10:53:02.0590 0x18a4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:53:02.0668 0x18a4 NetBIOS - ok
10:53:02.0715 0x18a4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:53:02.0793 0x18a4 NetBT - ok
10:53:02.0808 0x18a4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon C:\Windows\system32\lsass.exe
10:53:02.0840 0x18a4 Netlogon - ok
10:53:02.0886 0x18a4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
10:53:02.0964 0x18a4 Netman - ok
10:53:02.0996 0x18a4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
10:53:03.0089 0x18a4 netprofm - ok
10:53:03.0120 0x18a4 [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:53:03.0167 0x18a4 NetTcpPortSharing - ok
10:53:03.0214 0x18a4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:53:03.0245 0x18a4 nfrd960 - ok
10:53:03.0292 0x18a4 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:53:03.0339 0x18a4 NlaSvc - ok
10:53:03.0386 0x18a4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:53:03.0432 0x18a4 Npfs - ok
10:53:03.0479 0x18a4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
10:53:03.0526 0x18a4 nsi - ok
10:53:03.0573 0x18a4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:53:03.0635 0x18a4 nsiproxy - ok
10:53:03.0729 0x18a4 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:53:03.0838 0x18a4 Ntfs - ok
10:53:03.0885 0x18a4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
10:53:03.0963 0x18a4 Null - ok
10:53:04.0010 0x18a4 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:53:04.0041 0x18a4 nvraid - ok
10:53:04.0072 0x18a4 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:53:04.0103 0x18a4 nvstor - ok
10:53:04.0134 0x18a4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:53:04.0166 0x18a4 nv_agp - ok
10:53:04.0290 0x18a4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:53:04.0353 0x18a4 odserv - ok
10:53:04.0400 0x18a4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:53:04.0446 0x18a4 ohci1394 - ok
10:53:04.0509 0x18a4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:53:04.0556 0x18a4 ose - ok
10:53:04.0602 0x18a4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:53:04.0680 0x18a4 p2pimsvc - ok
10:53:04.0712 0x18a4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
10:53:04.0774 0x18a4 p2psvc - ok
10:53:04.0805 0x18a4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:53:04.0852 0x18a4 Parport - ok
10:53:04.0868 0x18a4 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:53:04.0914 0x18a4 partmgr - ok
10:53:04.0930 0x18a4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:53:04.0961 0x18a4 Parvdm - ok
10:53:05.0008 0x18a4 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:53:05.0039 0x18a4 PcaSvc - ok
10:53:05.0086 0x18a4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
10:53:05.0117 0x18a4 pci - ok
10:53:05.0195 0x18a4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
10:53:05.0242 0x18a4 pciide - ok
10:53:05.0320 0x18a4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:53:05.0538 0x18a4 pcmcia - ok
10:53:05.0554 0x18a4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
10:53:05.0585 0x18a4 pcw - ok
10:53:05.0632 0x18a4 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:53:05.0757 0x18a4 PEAUTH - ok
10:53:05.0897 0x18a4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
10:53:06.0069 0x18a4 pla - ok
10:53:06.0147 0x18a4 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:53:06.0194 0x18a4 PlugPlay - ok
10:53:06.0225 0x18a4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:53:06.0272 0x18a4 PNRPAutoReg - ok
10:53:06.0303 0x18a4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:53:06.0350 0x18a4 PNRPsvc - ok
10:53:06.0428 0x18a4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:53:06.0506 0x18a4 PolicyAgent - ok
10:53:06.0552 0x18a4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
10:53:06.0615 0x18a4 Power - ok
10:53:06.0662 0x18a4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:53:06.0724 0x18a4 PptpMiniport - ok
10:53:06.0755 0x18a4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:53:06.0786 0x18a4 Processor - ok
10:53:06.0833 0x18a4 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:53:06.0911 0x18a4 ProfSvc - ok
