| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.10.2014, 19:02
| #1 |
| |  Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Einen wunderschönen guten Abend liebe Community, ich habe folgendes Problem, Avira hat mir gerade ebend gemeldet er hätte einen Fund gemacht besagte Datei heißt boo/ cidox.b Masterbootsektor auf HD0 virus. Ich bin eigentlich kein dummer was PC´s angeht und Bereinigung aber diesmal hab ich mir selbst ins knie gebissen. Hab den entfernt und siehe da jetzt zeigt mein Windows es sei nicht mehr aktiviert. Schöner Mist jetzt spinnt auch noch meine explorer.exe die der Meinung ist sich 10 mal zu öffnen insgesamt 4GB AS verbrennt und ich hab nicht die leiseste Ahnung was los ist. Alles fing auf Arbeit an, weil ich dort nicht meinen eigenen usb stick verwendet hatte. FRST LOG: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Florian (administrator) on FLORIAN-PC on 12-10-2014 19:28:32
Running from C:\Users\Florian\Desktop
Loaded Profile: Florian (Available profiles: Florian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-09-15] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKU\S-1-5-21-3700899397-2213452428-4285179099-1000\...\MountPoints2: {2343528b-9a80-11e3-920c-1c6f655fd9e4} - E:\dvdstart.exe
HKU\S-1-5-21-3700899397-2213452428-4285179099-1000\...\MountPoints2: {23435374-9a80-11e3-920c-1c6f655fd9e4} - F:\Autorun.exe
HKU\S-1-5-21-3700899397-2213452428-4285179099-1000\...\MountPoints2: {28e1e6f1-b07e-11e3-9b1b-1c6f655fd9e4} - F:\cdstart.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F8E481452CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\abs@avira.com [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [Not Found]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-15] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 19:28 - 2014-10-12 19:28 - 00009076 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-10-12 19:14 - 2014-10-12 19:28 - 00000000 ____D () C:\FRST
2014-10-12 19:13 - 2014-10-12 19:13 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-10-12 19:13 - 2014-10-12 19:13 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-10-12 19:12 - 2014-10-12 19:13 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2014-10-12 19:11 - 2014-10-12 19:12 - 02110464 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-10-12 19:10 - 2014-10-12 19:10 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-12 18:54 - 2014-10-12 18:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Desktop\tdsskiller.exe
2014-10-12 18:53 - 2014-10-12 18:53 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 01932448 _____ (wj32 ) C:\Users\Florian\Downloads\processhacker-2.33-setup.exe
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-12 18:28 - 2014-10-12 18:28 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-12 18:27 - 2014-10-12 18:59 - 00000112 _____ () C:\Windows\setupact.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00159920 _____ () C:\Windows\PFRO.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Windows\pss
2014-10-12 18:15 - 2014-10-12 18:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-12 18:13 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-12 18:11 - 2014-10-12 18:26 - 00000000 ____D () C:\AdwCleaner
2014-10-12 18:11 - 2014-10-12 18:11 - 01375089 _____ () C:\Users\Florian\Desktop\adwcleaner_3.311.exe
2014-10-12 18:10 - 2014-10-12 18:12 - 150010760 _____ () C:\Users\Florian\Downloads\avira07_free_antivirus_de.exe
2014-10-12 17:54 - 2014-10-12 17:54 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-10-12 17:54 - 2014-10-12 17:54 - 00001908 _____ () C:\Windows\diagerr.xml
2014-10-12 17:43 - 2014-10-12 17:43 - 00000000 ____D () C:\ProgramData\PafoMexla
2014-10-12 15:31 - 2014-10-12 15:31 - 00041687 _____ () C:\Users\Florian\Documents\gmerlog.log
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\LoyzOkke
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\FowajXewem
2014-10-12 14:13 - 2014-10-12 19:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 14:13 - 2014-10-12 14:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 20:50 - 2014-10-12 17:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 20:50 - 2014-09-29 20:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 20:50 - 2014-09-29 20:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 12:34 - 2014-09-25 12:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 09:57 - 2014-09-25 09:57 - 00001644 _____ () C:\Users\Florian\Desktop\Photoshop.lnk
2014-09-25 09:17 - 2014-09-25 09:17 - 00000000 _____ () C:\Users\Florian\Desktop\1037 - 1131.txt
2014-09-25 09:16 - 2014-09-29 21:03 - 00000000 ____D () C:\Users\Florian\Desktop\tag der leitlinien
2014-09-23 19:53 - 2014-10-12 15:53 - 00000000 ____D () C:\ProgramData\EzukuWguqv
2014-09-18 18:20 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\UlibpUfxet
2014-09-18 18:19 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\AyabVozoj
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 19:22 - 2014-04-11 23:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-12 19:22 - 2014-02-12 00:06 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-10-12 19:21 - 2014-04-11 23:42 - 00000000 ____D () C:\Program Files\Adobe
2014-10-12 19:19 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-12 19:19 - 2014-02-14 01:56 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DVDVideoSoft
2014-10-12 19:18 - 2014-02-11 23:00 - 00245984 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 19:13 - 2014-02-11 22:56 - 00000000 ____D () C:\Users\Florian
2014-10-12 19:03 - 2011-04-12 09:43 - 00698826 _____ () C:\Windows\system32\perfh007.dat
2014-10-12 19:03 - 2011-04-12 09:43 - 00148966 _____ () C:\Windows\system32\perfc007.dat
2014-10-12 19:03 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 18:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 18:37 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:37 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:29 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2014-10-12 18:28 - 2014-02-11 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 18:24 - 2014-03-04 15:14 - 01316352 ___SH () C:\Users\Florian\Downloads\Thumbs.db
2014-10-12 18:19 - 2014-02-21 02:31 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-10-12 18:19 - 2014-02-11 22:50 - 00000000 ____D () C:\Windows\Panther
2014-10-12 17:34 - 2014-02-12 00:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-12 16:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-12 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-10-12 14:13 - 2014-02-12 13:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 14:13 - 2014-02-12 13:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 20:49 - 2014-02-14 01:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc
