| |
| |||||||
Log-Analyse und Auswertung: Unknowen.RootKit.VBR eingefangen! Was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.03.2014, 20:13
| #1 |
| |  Unknowen.RootKit.VBR eingefangen! Was nun? Hallo liebes Forum, erst einmal Lob und Anerkennung für eure Arbeit. Ich habe schon des öffteren in eurem Forum gelesen und mir Tipps und Infos geholt. Nun zu meinem Problem. Ich habe vor einigen Tagen bemerkt, dass ich mir ein RootKit im MBR eingefangen habe (mit Malwarebytes Anti-Rootkit gefunden und auch gelöscht). Darauf hin habe ich mein System mit der CT Desinfect CD gescannt und einen vermeindlichen Wurm (Win.Worm.Autorun-4414 und 4415) eingefangen. Des Weiteren meldet meine Firewall immer direkt nach dem Start eine ausgehende Verbindung zu einer Google-Adresse, ausgelöst durch eine Datei namens "SystemStore.exe". Habe mein System bereits mit den Tools Anti Malwarebytes und Anti-RootKit gescann aber diese haben keine Funde angezeigt. Ich lade euch meine beiden Logs hoch und hoffe auf eure schnelle Hilfe. Ich bedanke mich im voraus recht herzlich. Gruß DjWisch FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by djwisch (administrator) on DJWISCH-PC on 17-03-2014 18:24:10
Running from D:\Download
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2010-03-18] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\MountPoints2: {02bc4b94-0805-11e3-81bb-001966d93e6f} - H:\GTL_Setup_EGFIS.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=de&gu=93ceb7bfa685431e9c55d3ccff4e9cc4&tu=10GXy00Ay1C01g0&sku=&tstsId=&ver=&
SearchScopes: HKCU - DefaultScope {D2AB522E-4972-47DF-8E87-C017169686A5} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=93ceb7bfa685431e9c55d3ccff4e9cc4&tu=10G9y009b1B0CO0&sku=&tstsId=&ver=&&r=484
SearchScopes: HKCU - {D2AB522E-4972-47DF-8E87-C017169686A5} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=93ceb7bfa685431e9c55d3ccff4e9cc4&tu=10G9y009b1B0CO0&sku=&tstsId=&ver=&&r=484
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{57EB9AE3-28AE-4F70-84CB-F5BD2ED27C49}: [NameServer]192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default
FF user.js: detected! => C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\user.js
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\searchplugins\heise-netze-whois.xml
FF SearchPlugin: C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-22]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]
CHR Extension: (Google Drive) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google-Suche) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Google Mail) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
========================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Simraceway Update Service; C:\Program Files\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-08-22] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [113152 2007-01-12] (ATI Technologies Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-02-10] (REALiX(tm))
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-17 18:12 - 2014-03-17 18:24 - 00000000 ____D () C:\FRST
2014-03-17 17:05 - 2007-11-14 11:53 - 00014864 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
2014-03-17 14:38 - 2014-03-17 14:38 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Malwarebytes
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-17 14:38 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-13 22:36 - 2014-03-17 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-13 22:08 - 2014-03-13 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 22:07 - 2014-03-17 16:11 - 00000000 ____D () C:\Users\djwisch\Desktop\mbar
2014-03-13 22:07 - 2014-03-17 15:57 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-13 20:53 - 2014-03-13 20:53 - 00000000 ____D () C:\Users\djwisch\Documents\GTR
2014-03-12 11:51 - 2014-03-12 11:51 - 00001292 _____ () C:\Users\djwisch\Desktop\SpeedCommander.lnk
2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-11 20:08 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 20:08 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 20:08 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 20:08 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 20:08 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 20:08 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 20:08 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 20:08 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 20:08 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 20:08 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 20:08 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 20:08 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 20:08 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:08 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 20:08 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 20:08 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 20:08 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 20:08 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 20:08 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 20:08 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 20:08 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 20:08 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 20:08 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 20:08 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 20:08 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 20:08 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 20:08 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-06 22:48 - 2014-03-06 22:48 - 00000000 ____D () C:\Program Files\Monkey's Audio
2014-03-06 22:48 - 2013-06-26 22:38 - 00446976 _____ (Matthew T. Ashland) C:\Windows\system32\MACDll.dll
2014-03-06 22:44 - 2014-03-06 22:44 - 01235950 _____ (Medieval Software) C:\Users\djwisch\Downloads\cuesplitter_setup_1_2.exe
2014-03-05 01:01 - 2014-03-05 01:01 - 00009910 _____ () C:\Users\djwisch\Desktop\Unbenannt 1.ods
2014-02-27 19:18 - 2014-03-05 00:01 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Telegram Win (Unofficial)
2014-02-27 19:18 - 2014-02-27 19:18 - 00001070 _____ () C:\Users\djwisch\Desktop\Telegram.lnk
2014-02-27 19:18 - 2014-02-27 19:18 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
2014-02-27 19:16 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-19 20:55 - 2014-02-19 20:55 - 00000100 _____ () C:\Users\djwisch\Downloads\stream.m3u
2014-02-19 20:55 - 2014-02-19 20:55 - 00000100 _____ () C:\Users\djwisch\Downloads\stream (1).m3u
2014-02-19 14:18 - 2014-02-19 14:18 - 00000001 _____ () C:\Users\djwisch\AppData\Local\llftool.4.30.agreement
2014-02-19 13:00 - 2014-02-19 13:00 - 24410765 _____ () C:\Users\djwisch\Downloads\torbrowser-install-3.5.2_de.exe
2014-02-19 12:58 - 2014-02-19 12:58 - 22892386 _____ () C:\Users\djwisch\Downloads\torbrowser-install-3.5.2.1_en-US.exe
==================== One Month Modified Files and Folders =======
2014-03-17 18:24 - 2014-03-17 18:12 - 00000000 ____D () C:\FRST
2014-03-17 17:55 - 2013-10-09 17:35 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Skype
2014-03-17 17:51 - 2009-07-14 05:34 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 17:51 - 2009-07-14 05:34 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 17:48 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 17:44 - 2010-11-20 22:48 - 00098468 _____ () C:\Windows\PFRO.log
2014-03-17 17:44 - 2009-07-14 05:39 - 00041947 _____ () C:\Windows\setupact.log
2014-03-17 17:42 - 2013-08-17 15:06 - 01335606 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 17:35 - 2013-10-13 15:02 - 00000000 ____D () C:\Program Files\A-FF Find and Mount
2014-03-17 17:34 - 2013-08-29 19:27 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-03-17 16:11 - 2014-03-13 22:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 16:11 - 2014-03-13 22:07 - 00000000 ____D () C:\Users\djwisch\Desktop\mbar
2014-03-17 15:57 - 2014-03-13 22:07 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-17 15:11 - 2013-08-19 18:22 - 00000000 ____D () C:\Program Files\Google
2014-03-17 15:05 - 2013-11-05 18:56 - 00000000 ____D () C:\Program Files\MAGIX
2014-03-17 15:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-17 15:03 - 2013-11-05 18:55 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-03-17 14:59 - 2013-12-22 17:45 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-03-17 14:59 - 2013-12-22 17:40 - 00000000 ____D () C:\ProgramData\DivX
2014-03-17 14:38 - 2014-03-17 14:38 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Malwarebytes
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-13 22:08 - 2014-03-13 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 21:36 - 2013-12-30 19:34 - 00000000 ____D () C:\Program Files\Steam
2014-03-13 20:55 - 2013-12-30 22:06 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Bierbuden Autoupdate
2014-03-13 20:53 - 2014-03-13 20:53 - 00000000 ____D () C:\Users\djwisch\Documents\GTR
2014-03-13 20:38 - 2013-08-31 22:53 - 00000000 ____D () C:\Users\djwisch\AppData\Local\QuickPar
2014-03-13 20:15 - 2013-12-30 19:34 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-13 20:13 - 2013-12-30 19:34 - 00000935 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-03-12 11:51 - 2014-03-12 11:51 - 00001292 _____ () C:\Users\djwisch\Desktop\SpeedCommander.lnk
2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-11 20:17 - 2013-08-22 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 20:17 - 2013-08-22 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 20:17 - 2013-08-22 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 20:17 - 2013-08-19 20:22 - 00000000 ____D () C:\Users\djwisch\AppData\Local\Adobe
2014-03-11 20:13 - 2009-07-14 05:33 - 00383624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 20:12 - 2013-10-14 19:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 20:10 - 2013-08-17 16:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 20:09 - 2013-08-17 16:11 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-11 20:03 - 2013-08-19 20:50 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\MediaMonkey
2014-03-06 22:48 - 2014-03-06 22:48 - 00000000 ____D () C:\Program Files\Monkey's Audio
2014-03-06 22:44 - 2014-03-06 22:44 - 01235950 _____ (Medieval Software) C:\Users\djwisch\Downloads\cuesplitter_setup_1_2.exe
2014-03-05 01:01 - 2014-03-05 01:01 - 00009910 _____ () C:\Users\djwisch\Desktop\Unbenannt 1.ods
2014-03-05 00:01 - 2014-02-27 19:18 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Telegram Win (Unofficial)
2014-03-01 05:30 - 2014-03-11 20:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-11 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-11 20:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-11 20:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-11 20:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-11 20:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-11 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-11 20:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-11 20:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-11 20:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-11 20:08 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-11 20:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-11 20:08 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-11 20:08 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-11 20:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-11 20:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-11 20:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-11 20:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-11 20:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-11 20:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-11 20:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-11 20:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 19:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-27 19:18 - 2014-02-27 19:18 - 00001070 _____ () C:\Users\djwisch\Desktop\Telegram.lnk
2014-02-27 19:18 - 2014-02-27 19:18 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
2014-02-19 23:34 - 2013-10-09 20:28 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\vlc
2014-02-19 20:55 - 2014-02-19 20:55 - 00000100 _____ () C:\Users\djwisch\Downloads\stream.m3u
2014-02-19 20:55 - 2014-02-19 20:55 - 00000100 _____ () C:\Users\djwisch\Downloads\stream (1).m3u
2014-02-19 14:18 - 2014-02-19 14:18 - 00000001 _____ () C:\Users\djwisch\AppData\Local\llftool.4.30.agreement
2014-02-19 13:00 - 2014-02-19 13:00 - 24410765 _____ () C:\Users\djwisch\Downloads\torbrowser-install-3.5.2_de.exe
2014-02-19 12:58 - 2014-02-19 12:58 - 22892386 _____ () C:\Users\djwisch\Downloads\torbrowser-install-3.5.2.1_en-US.exe
2014-02-19 09:41 - 2013-08-17 17:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 15:16 - 2013-12-21 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 14:34 - 2013-12-22 17:47 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\DivX
2014-02-15 01:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-15 00:12 - 2013-10-27 18:20 - 00000000 ____D () C:\Users\djwisch\AppData\Local\Plex
Some content of TEMP:
====================
C:\Users\djwisch\AppData\Local\Temp\InstHelper.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 17:42
==================== End Of Log ============================
--- --- --- --- --- --- Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by djwisch at 2014-03-17 18:24:32
Running from D:\Download
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
Allway Sync version 12.16.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Bierbuden Autoupdate (remove only) (HKCU\...\Bierbuden Autoupdate) (Version: - )
Boot-US (HKLM\...\Boot-US) (Version: 3.1.0 - ustraub)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{B49F10A8-9DDB-4E48-9E02-FD5F1C0CE425}) (Version: 6.0.400.1 - ESET, spol s r. o.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GRID 2 (c) Codemasters version 1 (HKLM\...\R1JJRDI=_is1) (Version: 1 - )
GTR 2 - FIA GT Racing Game (HKLM\...\Steam App 8790) (Version: - SimBin Studios AB)
HWiNFO32 Version 4.32 (HKLM\...\HWiNFO32_is1) (Version: 4.32 - Martin Malík - REALiX)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech Webcam-Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version: - )
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Plex (HKCU\...\Plex) (Version: 0.9.504 - Plex, Inc)
Python 2.7.5 (HKLM\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Simraceway 28.92 (HKLM\...\Simraceway) (Version: 28.92 - Simraceway)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedCommander 14 (HKLM\...\SpeedCommander 14) (Version: 14.30.6900 - SWE Sven Ritter)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
Telegram Win (Unofficial) version 0.3.9 (HKCU\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.3.9 - Telegram (Unofficial))
Thrustmaster Force Feedback Driver (HKLM\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
==================== Restore Points =========================
17-03-2014 13:36:53 Windows Update
17-03-2014 14:00:22 Removed Firebird SQL Server - MAGIX Edition
17-03-2014 14:00:41 Removed ISO Recorder
17-03-2014 14:05:28 Removed Microsoft Streets & Trips 2013
17-03-2014 14:11:26 Removed Google Earth.