10:53:06.0927 0x18a4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
10:53:06.0958 0x18a4 ProtectedStorage - ok
10:53:06.0989 0x18a4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:53:07.0052 0x18a4 Psched - ok
10:53:07.0145 0x18a4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:53:07.0254 0x18a4 ql2300 - ok
10:53:07.0286 0x18a4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:53:07.0332 0x18a4 ql40xx - ok
10:53:07.0364 0x18a4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
10:53:07.0442 0x18a4 QWAVE - ok
10:53:07.0473 0x18a4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:53:07.0504 0x18a4 QWAVEdrv - ok
10:53:07.0535 0x18a4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:53:07.0598 0x18a4 RasAcd - ok
10:53:07.0644 0x18a4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:53:07.0707 0x18a4 RasAgileVpn - ok
10:53:07.0754 0x18a4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
10:53:07.0816 0x18a4 RasAuto - ok
10:53:07.0847 0x18a4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:07.0925 0x18a4 Rasl2tp - ok
10:53:07.0988 0x18a4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
10:53:08.0066 0x18a4 RasMan - ok
10:53:08.0112 0x18a4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:08.0190 0x18a4 RasPppoe - ok
10:53:08.0206 0x18a4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:53:08.0284 0x18a4 RasSstp - ok
10:53:08.0331 0x18a4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:53:08.0424 0x18a4 rdbss - ok
10:53:08.0456 0x18a4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:53:08.0502 0x18a4 rdpbus - ok
10:53:08.0534 0x18a4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:08.0596 0x18a4 RDPCDD - ok
10:53:08.0643 0x18a4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:53:08.0705 0x18a4 RDPENCDD - ok
10:53:08.0736 0x18a4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:53:08.0799 0x18a4 RDPREFMP - ok
10:53:08.0830 0x18a4 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:53:08.0892 0x18a4 RDPWD - ok
10:53:08.0955 0x18a4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:53:09.0002 0x18a4 rdyboost - ok
10:53:09.0048 0x18a4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:53:09.0111 0x18a4 RemoteAccess - ok
10:53:09.0158 0x18a4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:53:09.0267 0x18a4 RemoteRegistry - ok
10:53:09.0314 0x18a4 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:53:09.0407 0x18a4 RFCOMM - ok
10:53:09.0438 0x18a4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:53:09.0516 0x18a4 RpcEptMapper - ok
10:53:09.0548 0x18a4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
10:53:09.0594 0x18a4 RpcLocator - ok
10:53:09.0641 0x18a4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
10:53:09.0719 0x18a4 RpcSs - ok
10:53:09.0766 0x18a4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:53:09.0844 0x18a4 rspndr - ok
10:53:09.0860 0x18a4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs C:\Windows\system32\lsass.exe
10:53:09.0891 0x18a4 SamSs - ok
10:53:09.0938 0x18a4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:53:09.0984 0x18a4 sbp2port - ok
10:53:10.0031 0x18a4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:53:10.0109 0x18a4 SCardSvr - ok
10:53:10.0125 0x18a4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:53:10.0203 0x18a4 scfilter - ok
10:53:10.0281 0x18a4 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
10:53:10.0406 0x18a4 Schedule - ok
10:53:10.0437 0x18a4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:53:10.0484 0x18a4 SCPolicySvc - ok
10:53:10.0530 0x18a4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:53:10.0655 0x18a4 SDRSVC - ok
10:53:10.0702 0x18a4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:53:10.0764 0x18a4 secdrv - ok
10:53:10.0796 0x18a4 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
10:53:10.0858 0x18a4 seclogon - ok
10:53:10.0889 0x18a4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
10:53:10.0952 0x18a4 SENS - ok
10:53:10.0983 0x18a4 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:53:11.0045 0x18a4 SensrSvc - ok