2014-09-29 20:46 - 2014-02-11 23:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 22:35 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Programme
2014-09-23 23:29 - 2014-02-12 00:14 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Skype
2014-09-23 19:16 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
2014-09-23 19:16 - 2014-02-27 16:36 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\TS3Client
2014-09-23 19:16 - 2014-02-11 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 19:15 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Spiele
2014-09-18 18:27 - 2014-02-12 00:14 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 00:15 - 2014-02-14 01:03 - 00000000 ____D () C:\Users\Florian\Downloads\Serien
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian\AppData\Local\Temp\Uninstall.exe
C:\Users\Florian\AppData\Local\Temp\{D96D6489-761F-4DED-BBE8-4D8BD3DB20AD}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-12 16:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by Florian at 2014-10-12 19:28:52
Running from C:\Users\Florian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
18 Wheels of Steel: Convoy 1.0 (HKLM-x32\...\18 Wheels of Steel: Convoy) (Version: 1.0 - ValuSoft)
18 Wheels of Steel: Haulin' (HKLM-x32\...\18 Wheels of Steel: Haulin') (Version: - ValuSoft)
18 WoS Across America (HKLM-x32\...\InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}) (Version: 0.2.0000 - ValuSoft)
18 WoS Across America (x32 Version: 0.2.0000 - ValuSoft) Hidden
18 WoS: Voll aufs Gas (HKLM-x32\...\{39286675-3166-9420-2336-779493021964}) (Version: 1.0 - rondomedia)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{deb50ae5-d3c4-4eae-a7a8-3dce2a7325b1}) (Version: 1.1.21.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Big Fun Zug Um Zug (HKLM-x32\...\Zug Um Zug) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cobra 11 - Highway Nights (remove only) (HKLM-x32\...\HighwayNights) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2: Family Fun - Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version: - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
Die Sims™ 2 Teen Style-Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version: - Electronic Arts)
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version: - Electronic Arts)
Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 10.3.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}) (Version: 1.00.0000 - Microsoft Game Studios)
Microsoft Flight Simulator X Demo (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
24-08-2014 10:25:04 Geplanter Prüfpunkt
01-09-2014 23:29:12 Geplanter Prüfpunkt
13-09-2014 20:17:25 Geplanter Prüfpunkt
23-09-2014 18:45:52 Geplanter Prüfpunkt
12-10-2014 12:22:13 Windows Modules Installer
12-10-2014 17:17:41 Removed LogMeIn Hamachi
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-03-11 11:42 - 00000987 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 65.52.240.48
127.0.0.1 oscount.techsmith.com
127.0.0.1 69.167.144.18
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6DC72263-47D9-425F-ABCC-C759D9287785} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-12] (Adobe Systems Incorporated)
Task: {7508A622-117C-41C0-AB80-60A2C2AE7640} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-15 11:56 - 2014-09-15 11:56 - 00140024 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-15 11:56 - 2014-09-15 11:56 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-10-12 18:28 - 2014-09-15 11:56 - 00051504 _____ () C:\Users\Florian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-25 12:34 - 2014-09-25 12:34 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33903590.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33903590.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^proquota.lnk => C:\Windows\pss\proquota.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RunLegacyCPLElevated.lnk => C:\Windows\pss\RunLegacyCPLElevated.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3700899397-2213452428-4285179099-500 - Administrator - Disabled)
Florian (S-1-5-21-3700899397-2213452428-4285179099-1000 - Administrator - Enabled) => C:\Users\Florian
Gast (S-1-5-21-3700899397-2213452428-4285179099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3700899397-2213452428-4285179099-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: DTSOFT Virtual CdRom Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/12/2014 07:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:24:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/">.
Error: (10/12/2014 06:19:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/">.
Error: (10/12/2014 05:50:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9
Ausnahmecode: 0xc000070a
Fehleroffset: 0x000000000005d009
ID des fehlerhaften Prozesses: 0x158c
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (10/12/2014 05:22:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 05:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 04:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x03596dc5
ID des fehlerhaften Prozesses: 0xb2c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (10/12/2014 03:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 03:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01d66dc5
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3
System errors:
=============
Error: (10/12/2014 07:00:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/12/2014 07:00:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/12/2014 07:00:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.
Error: (10/12/2014 06:29:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/12/2014 05:21:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/12/2014 05:20:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sarconsogulpe" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/12/2014 05:13:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/12/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/12/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/12/2014 05:11:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (10/12/2014 07:01:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:29:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 06:24:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/
Error: (10/12/2014 06:19:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3700899397-2213452428-4285179099-1000}/
Error: (10/12/2014 05:50:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175144ce7a144ntdll.dll6.1.7601.175144ce7c8f9c000070a000000000005d009158c01cfe632c114b210C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll8843d310-5227-11e4-a756-1c6f655fd9e4