17-03-2014 16:35:28 Removed Medieval CUE Splitter
17-03-2014 16:36:04 SketchUp 2013 wurde entfernt
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {5BE33FD2-9208-44B5-8503-F30A64974BF4} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-08-22] ()
Task: {759A0104-E7F3-4516-A9F2-1B76F80541D2} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {B82B73F4-E90A-4CB6-AF6F-BD306FDE7F58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: {D97E6605-AEBA-4535-B94E-A3A633CF1E82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {ED2180C1-07C8-44A6-A94F-CD693FDC5754} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-01-22] ()
Task: {FB4D75BF-6235-4A8E-A187-56E443FEE220} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef00917581606.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Software Updater.job => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C9D19781-07F4-4492-8D28-4E4F58FBA208}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-03-28 21:29 - 2013-03-28 21:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-21 22:02 - 2014-02-17 15:16 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Simraceway Update Service => 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2014 05:46:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 05:09:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:17:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:11:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 02:51:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 02:35:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 11:06:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 10:51:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 10:28:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 10:24:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/17/2014 05:53:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/17/2014 05:52:59 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:52:59 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:52:59 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:52:59 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:46:44 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc
Error: (03/17/2014 05:44:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:44:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:44:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (03/17/2014 05:44:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Microsoft Office Sessions:
=========================
Error: (03/17/2014 05:46:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 05:09:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:17:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:11:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 02:51:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 02:35:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 11:06:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 10:51:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 10:28:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/13/2014 10:24:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 3327.3 MB
Available physical RAM: 2049.38 MB
Total Pagefile: 6652.9 MB
Available Pagefile: 5223.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.32 MB
==================== Drives ================================
Drive c: (Win7 Basis) (Fixed) (Total:44.91 GB) (Free:16.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:85.22 GB) (Free:24.06 GB) NTFS
Drive e: (Projekt) (Fixed) (Total:126.66 GB) (Free:60.7 GB) NTFS
Drive f: (Audiosoftware) (Fixed) (Total:78.4 GB) (Free:53.42 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:175.46 GB) (Free:103.38 GB) NTFS
Drive r: (Refills) (Fixed) (Total:74.24 GB) (Free:11.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 039D373A)
Partition 1: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1024 KB) - (Type=45)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 0FBBCF76)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 54925295)
Partition 1: (Not Active) - (Size=466 GB) - (Type=OF Extended)
==================== End Of Log ============================
Geändert von djwisch (17.03.2014 um 20:20 Uhr) |
|
17.03.2014, 20:20
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Unknowen.RootKit.VBR eingefangen! Was nun? Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
17.03.2014, 20:23
| #3 |
| | Unknowen.RootKit.VBR eingefangen! Was nun? Super. Danke für deine Hilfe
__________________ |
|
18.03.2014, 07:40
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Unknowen.RootKit.VBR eingefangen! Was nun? Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean  bist.Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! Schritt 1 (Logs von MBAR) Bitte poste mir die Log-Dateien die von Malwarebytes Anti-Rootkit vorhanden sind. Du findest sie hier.... Code:
ATTFilter C:\Users\djwisch\Desktop\mbar
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte poste mir in Deiner nächsten Antwort den Inhalt der Logdateien von: - Malwarebytes Anti-Rootkit - TDSS-Killer
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.03.2014, 14:56
| #5 |
| | Unknowen.RootKit.VBR eingefangen! Was nun? Hallo Jürgen, mein Name ist André und ich danke dir nochmals für deine Hilfe. Hier die gewünschten Logs. Gruß André Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.13.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
djwisch :: DJWISCH-PC [administrator]
13.03.2014 22:08:24
mbar-log-2014-03-13 (22-08-24).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 221995
Time elapsed: 6 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 2
Physical Sector #127 on Drive #1 (Unknown.Rootkit.VBR) -> Replace on reboot.
Master Boot Record on Drive #1 (Unknown.Rootkit.VBR) -> Replace on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.13.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
djwisch :: DJWISCH-PC [administrator]
13.03.2014 22:37:04
mbar-log-2014-03-13 (22-37-04).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 221857
Time elapsed: 6 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 14:51:11.0000 0x060c TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
14:51:18.0481 0x060c ============================================================
14:51:18.0481 0x060c Current date / time: 2014/03/18 14:51:18.0481
14:51:18.0482 0x060c SystemInfo:
14:51:18.0482 0x060c
14:51:18.0482 0x060c OS Version: 6.1.7601 ServicePack: 1.0
14:51:18.0482 0x060c Product type: Workstation
14:51:18.0482 0x060c ComputerName: DJWISCH-PC
14:51:18.0482 0x060c UserName: djwisch
14:51:18.0482 0x060c Windows directory: C:\Windows
14:51:18.0482 0x060c System windows directory: C:\Windows
14:51:18.0482 0x060c Processor architecture: Intel x86
14:51:18.0482 0x060c Number of processors: 4
14:51:18.0482 0x060c Page size: 0x1000
14:51:18.0482 0x060c Boot type: Normal boot
14:51:18.0482 0x060c ============================================================
14:51:18.0914 0x060c KLMD registered as C:\Windows\system32\drivers\36427396.sys
14:51:19.0300 0x060c System UUID: {D2683379-97D2-8194-1EED-14D03D7E63E4}
14:51:20.0438 0x060c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:51:20.0439 0x060c Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x54CB7, SectorsPerTrack: 0xC, TracksPerCylinder: 0x3C, Type 'K0', Flags 0x00000050
14:51:20.0439 0x060c Drive \Device\Harddisk2\DR2 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:51:20.0443 0x060c ============================================================
14:51:20.0443 0x060c \Device\Harddisk0\DR0:
14:51:20.0443 0x060c MBR partitions:
14:51:20.0446 0x060c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xFD504D7
14:51:20.0457 0x060c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFD582D4, BlocksNum 0x9CCAF3E
14:51:20.0465 0x060c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19A2710C, BlocksNum 0x15EEC200
14:51:20.0478 0x060c \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2F91334B, BlocksNum 0xAA718F6
14:51:20.0478 0x060c \Device\Harddisk1\DR1:
14:51:20.0479 0x060c MBR partitions:
14:51:20.0479 0x060c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x59D0CA0
14:51:20.0479 0x060c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5A034B3, BlocksNum 0x9478DFD
14:51:20.0479 0x060c \Device\Harddisk2\DR2:
14:51:20.0479 0x060c MBR partitions:
14:51:20.0479 0x060c ============================================================
14:51:20.0481 0x060c C: <-> \Device\Harddisk1\DR1\Partition1
14:51:20.0492 0x060c D: <-> \Device\Harddisk0\DR0\Partition4
14:51:20.0515 0x060c E: <-> \Device\Harddisk0\DR0\Partition1
14:51:20.0552 0x060c G: <-> \Device\Harddisk0\DR0\Partition3
14:51:20.0571 0x060c F: <-> \Device\Harddisk0\DR0\Partition2
14:51:20.0577 0x060c R: <-> \Device\Harddisk1\DR1\Partition2
14:51:20.0577 0x060c ============================================================
14:51:20.0577 0x060c Initialize success
14:51:20.0577 0x060c ============================================================
14:52:29.0093 0x0ec8 ============================================================
14:52:29.0093 0x0ec8 Scan started
14:52:29.0093 0x0ec8 Mode: Manual; SigCheck; TDLFS;
14:52:29.0093 0x0ec8 ============================================================
14:52:29.0093 0x0ec8 KSN ping started
14:52:41.0775 0x0ec8 KSN ping finished: true
14:52:41.0942 0x0ec8 ================ Scan system memory ========================
14:52:41.0942 0x0ec8 System memory - ok
14:52:41.0942 0x0ec8 ================ Scan services =============================
14:52:42.0004 0x0ec8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:52:42.0068 0x0ec8 1394ohci - ok
14:52:42.0083 0x0ec8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:52:42.0104 0x0ec8 ACPI - ok
14:52:42.0112 0x0ec8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:52:42.0128 0x0ec8 AcpiPmi - ok
14:52:42.0141 0x0ec8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:52:42.0153 0x0ec8 AdobeARMservice - ok
14:52:42.0167 0x0ec8 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:42.0183 0x0ec8 AdobeFlashPlayerUpdateSvc - ok
14:52:42.0203 0x0ec8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:52:42.0227 0x0ec8 adp94xx - ok
14:52:42.0243 0x0ec8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:52:42.0262 0x0ec8 adpahci - ok
14:52:42.0275 0x0ec8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:52:42.0291 0x0ec8 adpu320 - ok
14:52:42.0304 0x0ec8 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:52:42.0328 0x0ec8 AeLookupSvc - ok
14:52:42.0345 0x0ec8 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD C:\Windows\system32\drivers\afd.sys
14:52:42.0369 0x0ec8 AFD - ok
14:52:42.0378 0x0ec8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:52:42.0390 0x0ec8 agp440 - ok
14:52:42.0402 0x0ec8 [ 9FACB9D43EC53F54386DAE74A175AE53, 0483FC0762404B2265AACC679680FF523D084C31C8360BEE3EE4056D0AE2A70A ] ahcix86 C:\Windows\system32\DRIVERS\ahcix86.sys
14:52:42.0418 0x0ec8 ahcix86 - ok
14:52:42.0429 0x0ec8 [ 4FA58A158C9D3769FF9248675B53D6A7, 2A0D8E8F1C1CEEEAD4C62919FA937EE06BCB194EE8CDA9644C4B1486694B3F1B ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys
14:52:42.0450 0x0ec8 ahcix86s - ok
14:52:42.0459 0x0ec8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:52:42.0472 0x0ec8 aic78xx - ok
14:52:42.0481 0x0ec8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
14:52:42.0500 0x0ec8 ALG - ok
14:52:42.0508 0x0ec8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
14:52:42.0519 0x0ec8 aliide - ok
14:52:42.0533 0x0ec8 [ 17806DC9487A0731F82D7B81A2C3287C, 52C7767DE29EAE1EBE252D51C5FAAD9B0F90286311D72D9B5BCD458165694AD5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:52:42.0555 0x0ec8 AMD External Events Utility - ok
14:52:42.0563 0x0ec8 AMD FUEL Service - ok
14:52:42.0574 0x0ec8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:52:42.0585 0x0ec8 amdagp - ok
14:52:42.0593 0x0ec8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
14:52:42.0605 0x0ec8 amdide - ok
14:52:42.0614 0x0ec8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:52:42.0629 0x0ec8 AmdK8 - ok
14:52:42.0861 0x0ec8 [ 1FDC2B137008627BD11195706231EEF6, B93F675591B5DBE25FAD5BE694DFFB7171AD38C89EA7EBEAC48AF87A7308E3D9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:52:43.0187 0x0ec8 amdkmdag - ok
14:52:43.0213 0x0ec8 [ 5FF6ADC3DE4FFF320FFB1DD53850602F, 32EB51EDD43F1BE4561A9E4C42B7C06DBD38DCCB23F35055961F97F646F1834F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:52:43.0241 0x0ec8 amdkmdap - ok
14:52:43.0250 0x0ec8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:52:43.0264 0x0ec8 AmdPPM - ok
14:52:43.0274 0x0ec8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:52:43.0288 0x0ec8 amdsata - ok
14:52:43.0299 0x0ec8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:52:43.0316 0x0ec8 amdsbs - ok
14:52:43.0333 0x0ec8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:52:43.0343 0x0ec8 amdxata - ok