10:53:11.0061 0x18a4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:53:11.0108 0x18a4 Serenum - ok
10:53:11.0170 0x18a4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:53:11.0217 0x18a4 Serial - ok
10:53:11.0248 0x18a4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:53:11.0279 0x18a4 sermouse - ok
10:53:11.0326 0x18a4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
10:53:11.0404 0x18a4 SessionEnv - ok
10:53:11.0451 0x18a4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:53:11.0482 0x18a4 sffdisk - ok
10:53:11.0482 0x18a4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:53:11.0513 0x18a4 sffp_mmc - ok
10:53:11.0544 0x18a4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:53:11.0576 0x18a4 sffp_sd - ok
10:53:11.0607 0x18a4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:53:11.0654 0x18a4 sfloppy - ok
10:53:11.0700 0x18a4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:53:11.0794 0x18a4 SharedAccess - ok
10:53:11.0856 0x18a4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:53:11.0919 0x18a4 ShellHWDetection - ok
10:53:11.0950 0x18a4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:53:11.0997 0x18a4 sisagp - ok
10:53:12.0028 0x18a4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:53:12.0059 0x18a4 SiSRaid2 - ok
10:53:12.0075 0x18a4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:53:12.0122 0x18a4 SiSRaid4 - ok
10:53:12.0215 0x18a4 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Windows.old\Program Files\Skype\Updater\Updater.exe
10:53:12.0324 0x18a4 SkypeUpdate - ok
10:53:12.0356 0x18a4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:53:12.0418 0x18a4 Smb - ok
10:53:12.0496 0x18a4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:53:12.0543 0x18a4 SNMPTRAP - ok
10:53:12.0574 0x18a4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
10:53:12.0605 0x18a4 spldr - ok
10:53:12.0652 0x18a4 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
10:53:12.0777 0x18a4 Spooler - ok
10:53:12.0948 0x18a4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
10:53:13.0151 0x18a4 sppsvc - ok
10:53:13.0214 0x18a4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:53:13.0307 0x18a4 sppuinotify - ok
10:53:13.0370 0x18a4 sptd - ok
10:53:13.0448 0x18a4 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:53:13.0572 0x18a4 srv - ok
10:53:13.0666 0x18a4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:53:13.0744 0x18a4 srv2 - ok
10:53:13.0775 0x18a4 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:53:13.0838 0x18a4 srvnet - ok
10:53:13.0884 0x18a4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:53:13.0931 0x18a4 SSDPSRV - ok
10:53:13.0994 0x18a4 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
10:53:14.0009 0x18a4 ssmdrv - ok
10:53:14.0040 0x18a4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:53:14.0087 0x18a4 SstpSvc - ok
10:53:14.0118 0x18a4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:53:14.0150 0x18a4 stexstor - ok
10:53:14.0212 0x18a4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
10:53:14.0306 0x18a4 StiSvc - ok
10:53:14.0352 0x18a4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
10:53:14.0368 0x18a4 swenum - ok
10:53:14.0430 0x18a4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
10:53:14.0493 0x18a4 swprv - ok
10:53:14.0555 0x18a4 [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:53:14.0586 0x18a4 SynTP - ok
10:53:14.0680 0x18a4 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
10:53:14.0789 0x18a4 SysMain - ok
10:53:14.0820 0x18a4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:53:14.0883 0x18a4 TabletInputService - ok
10:53:14.0930 0x18a4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
10:53:15.0023 0x18a4 TapiSrv - ok
10:53:15.0070 0x18a4 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
10:53:15.0132 0x18a4 TBS - ok
10:53:15.0242 0x18a4 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:53:15.0351 0x18a4 Tcpip - ok
10:53:15.0429 0x18a4 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:53:15.0507 0x18a4 TCPIP6 - ok
10:53:15.0554 0x18a4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:53:15.0600 0x18a4 tcpipreg - ok