Error: (10/12/2014 05:22:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 05:13:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 04:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000503596dc5b2c01cfe62318df7800C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeunknown110f1d20-521a-11e4-a7b3-1c6f655fd9e4
Error: (10/12/2014 03:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/12/2014 03:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28unknown0.0.0.000000000c000000501d66dc5efc01cfe62256805fe0C:\Windows\SysWOW64\regsvr32.exeunknown94367040-5215-11e4-869d-1c6f655fd9e4
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 21%
Total physical RAM: 10238.49 MB
Available physical RAM: 8083.34 MB
Total Pagefile: 20475.18 MB
Available Pagefile: 18153.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:382.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B0FDAF4D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12.10.2014 Scan Time: 19:40:25 Logfile: mbamlog.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.12.06 Rootkit Database: v2014.10.11.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Florian Scan Type: Threat Scan Result: Completed Objects Scanned: 312888 Time Elapsed: 6 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 Trojan.FakeMS.ED, C:\Windows\Installer\{1D8F59D2-9056-4610-95B6-D3BF42162672}\msiexec.exe, , [bd198d86601c00365bf9e7e8cc35c43c], Trojan.FakeMS.ED, C:\Windows\Installer\{10DAFDF8-E226-404C-8998-EF9F3AF0B17C}\msiexec.exe, , [d30362b1c1bb2214a7adf7d8649d0000], Physical Sectors: 0 (No malicious items detected) (end) |
|
12.10.2014, 19:06
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
12.10.2014, 19:09
| #3 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert TDSS log:
__________________Code:
ATTFilter 20:07:25.0685 0x13e0 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:07:28.0072 0x13e0 ============================================================
20:07:28.0072 0x13e0 Current date / time: 2014/10/12 20:07:28.0072
20:07:28.0072 0x13e0 SystemInfo:
20:07:28.0072 0x13e0
20:07:28.0072 0x13e0 OS Version: 6.1.7601 ServicePack: 1.0
20:07:28.0072 0x13e0 Product type: Workstation
20:07:28.0072 0x13e0 ComputerName: FLORIAN-PC
20:07:28.0072 0x13e0 UserName: Florian
20:07:28.0072 0x13e0 Windows directory: C:\Windows
20:07:28.0072 0x13e0 System windows directory: C:\Windows
20:07:28.0072 0x13e0 Running under WOW64
20:07:28.0072 0x13e0 Processor architecture: Intel x64
20:07:28.0072 0x13e0 Number of processors: 2
20:07:28.0072 0x13e0 Page size: 0x1000
20:07:28.0072 0x13e0 Boot type: Normal boot
20:07:28.0072 0x13e0 ============================================================
20:07:28.0072 0x13e0 BG loaded
20:07:28.0212 0x13e0 System UUID: {AE369536-11EC-7BA0-1FB4-ADD1BB548177}
20:07:28.0493 0x13e0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:28.0509 0x13e0 ============================================================
20:07:28.0509 0x13e0 \Device\Harddisk0\DR0:
20:07:28.0509 0x13e0 MBR partitions:
20:07:28.0509 0x13e0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:07:28.0509 0x13e0 ============================================================
20:07:28.0524 0x13e0 C: <-> \Device\Harddisk0\DR0\Partition1
20:07:28.0524 0x13e0 ============================================================
20:07:28.0524 0x13e0 Initialize success
20:07:28.0524 0x13e0 ============================================================
20:07:33.0719 0x12c0 ============================================================
20:07:33.0719 0x12c0 Scan started
20:07:33.0719 0x12c0 Mode: Manual; SigCheck; TDLFS;
20:07:33.0719 0x12c0 ============================================================
20:07:33.0719 0x12c0 KSN ping started
20:07:47.0400 0x12c0 KSN ping finished: true
20:07:48.0336 0x12c0 ================ Scan system memory ========================
20:07:48.0336 0x12c0 System memory - ok
20:07:48.0336 0x12c0 ================ Scan services =============================
20:07:48.0414 0x12c0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:07:48.0445 0x12c0 1394ohci - ok
20:07:48.0492 0x12c0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:07:48.0492 0x12c0 ACPI - ok
20:07:48.0508 0x12c0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:07:48.0523 0x12c0 AcpiPmi - ok
20:07:48.0617 0x12c0 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:07:48.0633 0x12c0 AdobeFlashPlayerUpdateSvc - ok
20:07:48.0648 0x12c0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:07:48.0664 0x12c0 adp94xx - ok
20:07:48.0679 0x12c0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:07:48.0695 0x12c0 adpahci - ok
20:07:48.0711 0x12c0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:07:48.0726 0x12c0 adpu320 - ok
20:07:48.0726 0x12c0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:07:48.0757 0x12c0 AeLookupSvc - ok
20:07:48.0789 0x12c0 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD C:\Windows\system32\drivers\afd.sys
20:07:48.0820 0x12c0 AFD - ok
20:07:48.0835 0x12c0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:07:48.0835 0x12c0 agp440 - ok
20:07:48.0851 0x12c0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:07:48.0867 0x12c0 ALG - ok
20:07:48.0882 0x12c0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:07:48.0882 0x12c0 aliide - ok
20:07:48.0929 0x12c0 [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:07:48.0945 0x12c0 AMD External Events Utility - ok
20:07:48.0991 0x12c0 AMD FUEL Service - ok
20:07:49.0007 0x12c0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:07:49.0023 0x12c0 amdide - ok
20:07:49.0023 0x12c0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:07:49.0038 0x12c0 AmdK8 - ok
20:07:49.0366 0x12c0 [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:07:49.0693 0x12c0 amdkmdag - ok
20:07:49.0803 0x12c0 [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:07:49.0834 0x12c0 amdkmdap - ok
20:07:49.0834 0x12c0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:07:49.0849 0x12c0 AmdPPM - ok
20:07:49.0865 0x12c0 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:07:49.0865 0x12c0 amdsata - ok
20:07:49.0881 0x12c0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:07:49.0896 0x12c0 amdsbs - ok
20:07:49.0896 0x12c0 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:07:49.0912 0x12c0 amdxata - ok
20:07:50.0099 0x12c0 [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:07:50.0115 0x12c0 AntiVirSchedulerService - ok
20:07:50.0177 0x12c0 [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:07:50.0193 0x12c0 AntiVirService - ok
20:07:50.0239 0x12c0 [ E8CCB797DAF80779C768BD3A9FC8FCAF, 781BD878CA34D8B6D2FE238439CD173E95449260428859BEA92866D41B1284F4 ] AODDriver4.2.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:07:50.0239 0x12c0 AODDriver4.2.0 - ok