14:52:43.0352 0x0ec8 [ 66F4DE5876DC1A47BA1ACE909FA9AEEF, 2194C4323081E30E93DCA3602F276CBD6BE25256094E62332FA03B397962CE28 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
14:52:43.0363 0x0ec8 AODDriver4.2 - ok
14:52:43.0372 0x0ec8 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
14:52:43.0397 0x0ec8 AppID - ok
14:52:43.0406 0x0ec8 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:52:43.0431 0x0ec8 AppIDSvc - ok
14:52:43.0439 0x0ec8 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
14:52:43.0457 0x0ec8 Appinfo - ok
14:52:43.0466 0x0ec8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
14:52:43.0480 0x0ec8 arc - ok
14:52:43.0489 0x0ec8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:52:43.0502 0x0ec8 arcsas - ok
14:52:43.0529 0x0ec8 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:52:43.0549 0x0ec8 aspnet_state - ok
14:52:43.0557 0x0ec8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:43.0583 0x0ec8 AsyncMac - ok
14:52:43.0590 0x0ec8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
14:52:43.0603 0x0ec8 atapi - ok
14:52:43.0616 0x0ec8 [ 9E65DC266E8289116790599DD7D69087, DB84BD9F88878248D05C6DBCC61D701B296BEE154B9CCF2FF9F1EADE84CE6F10 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
14:52:43.0631 0x0ec8 AtiHDAudioService - ok
14:52:43.0639 0x0ec8 [ 7A09F261577EEAA5B05EB09DFE31FD0E, 5AAC3915B08E3FE424C496493D11B62223E9601C6B24FC3021051612584C938B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:52:43.0649 0x0ec8 AtiPcie - ok
14:52:43.0669 0x0ec8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:52:43.0708 0x0ec8 AudioEndpointBuilder - ok
14:52:43.0726 0x0ec8 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:52:43.0760 0x0ec8 Audiosrv - ok
14:52:43.0772 0x0ec8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:52:43.0797 0x0ec8 AxInstSV - ok
14:52:43.0816 0x0ec8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:52:43.0845 0x0ec8 b06bdrv - ok
14:52:43.0860 0x0ec8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:52:43.0880 0x0ec8 b57nd60x - ok
14:52:43.0893 0x0ec8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
14:52:43.0911 0x0ec8 BDESVC - ok
14:52:43.0918 0x0ec8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
14:52:43.0945 0x0ec8 Beep - ok
14:52:43.0965 0x0ec8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
14:52:43.0996 0x0ec8 BFE - ok
14:52:44.0018 0x0ec8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
14:52:44.0056 0x0ec8 BITS - ok
14:52:44.0065 0x0ec8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:44.0079 0x0ec8 blbdrive - ok
14:52:44.0088 0x0ec8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:52:44.0104 0x0ec8 bowser - ok
14:52:44.0112 0x0ec8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:52:44.0127 0x0ec8 BrFiltLo - ok
14:52:44.0135 0x0ec8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:52:44.0151 0x0ec8 BrFiltUp - ok
14:52:44.0161 0x0ec8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
14:52:44.0180 0x0ec8 Browser - ok
14:52:44.0195 0x0ec8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:52:44.0220 0x0ec8 Brserid - ok
14:52:44.0229 0x0ec8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:44.0247 0x0ec8 BrSerWdm - ok
14:52:44.0254 0x0ec8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:44.0270 0x0ec8 BrUsbMdm - ok
14:52:44.0277 0x0ec8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:44.0293 0x0ec8 BrUsbSer - ok
14:52:44.0302 0x0ec8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:52:44.0319 0x0ec8 BTHMODEM - ok
14:52:44.0333 0x0ec8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
14:52:44.0361 0x0ec8 bthserv - ok
14:52:44.0372 0x0ec8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:52:44.0399 0x0ec8 cdfs - ok
14:52:44.0409 0x0ec8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:52:44.0425 0x0ec8 cdrom - ok
14:52:44.0434 0x0ec8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
14:52:44.0459 0x0ec8 CertPropSvc - ok
14:52:44.0468 0x0ec8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
14:52:44.0484 0x0ec8 circlass - ok
14:52:44.0497 0x0ec8 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
14:52:44.0514 0x0ec8 CLFS - ok
14:52:44.0524 0x0ec8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:44.0538 0x0ec8 clr_optimization_v2.0.50727_32 - ok
14:52:44.0545 0x0ec8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:44.0570 0x0ec8 clr_optimization_v4.0.30319_32 - ok
14:52:44.0577 0x0ec8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:52:44.0590 0x0ec8 CmBatt - ok
14:52:44.0598 0x0ec8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:52:44.0610 0x0ec8 cmdide - ok
14:52:44.0627 0x0ec8 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
14:52:44.0654 0x0ec8 CNG - ok
14:52:44.0665 0x0ec8 [ EF44C32B1AEF62380426B260BF2C66F1, D90A7F975BDE928CF22D01957DC1A390BAE9C9165199C432CB6A2D97FA4812FB ] COMMONFX C:\Windows\system32\drivers\COMMONFX.SYS
14:52:44.0677 0x0ec8 COMMONFX - ok
14:52:44.0688 0x0ec8 [ 1EF05B641E9A67DED74AC8AD40055DBF, A27C22D785BBD3A92D686CD6C7BE6992A6BC0EE4F832F4934D11E2D2263421FF ] COMMONFX.DLL C:\Windows\system32\COMMONFX.DLL
14:52:44.0700 0x0ec8 COMMONFX.DLL - ok
14:52:44.0708 0x0ec8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:52:44.0719 0x0ec8 Compbatt - ok
14:52:44.0727 0x0ec8 [ 4AD85E8C1B15E594AFCCB4F4F46CF1E2, C4FA562364B86027A795F8733BDF7349B6E27E4F3286F8DFCF68AC251FD502B6 ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
14:52:44.0737 0x0ec8 CompFilter - ok
14:52:44.0745 0x0ec8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:52:44.0760 0x0ec8 CompositeBus - ok
14:52:44.0768 0x0ec8 COMSysApp - ok
14:52:44.0777 0x0ec8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:52:44.0789 0x0ec8 crcdisk - ok
14:52:44.0804 0x0ec8 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:52:44.0824 0x0ec8 CryptSvc - ok
14:52:44.0834 0x0ec8 [ 6191A973461852A09D643609E1D5F7C6, 66D731C335B8A6CA225B8B5CCB4B89B1920928322E2483D4CAF2CF250606A917 ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
14:52:44.0856 0x0ec8 CT20XUT.DLL - ok
14:52:44.0876 0x0ec8 [ 357C534B38019B597F51C8BF7186C118, C10084527F2CB5BC1A78BCBE7017510A4DA98ACFC697CDC1FE2E7D9296D1E70C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
14:52:44.0898 0x0ec8 ctac32k - ok
14:52:44.0918 0x0ec8 [ 691F8259A1F9C983356D8DB2CDE8043C, AB1A2FFF48D8D2761380F9FFEAF75EC8AC5F8DCE9AB473317FC88BABAA4D620E ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
14:52:44.0940 0x0ec8 ctaud2k - ok
14:52:44.0962 0x0ec8 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B, E6E71C04095B1E8A032B4B35820924F61C513D8D82DA7F1CD29918EC60D187DE ] CTAUDFX C:\Windows\system32\drivers\CTAUDFX.SYS
14:52:44.0988 0x0ec8 CTAUDFX - ok
14:52:45.0010 0x0ec8 [ 472B82D7E549E7FAB428852E4D16F21D, D79E9806ABDA55185337469FB612012913B5D9F5213F9C10F448F2AD6BACA2A2 ] CTAUDFX.DLL C:\Windows\system32\CTAUDFX.DLL
14:52:45.0040 0x0ec8 CTAUDFX.DLL - ok
14:52:45.0056 0x0ec8 [ 8545D70B0335A05498F34E7E3F8CA9A2, 635EE85D57DD67E280F8805A3404C76350BAD8822A8375F114F15B503F51FFD0 ] ctdvda2k C:\Windows\system32\drivers\ctdvda2k.sys
14:52:45.0076 0x0ec8 ctdvda2k - ok
14:52:45.0088 0x0ec8 [ 6A57F82009563AEE8826F117E1D3C72C, C1D8E5AF7571B01C039B431862F5937F1315996D8039F48780E856F7640A99D1 ] CTEAPSFX.DLL C:\Windows\system32\CTEAPSFX.DLL
14:52:45.0110 0x0ec8 CTEAPSFX.DLL - ok
14:52:45.0125 0x0ec8 [ C8AC1FFAEADD655193D7B1811A572D8D, 708A16A6A642F5A21FDFA478964B4D428ACA329CBE6308BAB3759B5C058955E2 ] CTEDSPFX.DLL C:\Windows\system32\CTEDSPFX.DLL
14:52:45.0149 0x0ec8 CTEDSPFX.DLL - ok
14:52:45.0161 0x0ec8 [ 44495D9DAF675257D00B25B041EE6667, 23123D90B9C6E42FE3871D0F417A413BC5515543B9F380D158D523806E29401B ] CTEDSPIO.DLL C:\Windows\system32\CTEDSPIO.DLL
14:52:45.0200 0x0ec8 CTEDSPIO.DLL - ok
14:52:45.0217 0x0ec8 [ 8E90B1762CB42E2FC76DAC9210C83C66, 3F9FABCC92F10234D86E75B5FBC97096FF5EF49694B20B8A425F063C03368F86 ] CTEDSPSY.DLL C:\Windows\system32\CTEDSPSY.DLL
14:52:45.0244 0x0ec8 CTEDSPSY.DLL - ok
14:52:45.0253 0x0ec8 [ 16F448354067914E7DEAEA709011BD60, 475A2BC04217B042AADFC72CC2051733D63E6F9FA573CE124B988ABC82B2C539 ] CTERFXFX C:\Windows\system32\drivers\CTERFXFX.SYS
14:52:45.0266 0x0ec8 CTERFXFX - ok
14:52:45.0276 0x0ec8 [ D3FBD9983325435B06795F29CB57ED3D, 61649EC01E15F9D3A91428FB4150C5441F9C568A04C3389F1E7A2F4217B938C0 ] CTERFXFX.DLL C:\Windows\system32\CTERFXFX.DLL
14:52:45.0292 0x0ec8 CTERFXFX.DLL - ok
14:52:45.0332 0x0ec8 [ 2C48E9D8CA703964463F27AE341115B7, 7EB81214200A4ED6BFAFC7F1CC70353F136BEF8CA55953EF554C73FD78357885 ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
14:52:45.0389 0x0ec8 CTEXFIFX.DLL - ok
14:52:45.0400 0x0ec8 [ F7657C598E7C29C6683C1E4A8DD68884, 84EA9946F00141A839C42FE19DB9B3A589433E472D26D6126D084B7F217B2642 ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
14:52:45.0416 0x0ec8 CTHWIUT.DLL - ok
14:52:45.0423 0x0ec8 [ 4D71541283AEA28FB839007BE90B5FC7, DFE9A87CB4C7BDFF6AB5A5FACFEA6C946B124D1C35BF14E56F9D78FB9DDEF279 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
14:52:45.0432 0x0ec8 ctprxy2k - ok
14:52:45.0454 0x0ec8 [ 64C83684661BE137023F5186A612CF34, 753AD17C7A6B985737C0647A9858581FD321B6123BEDE6F443CB02DA1E234790 ] CTSBLFX C:\Windows\system32\drivers\CTSBLFX.SYS
14:52:45.0479 0x0ec8 CTSBLFX - ok
14:52:45.0502 0x0ec8 [ 679AE21EB7F48A08184813AEBABDEC7C, 48551B1D9263F92FCAB3110ADDAE79D646391140281577E60175D3BF74CE7F24 ] CTSBLFX.DLL C:\Windows\system32\CTSBLFX.DLL
14:52:45.0533 0x0ec8 CTSBLFX.DLL - ok
14:52:45.0544 0x0ec8 [ 632194572EBDE8D461728CF382A7E964, CC1C581DAAE825B9B988D8233CBB3D5DBED63662BED6DF81BE9B8623E86AEB21 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
14:52:45.0557 0x0ec8 ctsfm2k - ok
14:52:45.0578 0x0ec8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
14:52:45.0615 0x0ec8 DcomLaunch - ok
14:52:45.0628 0x0ec8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
14:52:45.0661 0x0ec8 defragsvc - ok
14:52:45.0670 0x0ec8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:52:45.0697 0x0ec8 DfsC - ok
14:52:45.0710 0x0ec8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:52:45.0734 0x0ec8 Dhcp - ok
14:52:45.0743 0x0ec8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
14:52:45.0767 0x0ec8 discache - ok
14:52:45.0776 0x0ec8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
14:52:45.0787 0x0ec8 Disk - ok
14:52:45.0797 0x0ec8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:52:45.0818 0x0ec8 Dnscache - ok
14:52:45.0831 0x0ec8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
14:52:45.0863 0x0ec8 dot3svc - ok
14:52:45.0874 0x0ec8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
14:52:45.0903 0x0ec8 DPS - ok
14:52:45.0911 0x0ec8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:52:45.0924 0x0ec8 drmkaud - ok
14:52:45.0951 0x0ec8 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:52:45.0978 0x0ec8 DXGKrnl - ok
14:52:45.0991 0x0ec8 [ 16FF05BE2BD95824B487B1476862A84B, 5EAFACB026BBA833F4FC79E041DE7E061B26519D7C703B40503A9F93FDEDE5E8 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
14:52:46.0004 0x0ec8 eamonm - ok
14:52:46.0013 0x0ec8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
14:52:46.0041 0x0ec8 EapHost - ok
14:52:46.0125 0x0ec8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:52:46.0232 0x0ec8 ebdrv - ok
14:52:46.0242 0x0ec8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS C:\Windows\System32\lsass.exe
14:52:46.0257 0x0ec8 EFS - ok
14:52:46.0268 0x0ec8 [ 366369746D1818FDD8589D1F2C8A6D03, 3EF30C36DEAB79C2E971CA189BDEBAC2491956D3C834E0D1ECCACBD23717B128 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
14:52:46.0280 0x0ec8 ehdrv - ok
14:52:46.0301 0x0ec8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:52:46.0341 0x0ec8 ehRecvr - ok
14:52:46.0349 0x0ec8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
14:52:46.0366 0x0ec8 ehSched - ok
14:52:46.0409 0x0ec8 [ 7FE34FD5652C54BDA8D2DF8AC92E833A, 2B2836F47398AAD173F0D5C016B3B4DAB13F4EEC991B05D3C8B1DF310B25A96A ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
14:52:46.0451 0x0ec8 ekrn - ok
14:52:46.0459 0x0ec8 [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
14:52:46.0470 0x0ec8 ElbyCDIO - ok
14:52:46.0490 0x0ec8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:52:46.0515 0x0ec8 elxstor - ok
14:52:46.0525 0x0ec8 [ BACD9CC06D7A787E529E7EBF56B671AA, 41818D426F29936767C04108106F9C504110F952631EE09825B9DB31C003EFF1 ] emupia C:\Windows\system32\drivers\emupia2k.sys
14:52:46.0536 0x0ec8 emupia - ok
14:52:46.0547 0x0ec8 [ 5F08103444A1B5B2A38EAB729DE0A1A3, 0A8C2F9064F67A167B17E22A57F1C2866B4923C8BB702D0AAE4AE0D5D9C4F689 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
14:52:46.0560 0x0ec8 epfw - ok
14:52:46.0569 0x0ec8 [ CCA5BF8C921CDCAE262924F406A1D93C, B21E354D9E77EF9A380223C416CF785C9879FC268B0AD92A1430450E2F125D1B ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
14:52:46.0579 0x0ec8 EpfwLWF - ok