10:53:15.0663 0x18a4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:53:15.0819 0x18a4 TDPIPE - ok
10:53:15.0990 0x18a4 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:53:16.0022 0x18a4 TDTCP - ok
10:53:16.0068 0x18a4 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:53:16.0131 0x18a4 tdx - ok
10:53:16.0162 0x18a4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:53:16.0271 0x18a4 TermDD - ok
10:53:16.0334 0x18a4 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
10:53:16.0443 0x18a4 TermService - ok
10:53:16.0490 0x18a4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
10:53:16.0536 0x18a4 Themes - ok
10:53:16.0568 0x18a4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
10:53:16.0614 0x18a4 THREADORDER - ok
10:53:16.0646 0x18a4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
10:53:16.0708 0x18a4 TrkWks - ok
10:53:16.0786 0x18a4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:53:16.0833 0x18a4 TrustedInstaller - ok
10:53:16.0864 0x18a4 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:16.0911 0x18a4 tssecsrv - ok
10:53:16.0958 0x18a4 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:53:17.0020 0x18a4 TsUsbFlt - ok
10:53:17.0082 0x18a4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:53:17.0145 0x18a4 tunnel - ok
10:53:17.0176 0x18a4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:53:17.0223 0x18a4 uagp35 - ok
10:53:17.0238 0x18a4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:53:17.0332 0x18a4 udfs - ok
10:53:17.0379 0x18a4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:53:17.0426 0x18a4 UI0Detect - ok
10:53:17.0535 0x18a4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:53:17.0628 0x18a4 uliagpkx - ok
10:53:17.0769 0x18a4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
10:53:17.0862 0x18a4 umbus - ok
10:53:17.0894 0x18a4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:53:17.0925 0x18a4 UmPass - ok
10:53:17.0972 0x18a4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
10:53:18.0034 0x18a4 upnphost - ok
10:53:18.0096 0x18a4 [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:53:18.0159 0x18a4 USBAAPL - ok
10:53:18.0206 0x18a4 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:18.0252 0x18a4 usbccgp - ok
10:53:18.0299 0x18a4 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:53:18.0362 0x18a4 usbcir - ok
10:53:18.0393 0x18a4 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:53:18.0424 0x18a4 usbehci - ok
10:53:18.0486 0x18a4 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:53:18.0533 0x18a4 usbhub - ok
10:53:18.0564 0x18a4 [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:53:18.0611 0x18a4 usbohci - ok
10:53:18.0658 0x18a4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:53:18.0705 0x18a4 usbprint - ok
10:53:18.0752 0x18a4 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:53:18.0939 0x18a4 usbscan - ok
10:53:18.0970 0x18a4 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:53:19.0079 0x18a4 USBSTOR - ok
10:53:19.0126 0x18a4 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:53:19.0266 0x18a4 usbuhci - ok
10:53:19.0500 0x18a4 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:53:19.0578 0x18a4 usbvideo - ok
10:53:19.0610 0x18a4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
10:53:19.0719 0x18a4 UxSms - ok
10:53:19.0812 0x18a4 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc C:\Windows\system32\lsass.exe
10:53:19.0859 0x18a4 VaultSvc - ok
10:53:19.0968 0x18a4 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone C:\Windows\system32\DRIVERS\VClone.sys
10:53:20.0218 0x18a4 VClone - ok
10:53:20.0327 0x18a4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:53:20.0358 0x18a4 vdrvroot - ok
10:53:20.0514 0x18a4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
10:53:20.0702 0x18a4 vds - ok
10:53:20.0733 0x18a4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:20.0780 0x18a4 vga - ok
10:53:20.0795 0x18a4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:53:20.0858 0x18a4 VgaSave - ok
10:53:20.0889 0x18a4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:53:20.0936 0x18a4 vhdmp - ok