20:07:50.0271 0x12c0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
20:07:50.0286 0x12c0 AppID - ok
20:07:50.0302 0x12c0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:07:50.0333 0x12c0 AppIDSvc - ok
20:07:50.0333 0x12c0 [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
20:07:50.0364 0x12c0 Appinfo - ok
20:07:50.0442 0x12c0 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:07:50.0442 0x12c0 Apple Mobile Device - ok
20:07:50.0473 0x12c0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
20:07:50.0489 0x12c0 AppMgmt - ok
20:07:50.0505 0x12c0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
20:07:50.0520 0x12c0 arc - ok
20:07:50.0536 0x12c0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:07:50.0536 0x12c0 arcsas - ok
20:07:50.0629 0x12c0 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:07:50.0645 0x12c0 aspnet_state - ok
20:07:50.0661 0x12c0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:50.0676 0x12c0 AsyncMac - ok
20:07:50.0692 0x12c0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:07:50.0692 0x12c0 atapi - ok
20:07:50.0723 0x12c0 [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:07:50.0723 0x12c0 AtiHDAudioService - ok
20:07:50.0754 0x12c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:07:50.0785 0x12c0 AudioEndpointBuilder - ok
20:07:50.0801 0x12c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:07:50.0848 0x12c0 AudioSrv - ok
20:07:50.0910 0x12c0 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:07:50.0926 0x12c0 avgntflt - ok
20:07:50.0941 0x12c0 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:07:50.0957 0x12c0 avipbb - ok
20:07:51.0066 0x12c0 [ A8FBD0376739516B25A0265772D7678F, 6BB3CB1AF4C568DF0D9C3FAAB13351ECC4504E58963618AE9F4E1AC1EDD2AD7F ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:07:51.0066 0x12c0 Avira.OE.ServiceHost - ok
20:07:51.0082 0x12c0 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:07:51.0082 0x12c0 avkmgr - ok
20:07:51.0113 0x12c0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:07:51.0129 0x12c0 AxInstSV - ok
20:07:51.0144 0x12c0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:07:51.0160 0x12c0 b06bdrv - ok
20:07:51.0191 0x12c0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:51.0207 0x12c0 b57nd60a - ok
20:07:51.0222 0x12c0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:07:51.0222 0x12c0 BDESVC - ok
20:07:51.0238 0x12c0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:07:51.0269 0x12c0 Beep - ok
20:07:51.0285 0x12c0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:07:51.0331 0x12c0 BFE - ok
20:07:51.0363 0x12c0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:07:51.0409 0x12c0 BITS - ok
20:07:51.0441 0x12c0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:51.0441 0x12c0 blbdrive - ok
20:07:51.0487 0x12c0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:07:51.0503 0x12c0 Bonjour Service - ok
20:07:51.0519 0x12c0 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:07:51.0550 0x12c0 bowser - ok
20:07:51.0550 0x12c0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:07:51.0565 0x12c0 BrFiltLo - ok
20:07:51.0565 0x12c0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:07:51.0581 0x12c0 BrFiltUp - ok
20:07:51.0597 0x12c0 [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll
20:07:51.0628 0x12c0 Browser - ok
20:07:51.0643 0x12c0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:07:51.0659 0x12c0 Brserid - ok
20:07:51.0659 0x12c0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:51.0675 0x12c0 BrSerWdm - ok
20:07:51.0690 0x12c0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:51.0706 0x12c0 BrUsbMdm - ok
20:07:51.0706 0x12c0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:51.0721 0x12c0 BrUsbSer - ok
20:07:51.0721 0x12c0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:07:51.0737 0x12c0 BTHMODEM - ok
20:07:51.0753 0x12c0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:07:51.0768 0x12c0 bthserv - ok
20:07:51.0784 0x12c0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:07:51.0815 0x12c0 cdfs - ok
20:07:51.0831 0x12c0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:07:51.0846 0x12c0 cdrom - ok
20:07:51.0846 0x12c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:07:51.0877 0x12c0 CertPropSvc - ok
20:07:51.0893 0x12c0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
20:07:51.0893 0x12c0 circlass - ok
20:07:51.0924 0x12c0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
20:07:51.0940 0x12c0 CLFS - ok
20:07:51.0971 0x12c0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:51.0987 0x12c0 clr_optimization_v2.0.50727_32 - ok
20:07:52.0018 0x12c0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:52.0018 0x12c0 clr_optimization_v2.0.50727_64 - ok
20:07:52.0096 0x12c0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:07:52.0111 0x12c0 clr_optimization_v4.0.30319_32 - ok
20:07:52.0127 0x12c0 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:07:52.0127 0x12c0 clr_optimization_v4.0.30319_64 - ok
20:07:52.0143 0x12c0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:07:52.0143 0x12c0 CmBatt - ok
20:07:52.0158 0x12c0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:07:52.0174 0x12c0 cmdide - ok
20:07:52.0189 0x12c0 [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG C:\Windows\system32\Drivers\cng.sys
20:07:52.0205 0x12c0 CNG - ok
20:07:52.0221 0x12c0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:07:52.0221 0x12c0 Compbatt - ok
20:07:52.0252 0x12c0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:07:52.0252 0x12c0 CompositeBus - ok
20:07:52.0267 0x12c0 COMSysApp - ok
20:07:52.0267 0x12c0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:07:52.0283 0x12c0 crcdisk - ok
20:07:52.0299 0x12c0 [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:07:52.0330 0x12c0 CryptSvc - ok
20:07:52.0361 0x12c0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
20:07:52.0377 0x12c0 CSC - ok
20:07:52.0408 0x12c0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
20:07:52.0423 0x12c0 CscService - ok
20:07:52.0455 0x12c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:07:52.0501 0x12c0 DcomLaunch - ok
20:07:52.0533 0x12c0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:07:52.0564 0x12c0 defragsvc - ok
20:07:52.0579 0x12c0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:07:52.0595 0x12c0 DfsC - ok
20:07:52.0611 0x12c0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:07:52.0642 0x12c0 Dhcp - ok
20:07:52.0657 0x12c0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:07:52.0673 0x12c0 discache - ok
20:07:52.0689 0x12c0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
20:07:52.0689 0x12c0 Disk - ok
20:07:52.0720 0x12c0 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:07:52.0720 0x12c0 dmvsc - ok