14:52:46.0587 0x0ec8 [ 9DFF2C0E4420A22CA37B655E314CAC69, 67FE1C160C41BB18B3AE857E733275655BCD2CF31D730AB2DD0E1C4A3AFFF0F6 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
14:52:46.0598 0x0ec8 epfwwfp - ok
14:52:46.0608 0x0ec8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:52:46.0622 0x0ec8 ErrDev - ok
14:52:46.0644 0x0ec8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
14:52:46.0677 0x0ec8 EventSystem - ok
14:52:46.0689 0x0ec8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
14:52:46.0719 0x0ec8 exfat - ok
14:52:46.0731 0x0ec8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:52:46.0761 0x0ec8 fastfat - ok
14:52:46.0782 0x0ec8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
14:52:46.0815 0x0ec8 Fax - ok
14:52:46.0823 0x0ec8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
14:52:46.0837 0x0ec8 fdc - ok
14:52:46.0845 0x0ec8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
14:52:46.0874 0x0ec8 fdPHost - ok
14:52:46.0881 0x0ec8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
14:52:46.0908 0x0ec8 FDResPub - ok
14:52:46.0916 0x0ec8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:52:46.0928 0x0ec8 FileInfo - ok
14:52:46.0936 0x0ec8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:52:46.0962 0x0ec8 Filetrace - ok
14:52:46.0970 0x0ec8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:52:46.0983 0x0ec8 flpydisk - ok
14:52:46.0998 0x0ec8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:52:47.0014 0x0ec8 FltMgr - ok
14:52:47.0044 0x0ec8 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
14:52:47.0089 0x0ec8 FontCache - ok
14:52:47.0097 0x0ec8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:52:47.0112 0x0ec8 FontCache3.0.0.0 - ok
14:52:47.0121 0x0ec8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:52:47.0133 0x0ec8 FsDepends - ok
14:52:47.0141 0x0ec8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:52:47.0153 0x0ec8 Fs_Rec - ok
14:52:47.0166 0x0ec8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:52:47.0183 0x0ec8 fvevol - ok
14:52:47.0192 0x0ec8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:52:47.0205 0x0ec8 gagp30kx - ok
14:52:47.0227 0x0ec8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
14:52:47.0270 0x0ec8 gpsvc - ok
14:52:47.0280 0x0ec8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:52:47.0293 0x0ec8 gupdate - ok
14:52:47.0301 0x0ec8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:52:47.0312 0x0ec8 gupdatem - ok
14:52:47.0347 0x0ec8 [ 70606233F3ED0E53CB3EA17F846D6A4F, 6B7CBFB919D1804610CD8D243B83E3392A108E355083CC1A433FF31DF8609798 ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
14:52:47.0376 0x0ec8 ha10kx2k - ok
14:52:47.0388 0x0ec8 [ A0C69AD2A61E576B0207ACDD9626E167, 1708A1F587A55C50DE367323E9FD29E8AC5F2BAE5AE8ACC7F2F9219AD5906889 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
14:52:47.0403 0x0ec8 hap16v2k - ok
14:52:47.0416 0x0ec8 [ 2EE89452C574D259ADA4FC9FC1C07243, A6562E7F4D2CABE0AA79FA64D2AFD09A60AA6FFB7E8D469DEC8919BDCA145D17 ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
14:52:47.0432 0x0ec8 hap17v2k - ok
14:52:47.0441 0x0ec8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:52:47.0458 0x0ec8 hcw85cir - ok
14:52:47.0473 0x0ec8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:47.0498 0x0ec8 HdAudAddService - ok
14:52:47.0508 0x0ec8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:47.0526 0x0ec8 HDAudBus - ok
14:52:47.0534 0x0ec8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:52:47.0547 0x0ec8 HidBatt - ok
14:52:47.0557 0x0ec8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:52:47.0576 0x0ec8 HidBth - ok
14:52:47.0583 0x0ec8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
14:52:47.0600 0x0ec8 HidIr - ok
14:52:47.0611 0x0ec8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
14:52:47.0637 0x0ec8 hidserv - ok
14:52:47.0646 0x0ec8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:52:47.0662 0x0ec8 HidUsb - ok
14:52:47.0671 0x0ec8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
14:52:47.0697 0x0ec8 hkmsvc - ok
14:52:47.0709 0x0ec8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:52:47.0733 0x0ec8 HomeGroupListener - ok
14:52:47.0745 0x0ec8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:52:47.0763 0x0ec8 HomeGroupProvider - ok
14:52:47.0773 0x0ec8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:52:47.0786 0x0ec8 HpSAMD - ok
14:52:47.0807 0x0ec8 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:52:47.0844 0x0ec8 HTTP - ok
14:52:47.0854 0x0ec8 [ 4745A8B2BE115B054F31A86B0E64BB01, 58A44A1F10FB40BC578BCA2A1C9186B9AA0F22667A2C027619EE678BB90054AA ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO32.SYS
14:52:47.0864 0x0ec8 HWiNFO32 - ok
14:52:47.0873 0x0ec8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:52:47.0883 0x0ec8 hwpolicy - ok
14:52:47.0893 0x0ec8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:47.0909 0x0ec8 i8042prt - ok
14:52:47.0926 0x0ec8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:52:47.0947 0x0ec8 iaStorV - ok
14:52:47.0976 0x0ec8 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:52:48.0011 0x0ec8 idsvc - ok
14:52:48.0019 0x0ec8 IEEtwCollectorService - ok
14:52:48.0029 0x0ec8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:52:48.0041 0x0ec8 iirsp - ok
14:52:48.0067 0x0ec8 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
14:52:48.0101 0x0ec8 IKEEXT - ok
14:52:48.0115 0x0ec8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
14:52:48.0128 0x0ec8 intelide - ok
14:52:48.0138 0x0ec8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:52:48.0154 0x0ec8 intelppm - ok
14:52:48.0163 0x0ec8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:52:48.0190 0x0ec8 IPBusEnum - ok
14:52:48.0199 0x0ec8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:48.0226 0x0ec8 IpFilterDriver - ok
14:52:48.0246 0x0ec8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:52:48.0276 0x0ec8 iphlpsvc - ok
14:52:48.0285 0x0ec8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:52:48.0299 0x0ec8 IPMIDRV - ok
14:52:48.0310 0x0ec8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:52:48.0339 0x0ec8 IPNAT - ok
14:52:48.0347 0x0ec8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:52:48.0365 0x0ec8 IRENUM - ok
14:52:48.0375 0x0ec8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:52:48.0386 0x0ec8 isapnp - ok
14:52:48.0400 0x0ec8 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:52:48.0418 0x0ec8 iScsiPrt - ok
14:52:48.0427 0x0ec8 [ 994EBB45C4B438E1F6EA0B958AE9B9A3, 2207FB7A87DCB9F5DA54165AFBB494AB548DFC0F58EE8E5623EE1D1EC9B242BE ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
14:52:48.0438 0x0ec8 ivusb - ok
14:52:48.0446 0x0ec8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:48.0458 0x0ec8 kbdclass - ok
14:52:48.0466 0x0ec8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:48.0481 0x0ec8 kbdhid - ok
14:52:48.0489 0x0ec8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso C:\Windows\system32\lsass.exe
14:52:48.0500 0x0ec8 KeyIso - ok
14:52:48.0510 0x0ec8 [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:52:48.0523 0x0ec8 KSecDD - ok
14:52:48.0534 0x0ec8 [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:52:48.0548 0x0ec8 KSecPkg - ok
14:52:48.0565 0x0ec8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:52:48.0603 0x0ec8 KtmRm - ok
14:52:48.0616 0x0ec8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:52:48.0647 0x0ec8 LanmanServer - ok
14:52:48.0657 0x0ec8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:48.0683 0x0ec8 LanmanWorkstation - ok
14:52:48.0696 0x0ec8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:52:48.0722 0x0ec8 lltdio - ok
14:52:48.0734 0x0ec8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:52:48.0766 0x0ec8 lltdsvc - ok
14:52:48.0775 0x0ec8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:52:48.0799 0x0ec8 lmhosts - ok
14:52:48.0813 0x0ec8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:52:48.0827 0x0ec8 LSI_FC - ok
14:52:48.0836 0x0ec8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:52:48.0851 0x0ec8 LSI_SAS - ok
14:52:48.0862 0x0ec8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:52:48.0875 0x0ec8 LSI_SAS2 - ok
14:52:48.0886 0x0ec8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:52:48.0900 0x0ec8 LSI_SCSI - ok
14:52:48.0910 0x0ec8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
14:52:48.0938 0x0ec8 luafv - ok
14:52:48.0955 0x0ec8 [ BA1347822D01B2D29C14CF09663A6457, AF300C059017CA06FA7D0DC5E148159A6EE509CEF9DC6E90557BA38ACF3185E8 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
14:52:48.0970 0x0ec8 LVRS - ok
14:52:49.0095 0x0ec8 [ E2C99D3B692BA2173114C9DF79313B70, D2B1F052198EFBFAA49D52EFAE2614D7CBE25AE5DA9B4008602483B4A128512A ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
14:52:49.0235 0x0ec8 LVUVC - ok
14:52:49.0247 0x0ec8 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:52:49.0257 0x0ec8 MBAMProtector - ok
14:52:49.0276 0x0ec8 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:52:49.0298 0x0ec8 MBAMScheduler - ok
14:52:49.0325 0x0ec8 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:52:49.0353 0x0ec8 MBAMService - ok
14:52:49.0364 0x0ec8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:52:49.0380 0x0ec8 Mcx2Svc - ok
14:52:49.0390 0x0ec8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
14:52:49.0402 0x0ec8 megasas - ok
14:52:49.0416 0x0ec8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:52:49.0435 0x0ec8 MegaSR - ok
14:52:49.0444 0x0ec8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
14:52:49.0471 0x0ec8 MMCSS - ok
14:52:49.0480 0x0ec8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
14:52:49.0506 0x0ec8 Modem - ok
14:52:49.0515 0x0ec8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:52:49.0530 0x0ec8 monitor - ok
14:52:49.0539 0x0ec8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:52:49.0550 0x0ec8 mouclass - ok
14:52:49.0559 0x0ec8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:52:49.0574 0x0ec8 mouhid - ok
14:52:49.0583 0x0ec8 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:52:49.0595 0x0ec8 mountmgr - ok
14:52:49.0605 0x0ec8 [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:52:49.0621 0x0ec8 MozillaMaintenance - ok
14:52:49.0631 0x0ec8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
14:52:49.0647 0x0ec8 mpio - ok
14:52:49.0656 0x0ec8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:52:49.0680 0x0ec8 mpsdrv - ok
14:52:49.0702 0x0ec8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:52:49.0745 0x0ec8 MpsSvc - ok
14:52:49.0755 0x0ec8 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:52:49.0776 0x0ec8 MRxDAV - ok
14:52:49.0786 0x0ec8 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:49.0802 0x0ec8 mrxsmb - ok
14:52:49.0815 0x0ec8 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:49.0834 0x0ec8 mrxsmb10 - ok
14:52:49.0844 0x0ec8 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:49.0863 0x0ec8 mrxsmb20 - ok
14:52:49.0872 0x0ec8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
14:52:49.0882 0x0ec8 msahci - ok
14:52:49.0894 0x0ec8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:52:49.0909 0x0ec8 msdsm - ok
14:52:49.0919 0x0ec8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
14:52:49.0958 0x0ec8 MSDTC - ok
14:52:49.0972 0x0ec8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:52:49.0997 0x0ec8 Msfs - ok
14:52:50.0003 0x0ec8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:52:50.0030 0x0ec8 mshidkmdf - ok
14:52:50.0038 0x0ec8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:52:50.0048 0x0ec8 msisadrv - ok
14:52:50.0060 0x0ec8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:52:50.0088 0x0ec8 MSiSCSI - ok
14:52:50.0095 0x0ec8 msiserver - ok
14:52:50.0105 0x0ec8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:52:50.0130 0x0ec8 MSKSSRV - ok
14:52:50.0137 0x0ec8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:50.0164 0x0ec8 MSPCLOCK - ok
14:52:50.0171 0x0ec8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:52:50.0197 0x0ec8 MSPQM - ok
14:52:50.0208 0x0ec8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:52:50.0224 0x0ec8 MsRPC - ok
14:52:50.0237 0x0ec8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:50.0247 0x0ec8 mssmbios - ok
14:52:50.0254 0x0ec8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:52:50.0279 0x0ec8 MSTEE - ok
14:52:50.0287 0x0ec8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:52:50.0301 0x0ec8 MTConfig - ok
14:52:50.0310 0x0ec8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
14:52:50.0321 0x0ec8 Mup - ok
14:52:50.0339 0x0ec8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
14:52:50.0375 0x0ec8 napagent - ok
14:52:50.0390 0x0ec8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:52:50.0416 0x0ec8 NativeWifiP - ok
14:52:50.0443 0x0ec8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:52:50.0473 0x0ec8 NDIS - ok
14:52:50.0481 0x0ec8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:50.0508 0x0ec8 NdisCap - ok