10:53:20.0967 0x18a4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:53:20.0998 0x18a4 viaagp - ok
10:53:21.0014 0x18a4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:53:21.0076 0x18a4 ViaC7 - ok
10:53:21.0107 0x18a4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
10:53:21.0138 0x18a4 viaide - ok
10:53:21.0154 0x18a4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:53:21.0185 0x18a4 volmgr - ok
10:53:21.0248 0x18a4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:53:21.0294 0x18a4 volmgrx - ok
10:53:21.0326 0x18a4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:53:21.0372 0x18a4 volsnap - ok
10:53:21.0419 0x18a4 [ EA39F36302DACBCDCDB113313718E768, BE26A4DA68D5A15047941215CFC6D687FEE3F56573DDABE21AD7176C1C79CC5F ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
10:53:21.0450 0x18a4 vpnva - ok
10:53:21.0497 0x18a4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:53:21.0528 0x18a4 vsmraid - ok
10:53:21.0622 0x18a4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
10:53:21.0731 0x18a4 VSS - ok
10:53:21.0778 0x18a4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:53:21.0825 0x18a4 vwifibus - ok
10:53:21.0840 0x18a4 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:53:21.0887 0x18a4 vwififlt - ok
10:53:21.0950 0x18a4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
10:53:22.0028 0x18a4 W32Time - ok
10:53:22.0059 0x18a4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:53:22.0090 0x18a4 WacomPen - ok
10:53:22.0137 0x18a4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:53:22.0230 0x18a4 WANARP - ok
10:53:22.0230 0x18a4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:53:22.0293 0x18a4 Wanarpv6 - ok
10:53:22.0418 0x18a4 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:53:22.0558 0x18a4 WatAdminSvc - ok
10:53:22.0636 0x18a4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
10:53:22.0761 0x18a4 wbengine - ok
10:53:22.0808 0x18a4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:53:22.0854 0x18a4 WbioSrvc - ok
10:53:22.0902 0x18a4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:53:22.0965 0x18a4 wcncsvc - ok
10:53:22.0996 0x18a4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:53:23.0058 0x18a4 WcsPlugInService - ok
10:53:23.0089 0x18a4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:53:23.0121 0x18a4 Wd - ok
10:53:23.0183 0x18a4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:53:23.0245 0x18a4 Wdf01000 - ok
10:53:23.0292 0x18a4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:53:23.0370 0x18a4 WdiServiceHost - ok
10:53:23.0370 0x18a4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:53:23.0417 0x18a4 WdiSystemHost - ok
10:53:23.0448 0x18a4 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
10:53:23.0526 0x18a4 WebClient - ok
10:53:23.0557 0x18a4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:53:23.0635 0x18a4 Wecsvc - ok
10:53:23.0651 0x18a4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:53:23.0713 0x18a4 wercplsupport - ok
10:53:23.0745 0x18a4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
10:53:23.0838 0x18a4 WerSvc - ok
10:53:23.0916 0x18a4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:53:23.0963 0x18a4 WfpLwf - ok
10:53:23.0994 0x18a4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:53:24.0025 0x18a4 WIMMount - ok
10:53:24.0150 0x18a4 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:53:24.0244 0x18a4 WinDefend - ok
10:53:24.0259 0x18a4 WinHttpAutoProxySvc - ok
10:53:24.0337 0x18a4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:53:24.0462 0x18a4 Winmgmt - ok
10:53:24.0556 0x18a4 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
10:53:24.0681 0x18a4 WinRM - ok
10:53:24.0821 0x18a4 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:53:24.0852 0x18a4 WinUsb - ok
10:53:24.0930 0x18a4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:53:25.0024 0x18a4 Wlansvc - ok
10:53:25.0055 0x18a4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:53:25.0102 0x18a4 WmiAcpi - ok
10:53:25.0149 0x18a4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:53:25.0211 0x18a4 wmiApSrv - ok