20:07:52.0751 0x12c0 [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:07:52.0782 0x12c0 Dnscache - ok
20:07:52.0782 0x12c0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:07:52.0813 0x12c0 dot3svc - ok
20:07:52.0829 0x12c0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:07:52.0860 0x12c0 DPS - ok
20:07:52.0891 0x12c0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:07:52.0891 0x12c0 drmkaud - ok
20:07:52.0954 0x12c0 [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:07:52.0954 0x12c0 dtsoftbus01 - ok
20:07:52.0985 0x12c0 [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:07:53.0016 0x12c0 DXGKrnl - ok
20:07:53.0032 0x12c0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:07:53.0063 0x12c0 EapHost - ok
20:07:53.0141 0x12c0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:07:53.0219 0x12c0 ebdrv - ok
20:07:53.0250 0x12c0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
20:07:53.0266 0x12c0 EFS - ok
20:07:53.0313 0x12c0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:07:53.0328 0x12c0 ehRecvr - ok
20:07:53.0344 0x12c0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:07:53.0359 0x12c0 ehSched - ok
20:07:53.0375 0x12c0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:07:53.0391 0x12c0 elxstor - ok
20:07:53.0406 0x12c0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:07:53.0406 0x12c0 ErrDev - ok
20:07:53.0437 0x12c0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:07:53.0469 0x12c0 EventSystem - ok
20:07:53.0484 0x12c0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:07:53.0515 0x12c0 exfat - ok
20:07:53.0531 0x12c0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:07:53.0562 0x12c0 fastfat - ok
20:07:53.0593 0x12c0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:07:53.0625 0x12c0 Fax - ok
20:07:53.0640 0x12c0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:07:53.0656 0x12c0 fdc - ok
20:07:53.0671 0x12c0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:07:53.0687 0x12c0 fdPHost - ok
20:07:53.0703 0x12c0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:07:53.0718 0x12c0 FDResPub - ok
20:07:53.0734 0x12c0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:07:53.0749 0x12c0 FileInfo - ok
20:07:53.0765 0x12c0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:07:53.0781 0x12c0 Filetrace - ok
20:07:53.0796 0x12c0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:07:53.0812 0x12c0 flpydisk - ok
20:07:53.0827 0x12c0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:07:53.0843 0x12c0 FltMgr - ok
20:07:53.0874 0x12c0 [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache C:\Windows\system32\FntCache.dll
20:07:53.0921 0x12c0 FontCache - ok
20:07:53.0952 0x12c0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:07:53.0952 0x12c0 FontCache3.0.0.0 - ok
20:07:53.0968 0x12c0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:07:53.0983 0x12c0 FsDepends - ok
20:07:53.0983 0x12c0 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:07:53.0999 0x12c0 Fs_Rec - ok
20:07:54.0015 0x12c0 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:07:54.0030 0x12c0 fvevol - ok
20:07:54.0030 0x12c0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:07:54.0046 0x12c0 gagp30kx - ok
20:07:54.0077 0x12c0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:07:54.0093 0x12c0 GEARAspiWDM - ok
20:07:54.0108 0x12c0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:07:54.0155 0x12c0 gpsvc - ok
20:07:54.0217 0x12c0 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:07:54.0217 0x12c0 hamachi - ok
20:07:54.0217 0x12c0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:07:54.0233 0x12c0 hcw85cir - ok
20:07:54.0264 0x12c0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:07:54.0280 0x12c0 HdAudAddService - ok
20:07:54.0295 0x12c0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:07:54.0311 0x12c0 HDAudBus - ok
20:07:54.0327 0x12c0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:07:54.0327 0x12c0 HidBatt - ok
20:07:54.0342 0x12c0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:07:54.0358 0x12c0 HidBth - ok
20:07:54.0373 0x12c0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
20:07:54.0373 0x12c0 HidIr - ok
20:07:54.0389 0x12c0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:07:54.0420 0x12c0 hidserv - ok
20:07:54.0436 0x12c0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:07:54.0436 0x12c0 HidUsb - ok
20:07:54.0451 0x12c0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:07:54.0483 0x12c0 hkmsvc - ok
20:07:54.0498 0x12c0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:07:54.0514 0x12c0 HomeGroupListener - ok
20:07:54.0545 0x12c0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:07:54.0561 0x12c0 HomeGroupProvider - ok
20:07:54.0561 0x12c0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:07:54.0576 0x12c0 HpSAMD - ok
20:07:54.0607 0x12c0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:07:54.0654 0x12c0 HTTP - ok
20:07:54.0654 0x12c0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:07:54.0670 0x12c0 hwpolicy - ok
20:07:54.0670 0x12c0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:07:54.0685 0x12c0 i8042prt - ok
20:07:54.0701 0x12c0 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:07:54.0717 0x12c0 iaStorV - ok
20:07:54.0795 0x12c0 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:07:54.0795 0x12c0 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:07:57.0462 0x12c0 Detect skipped due to KSN trusted
20:07:57.0478 0x12c0 IDriverT - ok
20:07:57.0525 0x12c0 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:07:57.0540 0x12c0 idsvc - ok
20:07:57.0556 0x12c0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:07:57.0571 0x12c0 iirsp - ok
20:07:57.0603 0x12c0 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
20:07:57.0649 0x12c0 IKEEXT - ok
20:07:57.0759 0x12c0 [ FA2B7507CD49908B2260949E52F8B9FE, 0EA0B3B25A3B668CA18313E34138DADA5C9835E476A1BFC56588B946DF0A92E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:07:57.0837 0x12c0 IntcAzAudAddService - ok
20:07:57.0852 0x12c0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:07:57.0868 0x12c0 intelide - ok
20:07:57.0883 0x12c0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
20:07:57.0899 0x12c0 intelppm - ok
20:07:57.0915 0x12c0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:07:57.0930 0x12c0 IPBusEnum - ok
20:07:57.0946 0x12c0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:07:57.0961 0x12c0 IpFilterDriver - ok
20:07:57.0977 0x12c0 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:07:58.0024 0x12c0 iphlpsvc - ok
20:07:58.0024 0x12c0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:07:58.0039 0x12c0 IPMIDRV - ok
20:07:58.0055 0x12c0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:07:58.0071 0x12c0 IPNAT - ok