14:52:50.0516 0x0ec8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:50.0541 0x0ec8 NdisTapi - ok
14:52:50.0548 0x0ec8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:50.0574 0x0ec8 Ndisuio - ok
14:52:50.0584 0x0ec8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:50.0613 0x0ec8 NdisWan - ok
14:52:50.0622 0x0ec8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:52:50.0645 0x0ec8 NDProxy - ok
14:52:50.0654 0x0ec8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:52:50.0680 0x0ec8 NetBIOS - ok
14:52:50.0693 0x0ec8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:52:50.0722 0x0ec8 NetBT - ok
14:52:50.0730 0x0ec8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon C:\Windows\system32\lsass.exe
14:52:50.0742 0x0ec8 Netlogon - ok
14:52:50.0757 0x0ec8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
14:52:50.0793 0x0ec8 Netman - ok
14:52:50.0803 0x0ec8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:50.0829 0x0ec8 NetMsmqActivator - ok
14:52:50.0837 0x0ec8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:50.0853 0x0ec8 NetPipeActivator - ok
14:52:50.0872 0x0ec8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
14:52:50.0906 0x0ec8 netprofm - ok
14:52:50.0915 0x0ec8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:50.0930 0x0ec8 NetTcpActivator - ok
14:52:50.0939 0x0ec8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:50.0955 0x0ec8 NetTcpPortSharing - ok
14:52:50.0963 0x0ec8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:52:50.0976 0x0ec8 nfrd960 - ok
14:52:50.0991 0x0ec8 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:52:51.0012 0x0ec8 NlaSvc - ok
14:52:51.0021 0x0ec8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:52:51.0046 0x0ec8 Npfs - ok
14:52:51.0055 0x0ec8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
14:52:51.0082 0x0ec8 nsi - ok
14:52:51.0089 0x0ec8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:52:51.0115 0x0ec8 nsiproxy - ok
14:52:51.0157 0x0ec8 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:52:51.0202 0x0ec8 Ntfs - ok
14:52:51.0209 0x0ec8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
14:52:51.0236 0x0ec8 Null - ok
14:52:51.0246 0x0ec8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:52:51.0260 0x0ec8 nvraid - ok
14:52:51.0273 0x0ec8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:52:51.0289 0x0ec8 nvstor - ok
14:52:51.0300 0x0ec8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:52:51.0315 0x0ec8 nv_agp - ok
14:52:51.0325 0x0ec8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:52:51.0338 0x0ec8 ohci1394 - ok
14:52:51.0349 0x0ec8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:52:51.0364 0x0ec8 ose - ok
14:52:51.0375 0x0ec8 [ AE896073E1BBF98FEFC2EC52F62C0FBA, 8DB1D1DE1941E2467DD5CFC631F221D5E27C338A1D48E7A999224CBAE6606812 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
14:52:51.0387 0x0ec8 ossrv - ok
14:52:51.0402 0x0ec8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:52:51.0426 0x0ec8 p2pimsvc - ok
14:52:51.0443 0x0ec8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
14:52:51.0467 0x0ec8 p2psvc - ok
14:52:51.0477 0x0ec8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:52:51.0493 0x0ec8 Parport - ok
14:52:51.0501 0x0ec8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:52:51.0513 0x0ec8 partmgr - ok
14:52:51.0521 0x0ec8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:52:51.0534 0x0ec8 Parvdm - ok
14:52:51.0545 0x0ec8 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:52:51.0566 0x0ec8 PcaSvc - ok
14:52:51.0578 0x0ec8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
14:52:51.0593 0x0ec8 pci - ok
14:52:51.0602 0x0ec8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
14:52:51.0615 0x0ec8 pciide - ok
14:52:51.0626 0x0ec8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:52:51.0644 0x0ec8 pcmcia - ok
14:52:51.0652 0x0ec8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
14:52:51.0664 0x0ec8 pcw - ok
14:52:51.0686 0x0ec8 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:52:51.0729 0x0ec8 PEAUTH - ok
14:52:51.0789 0x0ec8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
14:52:51.0861 0x0ec8 pla - ok
14:52:51.0877 0x0ec8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:52:51.0904 0x0ec8 PlugPlay - ok
14:52:51.0912 0x0ec8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:52:51.0926 0x0ec8 PNRPAutoReg - ok
14:52:51.0940 0x0ec8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:52:51.0959 0x0ec8 PNRPsvc - ok
14:52:51.0976 0x0ec8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:52:52.0011 0x0ec8 PolicyAgent - ok
14:52:52.0027 0x0ec8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
14:52:52.0056 0x0ec8 Power - ok
14:52:52.0065 0x0ec8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:52:52.0090 0x0ec8 PptpMiniport - ok
14:52:52.0098 0x0ec8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
14:52:52.0115 0x0ec8 Processor - ok
14:52:52.0126 0x0ec8 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:52:52.0148 0x0ec8 ProfSvc - ok
14:52:52.0156 0x0ec8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:52.0168 0x0ec8 ProtectedStorage - ok
14:52:52.0178 0x0ec8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:52:52.0206 0x0ec8 Psched - ok
14:52:52.0248 0x0ec8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:52:52.0297 0x0ec8 ql2300 - ok
14:52:52.0309 0x0ec8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:52:52.0323 0x0ec8 ql40xx - ok
14:52:52.0336 0x0ec8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
14:52:52.0362 0x0ec8 QWAVE - ok
14:52:52.0371 0x0ec8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:52:52.0386 0x0ec8 QWAVEdrv - ok
14:52:52.0394 0x0ec8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:52:52.0421 0x0ec8 RasAcd - ok
14:52:52.0429 0x0ec8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:52.0454 0x0ec8 RasAgileVpn - ok
14:52:52.0463 0x0ec8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
14:52:52.0493 0x0ec8 RasAuto - ok
14:52:52.0500 0x0ec8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:52.0528 0x0ec8 Rasl2tp - ok
14:52:52.0543 0x0ec8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
14:52:52.0578 0x0ec8 RasMan - ok
14:52:52.0587 0x0ec8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:52.0614 0x0ec8 RasPppoe - ok
14:52:52.0624 0x0ec8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:52.0650 0x0ec8 RasSstp - ok
14:52:52.0663 0x0ec8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:52.0694 0x0ec8 rdbss - ok
14:52:52.0703 0x0ec8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:52:52.0718 0x0ec8 rdpbus - ok
14:52:52.0725 0x0ec8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:52.0749 0x0ec8 RDPCDD - ok
14:52:52.0760 0x0ec8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:52.0783 0x0ec8 RDPENCDD - ok
14:52:52.0794 0x0ec8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:52:52.0818 0x0ec8 RDPREFMP - ok
14:52:52.0830 0x0ec8 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:52:52.0845 0x0ec8 RdpVideoMiniport - ok
14:52:52.0859 0x0ec8 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:52.0881 0x0ec8 RDPWD - ok
14:52:52.0894 0x0ec8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:52:52.0910 0x0ec8 rdyboost - ok
14:52:52.0920 0x0ec8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:52.0947 0x0ec8 RemoteAccess - ok
14:52:52.0959 0x0ec8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:52.0989 0x0ec8 RemoteRegistry - ok
14:52:52.0997 0x0ec8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:52:53.0025 0x0ec8 RpcEptMapper - ok
14:52:53.0032 0x0ec8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
14:52:53.0047 0x0ec8 RpcLocator - ok
14:52:53.0064 0x0ec8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
14:52:53.0096 0x0ec8 RpcSs - ok
14:52:53.0106 0x0ec8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:53.0134 0x0ec8 rspndr - ok
14:52:53.0146 0x0ec8 [ 3983CEA05BB855351D75F5482B6C42CE, E995E712B7929DA88618DCF8C64616CF25380694A13BEA53F4F3D8CA3E73E120 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:52:53.0171 0x0ec8 RTL8167 - ok
14:52:53.0179 0x0ec8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs C:\Windows\system32\lsass.exe
14:52:53.0191 0x0ec8 SamSs - ok
14:52:53.0201 0x0ec8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:52:53.0213 0x0ec8 sbp2port - ok
14:52:53.0225 0x0ec8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:52:53.0253 0x0ec8 SCardSvr - ok
14:52:53.0261 0x0ec8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:52:53.0286 0x0ec8 scfilter - ok
14:52:53.0312 0x0ec8 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
14:52:53.0362 0x0ec8 Schedule - ok
14:52:53.0372 0x0ec8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:52:53.0394 0x0ec8 SCPolicySvc - ok
14:52:53.0406 0x0ec8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:52:53.0427 0x0ec8 SDRSVC - ok
14:52:53.0435 0x0ec8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:52:53.0460 0x0ec8 secdrv - ok
14:52:53.0469 0x0ec8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
14:52:53.0496 0x0ec8 seclogon - ok
14:52:53.0504 0x0ec8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
14:52:53.0533 0x0ec8 SENS - ok
14:52:53.0541 0x0ec8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:52:53.0558 0x0ec8 SensrSvc - ok
14:52:53.0566 0x0ec8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:52:53.0581 0x0ec8 Serenum - ok
14:52:53.0590 0x0ec8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:52:53.0606 0x0ec8 Serial - ok
14:52:53.0613 0x0ec8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:52:53.0628 0x0ec8 sermouse - ok
14:52:53.0651 0x0ec8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
14:52:53.0679 0x0ec8 SessionEnv - ok
14:52:53.0687 0x0ec8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:52:53.0703 0x0ec8 sffdisk - ok
14:52:53.0709 0x0ec8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:52:53.0727 0x0ec8 sffp_mmc - ok
14:52:53.0736 0x0ec8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:52:53.0750 0x0ec8 sffp_sd - ok
14:52:53.0758 0x0ec8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:52:53.0772 0x0ec8 sfloppy - ok
14:52:53.0788 0x0ec8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:52:53.0823 0x0ec8 SharedAccess - ok
14:52:53.0839 0x0ec8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:52:53.0875 0x0ec8 ShellHWDetection - ok
14:52:53.0883 0x0ec8 [ F5AAA8CDDA25B6387AF590D676D25BAD, 0485DC8206F0CFE9D920D8A6AC517EA2472E9267A86878FCB468D2D54D42E646 ] simptcp C:\Windows\System32\tcpsvcs.exe
14:52:53.0898 0x0ec8 simptcp - ok
14:52:53.0960 0x0ec8 [ D6827A98C45299D9857860E519EEB428, 183A8663C974467CE53D6D178798A9816F8D3DDBD06F5E6FFF18A46244A0E03C ] Simraceway Update Service C:\Program Files\SimracewayUpdater\SRWUpdate.exe
14:52:54.0037 0x0ec8 Simraceway Update Service - detected UnsignedFile.Multi.Generic ( 1 )
14:52:54.0090 0x0ec8 Simraceway Update Service ( UnsignedFile.Multi.Generic ) - warning
14:53:01.0307 0x0ec8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:53:01.0319 0x0ec8 sisagp - ok
14:53:01.0327 0x0ec8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:53:01.0339 0x0ec8 SiSRaid2 - ok
14:53:01.0348 0x0ec8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:53:01.0362 0x0ec8 SiSRaid4 - ok
14:53:01.0375 0x0ec8 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:53:01.0392 0x0ec8 SkypeUpdate - ok
14:53:01.0398 0x0ec8 SliceDisk5 - ok
14:53:01.0410 0x0ec8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:53:01.0437 0x0ec8 Smb - ok
14:53:01.0454 0x0ec8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:53:01.0467 0x0ec8 SNMPTRAP - ok
14:53:01.0476 0x0ec8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
14:53:01.0487 0x0ec8 spldr - ok
14:53:01.0502 0x0ec8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
14:53:01.0526 0x0ec8 Spooler - ok
14:53:01.0611 0x0ec8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
14:53:01.0717 0x0ec8 sppsvc - ok
14:53:01.0728 0x0ec8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:53:01.0754 0x0ec8 sppuinotify - ok
14:53:01.0770 0x0ec8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:53:01.0793 0x0ec8 srv - ok
14:53:01.0808 0x0ec8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:53:01.0831 0x0ec8 srv2 - ok
14:53:01.0842 0x0ec8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:53:01.0860 0x0ec8 srvnet - ok
14:53:01.0872 0x0ec8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:53:01.0901 0x0ec8 SSDPSRV - ok
14:53:01.0911 0x0ec8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:53:01.0939 0x0ec8 SstpSvc - ok
14:53:01.0958 0x0ec8 [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
14:53:01.0984 0x0ec8 Steam Client Service - ok
14:53:01.0993 0x0ec8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:53:02.0004 0x0ec8 stexstor - ok
14:53:02.0025 0x0ec8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