10:53:25.0336 0x18a4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:53:25.0429 0x18a4 WMPNetworkSvc - ok
10:53:25.0461 0x18a4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:53:25.0539 0x18a4 WPCSvc - ok
10:53:25.0570 0x18a4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:53:25.0632 0x18a4 WPDBusEnum - ok
10:53:25.0663 0x18a4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:53:25.0726 0x18a4 ws2ifsl - ok
10:53:25.0773 0x18a4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
10:53:25.0819 0x18a4 wscsvc - ok
10:53:25.0819 0x18a4 WSearch - ok
10:53:25.0975 0x18a4 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
10:53:26.0085 0x18a4 wuauserv - ok
10:53:26.0116 0x18a4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:53:26.0225 0x18a4 WudfPf - ok
10:53:26.0553 0x18a4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:53:26.0584 0x18a4 WUDFRd - ok
10:53:26.0631 0x18a4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:53:26.0662 0x18a4 wudfsvc - ok
10:53:26.0709 0x18a4 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:53:26.0771 0x18a4 WwanSvc - ok
10:53:26.0833 0x18a4 [ B07C5B7EFDF936FF93D4F540938725BE, A9D559B0A99937CC4E7F065566054DAFCCD0C6C3AA98B47ADF7CB2ABD30B0182 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
10:53:26.0896 0x18a4 yukonw7 - ok
10:53:26.0911 0x18a4 ================ Scan global ===============================
10:53:26.0943 0x18a4 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:53:26.0974 0x18a4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:53:27.0005 0x18a4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:53:27.0036 0x18a4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:53:27.0083 0x18a4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:53:27.0099 0x18a4 [ Global ] - ok
10:53:27.0099 0x18a4 ================ Scan MBR ==================================
10:53:27.0114 0x18a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:53:27.0645 0x18a4 \Device\Harddisk0\DR0 - ok
10:53:27.0645 0x18a4 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
10:53:28.0206 0x18a4 \Device\Harddisk1\DR1 - ok
10:53:28.0206 0x18a4 ================ Scan VBR ==================================
10:53:28.0237 0x18a4 [ 8711CA7F59A1632F2C3718A6C754C6A1 ] \Device\Harddisk0\DR0\Partition1
10:53:28.0237 0x18a4 \Device\Harddisk0\DR0\Partition1 - ok
10:53:28.0269 0x18a4 [ 04406359A6A7B56EA287811D1AA8BBE6 ] \Device\Harddisk0\DR0\Partition2
10:53:28.0269 0x18a4 \Device\Harddisk0\DR0\Partition2 - ok
10:53:28.0300 0x18a4 [ 3E35994EA0541FC9BF4DC949849ED776 ] \Device\Harddisk0\DR0\Partition3
10:53:28.0300 0x18a4 \Device\Harddisk0\DR0\Partition3 - ok
10:53:28.0315 0x18a4 [ 9F7728192F0B2567B4BE28A9181E4892 ] \Device\Harddisk1\DR1\Partition1
10:53:28.0315 0x18a4 \Device\Harddisk1\DR1\Partition1 - ok
10:53:28.0315 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:29.0329 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:30.0343 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:31.0357 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:32.0371 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:33.0385 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:34.0399 0x18a4 Waiting for KSN requests completion. In queue: 294
10:53:35.0413 0x18a4 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.0.307 ), 0x40000 ( disabled : updated )
10:53:35.0429 0x18a4 Win FW state via NFP2: enabled
10:53:38.0299 0x18a4 ============================================================
10:53:38.0299 0x18a4 Scan finished
10:53:38.0299 0x18a4 ============================================================
10:53:38.0299 0x18dc Detected object count: 0
10:53:38.0299 0x18dc Actual detected object count: 0
|
|
28.10.2013, 11:03
| #15 |
| /// TB-Ausbilder | Spy Eyes und blauer Bildschirm Nichts zu sehen. Kannst du bitte beim nächsten Bluescreen dir die genauen Angaben des Bluescreens (Stop-code etc.) notierend und hier posten. (Vorgängig: Systemsteuerung -> System -> Erweitert -> Starten und Wiederherstellen -> Einstellungen -> Systemfehler: Haken bei "Automatischer Neustart durchführen" entfernen)
__________________ cheers, Leo |
|
Linear-Darstellung