20:07:58.0117 0x12c0 [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:07:58.0133 0x12c0 iPod Service - ok
20:07:58.0164 0x12c0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:07:58.0180 0x12c0 IRENUM - ok
20:07:58.0180 0x12c0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:07:58.0195 0x12c0 isapnp - ok
20:07:58.0211 0x12c0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:07:58.0227 0x12c0 iScsiPrt - ok
20:07:58.0227 0x12c0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:07:58.0242 0x12c0 kbdclass - ok
20:07:58.0242 0x12c0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:07:58.0258 0x12c0 kbdhid - ok
20:07:58.0258 0x12c0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
20:07:58.0273 0x12c0 KeyIso - ok
20:07:58.0273 0x12c0 [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:07:58.0289 0x12c0 KSecDD - ok
20:07:58.0305 0x12c0 [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:07:58.0305 0x12c0 KSecPkg - ok
20:07:58.0320 0x12c0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:07:58.0336 0x12c0 ksthunk - ok
20:07:58.0367 0x12c0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:07:58.0414 0x12c0 KtmRm - ok
20:07:58.0445 0x12c0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:07:58.0476 0x12c0 LanmanServer - ok
20:07:58.0492 0x12c0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:07:58.0523 0x12c0 LanmanWorkstation - ok
20:07:58.0554 0x12c0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:07:58.0570 0x12c0 lltdio - ok
20:07:58.0601 0x12c0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:07:58.0632 0x12c0 lltdsvc - ok
20:07:58.0632 0x12c0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:07:58.0663 0x12c0 lmhosts - ok
20:07:58.0679 0x12c0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:07:58.0679 0x12c0 LSI_FC - ok
20:07:58.0695 0x12c0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:07:58.0710 0x12c0 LSI_SAS - ok
20:07:58.0710 0x12c0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:07:58.0710 0x12c0 LSI_SAS2 - ok
20:07:58.0726 0x12c0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:07:58.0726 0x12c0 LSI_SCSI - ok
20:07:58.0757 0x12c0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:07:58.0773 0x12c0 luafv - ok
20:07:58.0788 0x12c0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:07:58.0804 0x12c0 Mcx2Svc - ok
20:07:58.0819 0x12c0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
20:07:58.0819 0x12c0 megasas - ok
20:07:58.0835 0x12c0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:07:58.0851 0x12c0 MegaSR - ok
20:07:58.0866 0x12c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:07:58.0897 0x12c0 MMCSS - ok
20:07:58.0897 0x12c0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:07:58.0929 0x12c0 Modem - ok
20:07:58.0944 0x12c0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:07:58.0960 0x12c0 monitor - ok
20:07:58.0975 0x12c0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:07:58.0975 0x12c0 mouclass - ok
20:07:58.0991 0x12c0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:07:59.0007 0x12c0 mouhid - ok
20:07:59.0007 0x12c0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:07:59.0022 0x12c0 mountmgr - ok
20:07:59.0053 0x12c0 [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:07:59.0069 0x12c0 MozillaMaintenance - ok
20:07:59.0069 0x12c0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:07:59.0085 0x12c0 mpio - ok
20:07:59.0100 0x12c0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:07:59.0116 0x12c0 mpsdrv - ok
20:07:59.0147 0x12c0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:07:59.0194 0x12c0 MpsSvc - ok
20:07:59.0209 0x12c0 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:07:59.0209 0x12c0 MRxDAV - ok
20:07:59.0241 0x12c0 [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:07:59.0256 0x12c0 mrxsmb - ok
20:07:59.0272 0x12c0 [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:07:59.0303 0x12c0 mrxsmb10 - ok
20:07:59.0319 0x12c0 [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:07:59.0350 0x12c0 mrxsmb20 - ok
20:07:59.0365 0x12c0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:07:59.0365 0x12c0 msahci - ok
20:07:59.0365 0x12c0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:07:59.0381 0x12c0 msdsm - ok
20:07:59.0397 0x12c0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:07:59.0412 0x12c0 MSDTC - ok
20:07:59.0428 0x12c0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:07:59.0459 0x12c0 Msfs - ok
20:07:59.0459 0x12c0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:07:59.0490 0x12c0 mshidkmdf - ok
20:07:59.0490 0x12c0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:07:59.0506 0x12c0 msisadrv - ok
20:07:59.0521 0x12c0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:07:59.0553 0x12c0 MSiSCSI - ok
20:07:59.0568 0x12c0 msiserver - ok
20:07:59.0584 0x12c0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:07:59.0599 0x12c0 MSKSSRV - ok
20:07:59.0615 0x12c0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:07:59.0646 0x12c0 MSPCLOCK - ok
20:07:59.0646 0x12c0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:07:59.0677 0x12c0 MSPQM - ok
20:07:59.0693 0x12c0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:07:59.0709 0x12c0 MsRPC - ok
20:07:59.0709 0x12c0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:07:59.0724 0x12c0 mssmbios - ok
20:07:59.0724 0x12c0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:07:59.0740 0x12c0 MSTEE - ok
20:07:59.0755 0x12c0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:07:59.0771 0x12c0 MTConfig - ok
20:07:59.0771 0x12c0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:07:59.0787 0x12c0 Mup - ok
20:07:59.0818 0x12c0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:07:59.0849 0x12c0 napagent - ok
20:07:59.0880 0x12c0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:07:59.0896 0x12c0 NativeWifiP - ok
20:07:59.0927 0x12c0 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:07:59.0958 0x12c0 NDIS - ok
20:07:59.0974 0x12c0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:07:59.0989 0x12c0 NdisCap - ok
20:08:00.0005 0x12c0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:00.0021 0x12c0 NdisTapi - ok
20:08:00.0036 0x12c0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:00.0067 0x12c0 Ndisuio - ok
20:08:00.0083 0x12c0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:00.0099 0x12c0 NdisWan - ok
20:08:00.0114 0x12c0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:08:00.0145 0x12c0 NDProxy - ok
20:08:00.0145 0x12c0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:08:00.0177 0x12c0 NetBIOS - ok
20:08:00.0192 0x12c0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:08:00.0223 0x12c0 NetBT - ok
20:08:00.0239 0x12c0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