14:53:02.0057 0x0ec8 StiSvc - ok
14:53:02.0066 0x0ec8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:53:02.0078 0x0ec8 swenum - ok
14:53:02.0094 0x0ec8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
14:53:02.0133 0x0ec8 swprv - ok
14:53:02.0169 0x0ec8 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
14:53:02.0222 0x0ec8 SysMain - ok
14:53:02.0237 0x0ec8 [ 9D40AC2003DCA9F045181241C2BF47A2, 62453A392F0705D4E922922049DCDB62A16A6CFE79F6A92AD6E6B08A54AB5367 ] SystemStoreService C:\Program Files\SoftwareUpdater\SystemStore.exe
14:53:02.0251 0x0ec8 SystemStoreService - detected UnsignedFile.Multi.Generic ( 1 )
14:53:02.0251 0x0ec8 SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
14:53:04.0911 0x0ec8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:53:04.0930 0x0ec8 TabletInputService - ok
14:53:04.0945 0x0ec8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
14:53:04.0979 0x0ec8 TapiSrv - ok
14:53:04.0988 0x0ec8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
14:53:05.0015 0x0ec8 TBS - ok
14:53:05.0056 0x0ec8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:53:05.0104 0x0ec8 Tcpip - ok
14:53:05.0145 0x0ec8 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:53:05.0186 0x0ec8 TCPIP6 - ok
14:53:05.0199 0x0ec8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:53:05.0212 0x0ec8 tcpipreg - ok
14:53:05.0224 0x0ec8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:53:05.0241 0x0ec8 TDPIPE - ok
14:53:05.0249 0x0ec8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:53:05.0261 0x0ec8 TDTCP - ok
14:53:05.0271 0x0ec8 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:53:05.0295 0x0ec8 tdx - ok
14:53:05.0305 0x0ec8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:53:05.0316 0x0ec8 TermDD - ok
14:53:05.0337 0x0ec8 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
14:53:05.0379 0x0ec8 TermService - ok
14:53:05.0388 0x0ec8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
14:53:05.0406 0x0ec8 Themes - ok
14:53:05.0414 0x0ec8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
14:53:05.0439 0x0ec8 THREADORDER - ok
14:53:05.0448 0x0ec8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
14:53:05.0477 0x0ec8 TrkWks - ok
14:53:05.0488 0x0ec8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:53:05.0515 0x0ec8 TrustedInstaller - ok
14:53:05.0528 0x0ec8 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:53:05.0543 0x0ec8 tssecsrv - ok
14:53:05.0552 0x0ec8 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:53:05.0569 0x0ec8 TsUsbFlt - ok
14:53:05.0577 0x0ec8 [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:53:05.0592 0x0ec8 TsUsbGD - ok
14:53:05.0602 0x0ec8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:53:05.0629 0x0ec8 tunnel - ok
14:53:05.0639 0x0ec8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:53:05.0652 0x0ec8 uagp35 - ok
14:53:05.0665 0x0ec8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:53:05.0699 0x0ec8 udfs - ok
14:53:05.0714 0x0ec8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:53:05.0730 0x0ec8 UI0Detect - ok
14:53:05.0739 0x0ec8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:53:05.0751 0x0ec8 uliagpkx - ok
14:53:05.0759 0x0ec8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:53:05.0776 0x0ec8 umbus - ok
14:53:05.0783 0x0ec8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:53:05.0797 0x0ec8 UmPass - ok
14:53:05.0816 0x0ec8 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:53:05.0837 0x0ec8 UMVPFSrv - ok
14:53:05.0852 0x0ec8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
14:53:05.0889 0x0ec8 upnphost - ok
14:53:05.0899 0x0ec8 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:53:05.0914 0x0ec8 usbaudio - ok
14:53:05.0923 0x0ec8 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
14:53:05.0950 0x0ec8 usbccgp - ok
14:53:05.0959 0x0ec8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:53:05.0974 0x0ec8 usbcir - ok
14:53:05.0982 0x0ec8 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:53:05.0996 0x0ec8 usbehci - ok
14:53:06.0011 0x0ec8 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:53:06.0032 0x0ec8 usbhub - ok
14:53:06.0041 0x0ec8 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:53:06.0053 0x0ec8 usbohci - ok
14:53:06.0062 0x0ec8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:53:06.0077 0x0ec8 usbprint - ok
14:53:06.0086 0x0ec8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:53:06.0105 0x0ec8 USBSTOR - ok
14:53:06.0113 0x0ec8 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:53:06.0129 0x0ec8 usbuhci - ok
14:53:06.0141 0x0ec8 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:53:06.0160 0x0ec8 usbvideo - ok
14:53:06.0168 0x0ec8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
14:53:06.0194 0x0ec8 UxSms - ok
14:53:06.0202 0x0ec8 [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc C:\Windows\system32\lsass.exe
14:53:06.0213 0x0ec8 VaultSvc - ok
14:53:06.0222 0x0ec8 [ B252DD05C8B1D64239EE8A93C4BC5AD4, 904CCA61863330C456A2BF32118A9BFF77F2A339530F611843FD4908F2AAAF0A ] VClone C:\Windows\system32\DRIVERS\VClone.sys
14:53:06.0234 0x0ec8 VClone - ok
14:53:06.0242 0x0ec8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:53:06.0253 0x0ec8 vdrvroot - ok
14:53:06.0273 0x0ec8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
14:53:06.0313 0x0ec8 vds - ok
14:53:06.0322 0x0ec8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:53:06.0336 0x0ec8 vga - ok
14:53:06.0344 0x0ec8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:53:06.0370 0x0ec8 VgaSave - ok
14:53:06.0381 0x0ec8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:53:06.0397 0x0ec8 vhdmp - ok
14:53:06.0406 0x0ec8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:53:06.0418 0x0ec8 viaagp - ok
14:53:06.0427 0x0ec8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:53:06.0442 0x0ec8 ViaC7 - ok
14:53:06.0451 0x0ec8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
14:53:06.0461 0x0ec8 viaide - ok
14:53:06.0471 0x0ec8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:53:06.0483 0x0ec8 volmgr - ok
14:53:06.0499 0x0ec8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:53:06.0517 0x0ec8 volmgrx - ok
14:53:06.0531 0x0ec8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:53:06.0549 0x0ec8 volsnap - ok
14:53:06.0560 0x0ec8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:53:06.0577 0x0ec8 vsmraid - ok
14:53:06.0609 0x0ec8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
14:53:06.0665 0x0ec8 VSS - ok
14:53:06.0672 0x0ec8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:53:06.0688 0x0ec8 vwifibus - ok
14:53:06.0703 0x0ec8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
14:53:06.0738 0x0ec8 W32Time - ok
14:53:06.0750 0x0ec8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:53:06.0763 0x0ec8 WacomPen - ok
14:53:06.0772 0x0ec8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:53:06.0796 0x0ec8 WANARP - ok
14:53:06.0803 0x0ec8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:53:06.0826 0x0ec8 Wanarpv6 - ok
14:53:06.0863 0x0ec8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
14:53:06.0916 0x0ec8 wbengine - ok
14:53:06.0940 0x0ec8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:53:06.0973 0x0ec8 WbioSrvc - ok
14:53:06.0987 0x0ec8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:53:07.0010 0x0ec8 wcncsvc - ok
14:53:07.0018 0x0ec8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:53:07.0038 0x0ec8 WcsPlugInService - ok
14:53:07.0045 0x0ec8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
14:53:07.0057 0x0ec8 Wd - ok
14:53:07.0079 0x0ec8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:53:07.0106 0x0ec8 Wdf01000 - ok
14:53:07.0116 0x0ec8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:53:07.0146 0x0ec8 WdiServiceHost - ok
14:53:07.0153 0x0ec8 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:53:07.0169 0x0ec8 WdiSystemHost - ok
14:53:07.0181 0x0ec8 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
14:53:07.0203 0x0ec8 WebClient - ok
14:53:07.0213 0x0ec8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:53:07.0245 0x0ec8 Wecsvc - ok
14:53:07.0253 0x0ec8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:53:07.0279 0x0ec8 wercplsupport - ok
14:53:07.0289 0x0ec8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
14:53:07.0317 0x0ec8 WerSvc - ok
14:53:07.0337 0x0ec8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:53:07.0363 0x0ec8 WfpLwf - ok
14:53:07.0371 0x0ec8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:53:07.0382 0x0ec8 WIMMount - ok
14:53:07.0407 0x0ec8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:53:07.0436 0x0ec8 WinDefend - ok
14:53:07.0448 0x0ec8 WinHttpAutoProxySvc - ok
14:53:07.0470 0x0ec8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:53:07.0499 0x0ec8 Winmgmt - ok
14:53:07.0538 0x0ec8 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
14:53:07.0599 0x0ec8 WinRM - ok
14:53:07.0617 0x0ec8 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:53:07.0635 0x0ec8 WinUsb - ok
14:53:07.0664 0x0ec8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:53:07.0706 0x0ec8 Wlansvc - ok
14:53:07.0715 0x0ec8 [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
14:53:07.0725 0x0ec8 WmBEnum - ok
14:53:07.0734 0x0ec8 [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
14:53:07.0745 0x0ec8 WmFilter - ok
14:53:07.0784 0x0ec8 [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
14:53:07.0793 0x0ec8 WmHidLo - ok
14:53:07.0802 0x0ec8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:53:07.0816 0x0ec8 WmiAcpi - ok
14:53:07.0831 0x0ec8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:53:07.0849 0x0ec8 wmiApSrv - ok
14:53:07.0886 0x0ec8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:53:07.0934 0x0ec8 WMPNetworkSvc - ok
14:53:07.0943 0x0ec8 [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
14:53:07.0953 0x0ec8 WmVirHid - ok
14:53:07.0961 0x0ec8 [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
14:53:07.0973 0x0ec8 WmXlCore - ok
14:53:07.0980 0x0ec8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:53:07.0996 0x0ec8 WPCSvc - ok
14:53:08.0012 0x0ec8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:53:08.0041 0x0ec8 WPDBusEnum - ok
14:53:08.0049 0x0ec8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:53:08.0083 0x0ec8 ws2ifsl - ok
14:53:08.0091 0x0ec8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
14:53:08.0110 0x0ec8 wscsvc - ok
14:53:08.0117 0x0ec8 WSearch - ok
14:53:08.0184 0x0ec8 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
14:53:08.0240 0x0ec8 wuauserv - ok
14:53:08.0250 0x0ec8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:53:08.0266 0x0ec8 WudfPf - ok
14:53:08.0282 0x0ec8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:53:08.0300 0x0ec8 WUDFRd - ok
14:53:08.0313 0x0ec8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:53:08.0329 0x0ec8 wudfsvc - ok
14:53:08.0351 0x0ec8 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
14:53:08.0371 0x0ec8 WwanSvc - ok
14:53:08.0380 0x0ec8 ================ Scan global ===============================
14:53:08.0389 0x0ec8 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:53:08.0403 0x0ec8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:53:08.0418 0x0ec8 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:53:08.0429 0x0ec8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:53:08.0450 0x0ec8 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:53:08.0459 0x0ec8 [ Global ] - ok
14:53:08.0460 0x0ec8 ================ Scan MBR ==================================
14:53:08.0475 0x0ec8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:53:08.0519 0x0ec8 \Device\Harddisk0\DR0 - ok
14:53:08.0524 0x0ec8 [ 6C7780B2B247BAF5F409773A6AEB3604 ] \Device\Harddisk1\DR1
14:53:08.0782 0x0ec8 \Device\Harddisk1\DR1 - ok
14:53:08.0787 0x0ec8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:53:08.0834 0x0ec8 \Device\Harddisk2\DR2 - ok
14:53:08.0834 0x0ec8 ================ Scan VBR ==================================
14:53:08.0838 0x0ec8 [ 874481F57273DE112C6BFEDB4487E642 ] \Device\Harddisk0\DR0\Partition1
14:53:08.0899 0x0ec8 \Device\Harddisk0\DR0\Partition1 - ok
14:53:08.0918 0x0ec8 [ C22D3C56C90CFAF070E11233714A1923 ] \Device\Harddisk0\DR0\Partition2
14:53:08.0942 0x0ec8 \Device\Harddisk0\DR0\Partition2 - ok
14:53:08.0954 0x0ec8 [ C7670686DA95D9678A2C7552D6EDDD1F ] \Device\Harddisk0\DR0\Partition3
14:53:08.0955 0x0ec8 \Device\Harddisk0\DR0\Partition3 - ok
14:53:08.0973 0x0ec8 [ 4DCC0BC0FAA31361400CAFB95B8C5B3B ] \Device\Harddisk0\DR0\Partition4
14:53:08.0987 0x0ec8 \Device\Harddisk0\DR0\Partition4 - ok
14:53:08.0992 0x0ec8 [ 7ABF18D24279554A24F6FCECB983D51B ] \Device\Harddisk1\DR1\Partition1
14:53:08.0993 0x0ec8 \Device\Harddisk1\DR1\Partition1 - ok
14:53:09.0000 0x0ec8 [ 42A3D1B142F2BE94771743CF1429CE36 ] \Device\Harddisk1\DR1\Partition2
14:53:09.0000 0x0ec8 \Device\Harddisk1\DR1\Partition2 - ok
14:53:09.0040 0x0ec8 AV detected via SS2: ESET Smart Security 6.0, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 6.0.316.0 ), 0x41000 ( enabled : updated )
14:53:09.0041 0x0ec8 FW detected via SS2: ESET Personal Firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 6.0.316.0 ), 0x41010 ( enabled )
14:53:11.0689 0x0ec8 ============================================================
14:53:11.0689 0x0ec8 Scan finished
14:53:11.0689 0x0ec8 ============================================================
14:53:11.0704 0x0ff4 Detected object count: 2
14:53:11.0705 0x0ff4 Actual detected object count: 2
14:53:32.0541 0x0ff4 Simraceway Update Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:32.0541 0x0ff4 Simraceway Update Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:53:32.0541 0x0ff4 SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:32.0541 0x0ff4 SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.03.2014, 08:19
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Unknowen.RootKit.VBR eingefangen! Was nun? Gut gemacht André! Wir machen so weiter... Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Bitte starte  FRST erneut uns setze den Haken auch bei Addition.txt. Drücke anschließend auf Scan.Bitte poste mir in Deiner nächsten Antwort den Inhalt der Logdateien von: - AdwCleaner - FRST.txt und Addition.txt
__________________ --> Unknowen.RootKit.VBR eingefangen! Was nun? |
|
19.03.2014, 10:18
| #7 |
| | Unknowen.RootKit.VBR eingefangen! Was nun? Hallo Jürgen, ich habe Fertig  Hier die Logs und noch eine Frage. Ich habe hier zu Hause noch weitere PC´s im Netzwerk laufen, könnten diese auch befallen sein? Habe zwar schon mit diversen Scannern gescannt und nichts gefunden aber man weiss ja nie. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 19/03/2014 um 09:35:26
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : djwisch - DJWISCH-PC
# Gestartet von : C:\Users\djwisch\Desktop\Trojanerboard\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\djwisch\AppData\Roaming\simplitec
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\FreeDriverScout
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\Tasks\Software Updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{759A0104-E7F3-4516-A9F2-1B76F80541D2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{759A0104-E7F3-4516-A9F2-1B76F80541D2}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BE33FD2-9208-44B5-8503-F30A64974BF4}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BE33FD2-9208-44B5-8503-F30A64974BF4}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED2180C1-07C8-44A6-A94F-CD693FDC5754}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED2180C1-07C8-44A6-A94F-CD693FDC5754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4755 octets] - [19/03/2014 09:34:43]
AdwCleaner[S0].txt - [4640 octets] - [19/03/2014 09:35:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4700 octets] ##########
[/CODE] FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by djwisch (administrator) on DJWISCH-PC on 19-03-2014 09:39:19
Running from C:\Users\djwisch\Desktop\Trojanerboard
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2010-03-18] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-2000404476-1933902896-3312573342-1001\...\MountPoints2: {02bc4b94-0805-11e3-81bb-001966d93e6f} - H:\GTL_Setup_EGFIS.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=de&gu=93ceb7bfa685431e9c55d3ccff4e9cc4&tu=10GXy00Ay1C01g0&sku=&tstsId=&ver=&
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D2AB522E-4972-47DF-8E87-C017169686A5} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=93ceb7bfa685431e9c55d3ccff4e9cc4&tu=10G9y009b1B0CO0&sku=&tstsId=&ver=&&r=484
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{57EB9AE3-28AE-4F70-84CB-F5BD2ED27C49}: [NameServer]192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\searchplugins\heise-netze-whois.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\djwisch\AppData\Roaming\Mozilla\Firefox\Profiles\2x5dh9d9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-22]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21]
CHR Extension: (Google Drive) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21]
CHR Extension: (YouTube) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21]
CHR Extension: (Google-Suche) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21]
CHR Extension: (Google Wallet) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Google Mail) - C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21]
========================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Simraceway Update Service; C:\Program Files\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
R0 ahcix86; C:\Windows\System32\DRIVERS\ahcix86.sys [113152 2007-01-12] (ATI Technologies Inc.)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [129552 2008-08-07] (AMD Technologies Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-02-10] (REALiX(tm))
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-19 09:34 - 2014-03-19 09:35 - 00000000 ____D () C:\AdwCleaner
2014-03-18 14:57 - 2014-03-19 09:39 - 00000000 ____D () C:\Users\djwisch\Desktop\Trojanerboard
2014-03-18 14:48 - 2014-03-18 14:48 - 00002374 _____ () C:\Users\djwisch\Desktop\post1.txt
2014-03-17 21:21 - 2014-03-17 21:21 - 00000000 ____D () C:\Users\djwisch\Desktop\x86
2014-03-17 20:10 - 2014-03-17 20:10 - 00027826 _____ () C:\Users\djwisch\Desktop\FRST.txt
2014-03-17 20:10 - 2014-03-17 20:10 - 00021876 _____ () C:\Users\djwisch\Desktop\Addition.txt
2014-03-17 18:12 - 2014-03-19 09:39 - 00000000 ____D () C:\FRST
2014-03-17 17:05 - 2007-11-14 11:53 - 00014864 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
2014-03-17 14:38 - 2014-03-17 14:38 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Malwarebytes
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-17 14:38 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-13 22:36 - 2014-03-17 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-13 22:08 - 2014-03-13 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 22:07 - 2014-03-17 16:11 - 00000000 ____D () C:\Users\djwisch\Desktop\mbar
2014-03-13 22:07 - 2014-03-17 15:57 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-13 20:53 - 2014-03-13 20:53 - 00000000 ____D () C:\Users\djwisch\Documents\GTR
2014-03-12 11:51 - 2014-03-12 11:51 - 00001292 _____ () C:\Users\djwisch\Desktop\SpeedCommander.lnk
2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-11 20:08 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 20:08 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 20:08 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 20:08 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 20:08 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 20:08 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 20:08 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 20:08 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 20:08 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 20:08 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 20:08 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 20:08 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 20:08 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 20:08 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 20:08 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 20:08 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 20:08 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 20:08 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 20:08 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 20:08 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 20:08 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 20:08 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 20:08 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 20:08 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 20:08 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 20:08 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 20:08 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-06 22:48 - 2014-03-06 22:48 - 00000000 ____D () C:\Program Files\Monkey's Audio
2014-03-06 22:48 - 2013-06-26 22:38 - 00446976 _____ (Matthew T. Ashland) C:\Windows\system32\MACDll.dll
2014-03-05 01:01 - 2014-03-05 01:01 - 00009910 _____ () C:\Users\djwisch\Desktop\Unbenannt 1.ods
2014-02-27 19:18 - 2014-03-05 00:01 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Telegram Win (Unofficial)
2014-02-27 19:18 - 2014-02-27 19:18 - 00001070 _____ () C:\Users\djwisch\Desktop\Telegram.lnk
2014-02-27 19:18 - 2014-02-27 19:18 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
2014-02-27 19:16 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-27 15:26 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\djwisch\Desktop\TDSSKiller.exe
2014-02-19 14:18 - 2014-02-19 14:18 - 00000001 _____ () C:\Users\djwisch\AppData\Local\llftool.4.30.agreement
==================== One Month Modified Files and Folders =======
2014-03-19 09:39 - 2014-03-18 14:57 - 00000000 ____D () C:\Users\djwisch\Desktop\Trojanerboard
2014-03-19 09:39 - 2014-03-17 18:12 - 00000000 ____D () C:\FRST
2014-03-19 09:38 - 2013-10-09 17:35 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Skype
2014-03-19 09:37 - 2009-07-14 05:39 - 00042227 _____ () C:\Windows\setupact.log
2014-03-19 09:35 - 2014-03-19 09:34 - 00000000 ____D () C:\AdwCleaner
2014-03-19 09:35 - 2013-08-17 15:06 - 01398905 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 09:35 - 2009-07-14 05:34 - 00020272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 09:35 - 2009-07-14 05:34 - 00020272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 09:33 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 14:48 - 2014-03-18 14:48 - 00002374 _____ () C:\Users\djwisch\Desktop\post1.txt
2014-03-17 21:21 - 2014-03-17 21:21 - 00000000 ____D () C:\Users\djwisch\Desktop\x86
2014-03-17 21:16 - 2013-10-14 18:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-17 20:10 - 2014-03-17 20:10 - 00027826 _____ () C:\Users\djwisch\Desktop\FRST.txt
2014-03-17 20:10 - 2014-03-17 20:10 - 00021876 _____ () C:\Users\djwisch\Desktop\Addition.txt
2014-03-17 17:44 - 2010-11-20 22:48 - 00098468 _____ () C:\Windows\PFRO.log
2014-03-17 17:35 - 2013-10-13 15:02 - 00000000 ____D () C:\Program Files\A-FF Find and Mount
2014-03-17 17:34 - 2013-08-29 19:27 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-03-17 16:11 - 2014-03-13 22:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 16:11 - 2014-03-13 22:07 - 00000000 ____D () C:\Users\djwisch\Desktop\mbar
2014-03-17 15:57 - 2014-03-13 22:07 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-17 15:11 - 2013-08-19 18:22 - 00000000 ____D () C:\Program Files\Google
2014-03-17 15:05 - 2013-11-05 18:56 - 00000000 ____D () C:\Program Files\MAGIX
2014-03-17 15:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-17 15:03 - 2013-11-05 18:55 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-03-17 14:59 - 2013-12-22 17:45 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-03-17 14:59 - 2013-12-22 17:40 - 00000000 ____D () C:\ProgramData\DivX
2014-03-17 14:38 - 2014-03-17 14:38 - 00001081 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Malwarebytes
2014-03-17 14:38 - 2014-03-17 14:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-13 22:08 - 2014-03-13 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 21:36 - 2013-12-30 19:34 - 00000000 ____D () C:\Program Files\Steam
2014-03-13 20:55 - 2013-12-30 22:06 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Bierbuden Autoupdate
2014-03-13 20:53 - 2014-03-13 20:53 - 00000000 ____D () C:\Users\djwisch\Documents\GTR
2014-03-13 20:38 - 2013-08-31 22:53 - 00000000 ____D () C:\Users\djwisch\AppData\Local\QuickPar
2014-03-13 20:15 - 2013-12-30 19:34 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-03-13 20:13 - 2013-12-30 19:34 - 00000935 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-03-12 11:51 - 2014-03-12 11:51 - 00001292 _____ () C:\Users\djwisch\Desktop\SpeedCommander.lnk
2014-03-11 20:17 - 2014-03-11 20:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-11 20:17 - 2013-08-22 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 20:17 - 2013-08-22 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 20:17 - 2013-08-22 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 20:17 - 2013-08-19 20:22 - 00000000 ____D () C:\Users\djwisch\AppData\Local\Adobe
2014-03-11 20:13 - 2009-07-14 05:33 - 00383624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 20:12 - 2013-10-14 19:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 20:10 - 2013-08-17 16:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 20:09 - 2013-08-17 16:11 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-11 20:03 - 2013-08-19 20:50 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\MediaMonkey