20:08:00.0239 0x12c0 Netlogon - ok
20:08:00.0270 0x12c0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:08:00.0301 0x12c0 Netman - ok
20:08:00.0348 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:00.0348 0x12c0 NetMsmqActivator - ok
20:08:00.0364 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:00.0364 0x12c0 NetPipeActivator - ok
20:08:00.0395 0x12c0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:08:00.0426 0x12c0 netprofm - ok
20:08:00.0426 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:00.0442 0x12c0 NetTcpActivator - ok
20:08:00.0442 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:00.0457 0x12c0 NetTcpPortSharing - ok
20:08:00.0473 0x12c0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:08:00.0473 0x12c0 nfrd960 - ok
20:08:00.0489 0x12c0 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:08:00.0520 0x12c0 NlaSvc - ok
20:08:00.0535 0x12c0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:08:00.0567 0x12c0 Npfs - ok
20:08:00.0582 0x12c0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:08:00.0598 0x12c0 nsi - ok
20:08:00.0613 0x12c0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:08:00.0629 0x12c0 nsiproxy - ok
20:08:00.0676 0x12c0 [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:08:00.0723 0x12c0 Ntfs - ok
20:08:00.0723 0x12c0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:08:00.0754 0x12c0 Null - ok
20:08:00.0769 0x12c0 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
20:08:00.0801 0x12c0 NVENETFD - ok
20:08:00.0801 0x12c0 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:08:00.0816 0x12c0 nvraid - ok
20:08:00.0832 0x12c0 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:08:00.0832 0x12c0 nvstor - ok
20:08:00.0847 0x12c0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:08:00.0863 0x12c0 nv_agp - ok
20:08:00.0863 0x12c0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:08:00.0879 0x12c0 ohci1394 - ok
20:08:00.0910 0x12c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:08:00.0925 0x12c0 p2pimsvc - ok
20:08:00.0941 0x12c0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:08:00.0957 0x12c0 p2psvc - ok
20:08:00.0972 0x12c0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:08:00.0988 0x12c0 Parport - ok
20:08:01.0003 0x12c0 [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:08:01.0003 0x12c0 partmgr - ok
20:08:01.0019 0x12c0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
20:08:01.0035 0x12c0 PcaSvc - ok
20:08:01.0050 0x12c0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:08:01.0050 0x12c0 pci - ok
20:08:01.0066 0x12c0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:08:01.0066 0x12c0 pciide - ok
20:08:01.0081 0x12c0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:08:01.0097 0x12c0 pcmcia - ok
20:08:01.0097 0x12c0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:08:01.0113 0x12c0 pcw - ok
20:08:01.0144 0x12c0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:08:01.0175 0x12c0 PEAUTH - ok
20:08:01.0237 0x12c0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:08:01.0269 0x12c0 PeerDistSvc - ok
20:08:01.0331 0x12c0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:08:01.0331 0x12c0 PerfHost - ok
20:08:01.0393 0x12c0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:08:01.0440 0x12c0 pla - ok
20:08:01.0487 0x12c0 [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:08:01.0518 0x12c0 PlugPlay - ok
20:08:01.0534 0x12c0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:08:01.0549 0x12c0 PNRPAutoReg - ok
20:08:01.0565 0x12c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:08:01.0581 0x12c0 PNRPsvc - ok
20:08:01.0612 0x12c0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:08:01.0643 0x12c0 PolicyAgent - ok
20:08:01.0659 0x12c0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:08:01.0690 0x12c0 Power - ok
20:08:01.0721 0x12c0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:08:01.0752 0x12c0 PptpMiniport - ok
20:08:01.0752 0x12c0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
20:08:01.0768 0x12c0 Processor - ok
20:08:01.0783 0x12c0 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
20:08:01.0815 0x12c0 ProfSvc - ok
20:08:01.0815 0x12c0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:08:01.0830 0x12c0 ProtectedStorage - ok
20:08:01.0846 0x12c0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:08:01.0877 0x12c0 Psched - ok
20:08:01.0924 0x12c0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:08:01.0971 0x12c0 ql2300 - ok
20:08:01.0986 0x12c0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:08:01.0986 0x12c0 ql40xx - ok
20:08:02.0017 0x12c0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:08:02.0033 0x12c0 QWAVE - ok
20:08:02.0049 0x12c0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:08:02.0064 0x12c0 QWAVEdrv - ok
20:08:02.0064 0x12c0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:08:02.0095 0x12c0 RasAcd - ok
20:08:02.0111 0x12c0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:02.0142 0x12c0 RasAgileVpn - ok
20:08:02.0158 0x12c0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:08:02.0173 0x12c0 RasAuto - ok
20:08:02.0189 0x12c0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:02.0220 0x12c0 Rasl2tp - ok
20:08:02.0236 0x12c0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:08:02.0267 0x12c0 RasMan - ok
20:08:02.0267 0x12c0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:02.0298 0x12c0 RasPppoe - ok
20:08:02.0314 0x12c0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:08:02.0329 0x12c0 RasSstp - ok
20:08:02.0345 0x12c0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:08:02.0376 0x12c0 rdbss - ok
20:08:02.0392 0x12c0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:02.0407 0x12c0 rdpbus - ok
20:08:02.0407 0x12c0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:02.0439 0x12c0 RDPCDD - ok
20:08:02.0454 0x12c0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:08:02.0470 0x12c0 RDPDR - ok
20:08:02.0485 0x12c0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:08:02.0501 0x12c0 RDPENCDD - ok
20:08:02.0517 0x12c0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:08:02.0548 0x12c0 RDPREFMP - ok
20:08:02.0563 0x12c0 [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:08:02.0563 0x12c0 RdpVideoMiniport - ok
20:08:02.0595 0x12c0 [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:08:02.0610 0x12c0 RDPWD - ok
20:08:02.0626 0x12c0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:08:02.0641 0x12c0 rdyboost - ok
20:08:02.0657 0x12c0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:08:02.0688 0x12c0 RemoteAccess - ok
20:08:02.0719 0x12c0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:08:02.0735 0x12c0 RemoteRegistry - ok