2014-03-06 22:48 - 2014-03-06 22:48 - 00000000 ____D () C:\Program Files\Monkey's Audio
2014-03-05 01:01 - 2014-03-05 01:01 - 00009910 _____ () C:\Users\djwisch\Desktop\Unbenannt 1.ods
2014-03-05 00:01 - 2014-02-27 19:18 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Telegram Win (Unofficial)
2014-03-01 05:30 - 2014-03-11 20:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-11 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-11 20:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-11 20:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-11 20:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-11 20:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-11 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-11 20:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-11 20:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-11 20:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-11 20:08 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-11 20:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-11 20:08 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-11 20:08 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-11 20:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-11 20:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-11 20:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-11 20:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-11 20:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-11 20:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-11 20:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-11 20:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 19:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-27 19:18 - 2014-02-27 19:18 - 00001070 _____ () C:\Users\djwisch\Desktop\Telegram.lnk
2014-02-27 19:18 - 2014-02-27 19:18 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
2014-02-27 15:26 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\djwisch\Desktop\TDSSKiller.exe
2014-02-19 23:34 - 2013-10-09 20:28 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\vlc
2014-02-19 14:18 - 2014-02-19 14:18 - 00000001 _____ () C:\Users\djwisch\AppData\Local\llftool.4.30.agreement
2014-02-19 09:41 - 2013-08-17 17:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 15:16 - 2013-12-21 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 14:34 - 2013-12-22 17:47 - 00000000 ____D () C:\Users\djwisch\AppData\Roaming\DivX
Some content of TEMP:
====================
C:\Users\djwisch\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 17:42
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by djwisch at 2014-03-19 09:39:42
Running from C:\Users\djwisch\Desktop\Trojanerboard
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
Allway Sync version 12.16.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{17ED06A7-AB89-ACD8-7E24-62F280A8B1CA}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Bierbuden Autoupdate (remove only) (HKCU\...\Bierbuden Autoupdate) (Version: - )
Boot-US (HKLM\...\Boot-US) (Version: 3.1.0 - ustraub)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{B49F10A8-9DDB-4E48-9E02-FD5F1C0CE425}) (Version: 6.0.400.1 - ESET, spol s r. o.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GRID 2 (c) Codemasters version 1 (HKLM\...\R1JJRDI=_is1) (Version: 1 - )
GTR 2 - FIA GT Racing Game (HKLM\...\Steam App 8790) (Version: - SimBin Studios AB)
HWiNFO32 Version 4.32 (HKLM\...\HWiNFO32_is1) (Version: 4.32 - Martin Malík - REALiX)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech Webcam-Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version: - )
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Plex (HKCU\...\Plex) (Version: 0.9.504 - Plex, Inc)
Python 2.7.5 (HKLM\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Simraceway 28.92 (HKLM\...\Simraceway) (Version: 28.92 - Simraceway)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedCommander 14 (HKLM\...\SpeedCommander 14) (Version: 14.30.6900 - SWE Sven Ritter)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
Telegram Win (Unofficial) version 0.3.9 (HKCU\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.3.9 - Telegram (Unofficial))
Thrustmaster Force Feedback Driver (HKLM\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
==================== Restore Points =========================
17-03-2014 14:00:22 Removed Firebird SQL Server - MAGIX Edition
17-03-2014 14:00:41 Removed ISO Recorder
17-03-2014 14:05:28 Removed Microsoft Streets & Trips 2013
17-03-2014 14:11:26 Removed Google Earth.
17-03-2014 16:35:28 Removed Medieval CUE Splitter
17-03-2014 16:36:04 SketchUp 2013 wurde entfernt
17-03-2014 20:16:22 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {B82B73F4-E90A-4CB6-AF6F-BD306FDE7F58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: {D97E6605-AEBA-4535-B94E-A3A633CF1E82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {FB4D75BF-6235-4A8E-A187-56E443FEE220} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef00917581606.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C9D19781-07F4-4492-8D28-4E4F58FBA208}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2013-03-28 21:29 - 2013-03-28 21:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Simraceway Update Service => 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/19/2014 09:38:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2014 09:30:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/18/2014 02:39:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 09:30:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 09:27:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 05:46:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 05:09:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:17:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:11:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 02:51:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/19/2014 09:39:36 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc
Error: (03/19/2014 09:37:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/19/2014 09:31:27 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc
Error: (03/19/2014 09:29:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/18/2014 02:39:44 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc
Error: (03/18/2014 02:37:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/17/2014 09:31:23 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc
Error: (03/17/2014 09:29:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/17/2014 09:26:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (03/17/2014 05:53:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Microsoft Office Sessions:
=========================
Error: (03/19/2014 09:38:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2014 09:30:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/18/2014 02:39:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 09:30:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 09:27:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 05:46:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 05:09:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:17:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 03:11:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2014 02:51:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 3327.3 MB
Available physical RAM: 2425.68 MB
Total Pagefile: 6652.9 MB
Available Pagefile: 5596.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.69 MB
==================== Drives ================================
Drive c: (Win7 Basis) (Fixed) (Total:44.91 GB) (Free:17.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:85.22 GB) (Free:24.01 GB) NTFS
Drive e: (Projekt) (Fixed) (Total:126.66 GB) (Free:60.7 GB) NTFS
Drive f: (Audiosoftware) (Fixed) (Total:78.4 GB) (Free:53.42 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:175.46 GB) (Free:103.38 GB) NTFS
Drive r: (Refills) (Fixed) (Total:74.24 GB) (Free:11.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 54925295)
Partition 1: (Not Active) - (Size=466 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 119 GB) (Disk ID: 039D373A)
Partition 1: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1024 KB) - (Type=45)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 0FBBCF76)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gruß André  Hallo Jürgen, habe noch etwas evtl. wichtiges vergessen. Der vermeindliche Wurm "Win.Worm.Autorun-4414" soll sich laut ClamAV in der Datei "nvstore.sys" befinden, habe diese Datei bei Virustotal überprüfen lassen aber nur ClamAV meldet eine infektion. Vermutlich Fehlalarm oder? Gruß André |
|
19.03.2014, 17:15
| #8 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Unknowen.RootKit.VBR eingefangen! Was nun? Hallo André, ja sehe ich auch so. Wenn nur ClamAV etwas entdeckt, dann handelt es sich um einen Fehlalarm. Zitat:
Wir machen zum Abschluss noch einen letzten Schritt: Kontrollscan mit HitmanPro  Downloade Dir HitmanPro auf deinen Desktop: HitmanPro - 32 Bit
Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer Geändert von deeprybka (19.03.2014 um 17:22 Uhr) |
|
19.03.2014, 18:56
| #9 |
| | Unknowen.RootKit.VBR eingefangen! Was nun? Hallo Jürgen, hier das letzte Log-File. Danke nochmals für deine Super Hilfe, hoffe das mein PC jetzt wieder virenfrei ist. Kann mir garnicht erklären wo die Viren bzw. das RootKit her kamen, mache immer alle Sicherheitsupdates und benutze nur original Software und auf dubiose Seiten gehe ich auch nicht. hm Kannst Du etwas genaueres über das RootKit sagen, was hat es gemacht? Code:
ATTFilter HitmanPro 3.7.9.212
www.hitmanpro.com
Computer name . . . . : DJWISCH-PC
Windows . . . . . . . : 6.1.1.7601.X86/4
User name . . . . . . : djwisch-PC\djwisch
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-03-19 18:44:59
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 20s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 46
Objects scanned . . . : 1.178.419
Files scanned . . . . : 31.456
Remnants scanned . . : 440.783 files / 706.180 keys
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\c\ (Claro) -> Deleted
Cookies _____________________________________________________________________
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:conrad.122.2o7.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:philips.112.2o7.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww400.smartadserver.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\djwisch\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Cookies\6WQ6GUGC.txt
C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Cookies\E7G2NXIS.txt
C:\Users\djwisch\AppData\Roaming\Microsoft\Windows\Cookies\JX135TFV.txt
André |
|
19.03.2014, 19:12
| #10 | ||
| /// TB-Ausbilder /// Anleitungs-Guru | Unknowen.RootKit.VBR eingefangen! Was nun?Zitat:
Mach Dir nicht zuviel Gedanken...  Dein PC hast Du schon gut gepflegt! Vorbildlich würde ich sagen... Zitat:
Etwas Geduld, sind fast fertig...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
19.03.2014, 19:27
| #11 |
| | Unknowen.RootKit.VBR eingefangen! Was nun? Super. Danke und mach dir keinen Stress.  |
|
20.03.2014, 11:48
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Unknowen.RootKit.VBR eingefangen! Was nun? Hallo, Deine Fragen möchte ich abschließend gerne wie folgt beantworten: Es ist retrospektiv nicht so leicht möglich zu eruieren was genau die Infektionsquelle war und um welchen "Schädling" es sich genau gehandelt hat. So wie MBAR es detektiert hat, handelte es sich um ein "unbekanntes Rootkit". Wichtig ist nur die erfolgreiche Entfernung. Zu den anderen PC's im Netzwerk möchte ich anmerken, dass diese als "safe" anzusehen sind. Pfege weiterhin Deine Computer so wie bisher und führe regelmäßig Scans mit der installierten Antivirus-Software durch. Gelegentliche Rootkit-Prüfungen schaden, wie in Deinem Falle gesehen, auch nicht. Wenn Du sonst keine weiteren Fragen hast oder keine PC Probleme mehr feststellst, dann sind wir fertig. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen und hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst....  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine infizierte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
20.03.2014, 17:39
| #13 |
| | Unknowen.RootKit.VBR eingefangen! Was nun? Hallo Jürgen, vielen Dank für deine Hilfe, es müsste viel mehr von deiner Sorte geben. Mach bitte weiter so. Alles gute und viel Glück. Dank und Gruß ANDRÉ  |
|
| Themen zu Unknowen.RootKit.VBR eingefangen! Was nun? |
| ausgehende, branding, datei, direkt, eingefangen, erkennung, feedback, firewall, forum, freemium, gelöscht, gen, gescannt, hoffe, infos, malwarebytes, melde, meldet, namens, recht, rootkit, schnelle, sketchup, start, system, tipps, tools, verbindung, wurm |
Linear-Darstellung