20:08:02.0751 0x12c0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:08:02.0782 0x12c0 RpcEptMapper - ok
20:08:02.0797 0x12c0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:08:02.0813 0x12c0 RpcLocator - ok
20:08:02.0829 0x12c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:08:02.0860 0x12c0 RpcSs - ok
20:08:02.0875 0x12c0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:08:02.0907 0x12c0 rspndr - ok
20:08:02.0922 0x12c0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:08:02.0938 0x12c0 s3cap - ok
20:08:02.0938 0x12c0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
20:08:02.0953 0x12c0 SamSs - ok
20:08:02.0953 0x12c0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:08:02.0969 0x12c0 sbp2port - ok
20:08:02.0985 0x12c0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:08:03.0016 0x12c0 SCardSvr - ok
20:08:03.0016 0x12c0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:08:03.0047 0x12c0 scfilter - ok
20:08:03.0078 0x12c0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:08:03.0125 0x12c0 Schedule - ok
20:08:03.0141 0x12c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:08:03.0172 0x12c0 SCPolicySvc - ok
20:08:03.0187 0x12c0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:08:03.0203 0x12c0 SDRSVC - ok
20:08:03.0219 0x12c0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:08:03.0234 0x12c0 secdrv - ok
20:08:03.0250 0x12c0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:08:03.0265 0x12c0 seclogon - ok
20:08:03.0297 0x12c0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
20:08:03.0328 0x12c0 SENS - ok
20:08:03.0328 0x12c0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:08:03.0343 0x12c0 SensrSvc - ok
20:08:03.0375 0x12c0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:08:03.0375 0x12c0 Serenum - ok
20:08:03.0390 0x12c0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:08:03.0406 0x12c0 Serial - ok
20:08:03.0421 0x12c0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:08:03.0437 0x12c0 sermouse - ok
20:08:03.0453 0x12c0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:08:03.0484 0x12c0 SessionEnv - ok
20:08:03.0499 0x12c0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:08:03.0499 0x12c0 sffdisk - ok
20:08:03.0515 0x12c0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:08:03.0515 0x12c0 sffp_mmc - ok
20:08:03.0531 0x12c0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:08:03.0546 0x12c0 sffp_sd - ok
20:08:03.0546 0x12c0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:08:03.0562 0x12c0 sfloppy - ok
20:08:03.0577 0x12c0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:08:03.0609 0x12c0 SharedAccess - ok
20:08:03.0624 0x12c0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:08:03.0671 0x12c0 ShellHWDetection - ok
20:08:03.0687 0x12c0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:08:03.0687 0x12c0 SiSRaid2 - ok
20:08:03.0702 0x12c0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:08:03.0702 0x12c0 SiSRaid4 - ok
20:08:03.0765 0x12c0 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:08:03.0765 0x12c0 SkypeUpdate - ok
20:08:03.0796 0x12c0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:08:03.0811 0x12c0 Smb - ok
20:08:03.0827 0x12c0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:08:03.0843 0x12c0 SNMPTRAP - ok
20:08:03.0858 0x12c0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:08:03.0858 0x12c0 spldr - ok
20:08:03.0889 0x12c0 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
20:08:03.0921 0x12c0 Spooler - ok
20:08:04.0014 0x12c0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:08:04.0108 0x12c0 sppsvc - ok
20:08:04.0139 0x12c0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:08:04.0155 0x12c0 sppuinotify - ok
20:08:04.0186 0x12c0 [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv C:\Windows\system32\DRIVERS\srv.sys
20:08:04.0217 0x12c0 srv - ok
20:08:04.0233 0x12c0 [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:08:04.0264 0x12c0 srv2 - ok
20:08:04.0264 0x12c0 [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:08:04.0295 0x12c0 srvnet - ok
20:08:04.0311 0x12c0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:08:04.0342 0x12c0 SSDPSRV - ok
20:08:04.0357 0x12c0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:08:04.0389 0x12c0 SstpSvc - ok
20:08:04.0451 0x12c0 [ 706080AD43599D4AB04F1676A3A62CC1, BD9A645163501E2234CAB2B99DB297A634526786D2CDC55FE1C18F5019623E34 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:08:04.0467 0x12c0 Steam Client Service - ok
20:08:04.0482 0x12c0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:08:04.0482 0x12c0 stexstor - ok
20:08:04.0529 0x12c0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:08:04.0545 0x12c0 stisvc - ok
20:08:04.0576 0x12c0 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:08:04.0576 0x12c0 storflt - ok
20:08:04.0591 0x12c0 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:08:04.0607 0x12c0 storvsc - ok
20:08:04.0607 0x12c0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:08:04.0607 0x12c0 swenum - ok
20:08:04.0638 0x12c0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:08:04.0669 0x12c0 swprv - ok
20:08:04.0701 0x12c0 [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
20:08:04.0701 0x12c0 Synth3dVsc - ok
20:08:04.0747 0x12c0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:08:04.0810 0x12c0 SysMain - ok
20:08:04.0825 0x12c0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:08:04.0841 0x12c0 TabletInputService - ok
20:08:04.0857 0x12c0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:08:04.0888 0x12c0 TapiSrv - ok
20:08:04.0903 0x12c0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:08:04.0919 0x12c0 TBS - ok
20:08:04.0966 0x12c0 [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:08:05.0013 0x12c0 Tcpip - ok
20:08:05.0075 0x12c0 [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:08:05.0122 0x12c0 TCPIP6 - ok
20:08:05.0137 0x12c0 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:08:05.0153 0x12c0 tcpipreg - ok
20:08:05.0169 0x12c0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:08:05.0200 0x12c0 TDPIPE - ok
20:08:05.0200 0x12c0 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:08:05.0231 0x12c0 TDTCP - ok
20:08:05.0231 0x12c0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:08:05.0262 0x12c0 tdx - ok
20:08:05.0278 0x12c0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:08:05.0278 0x12c0 TermDD - ok
20:08:05.0293 0x12c0 [ 2B5BDFF688EC9871D7EC5837833374E9, BD6C629FA2938987ABF95B790B20F0B7D4D023D5013E575F343A802D6213074E ] terminpt C:\Windows\system32\drivers\terminpt.sys
20:08:05.0293 0x12c0 terminpt - ok
20:08:05.0325 0x12c0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
20:08:05.0371 0x12c0 TermService - ok
20:08:05.0387 0x12c0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:08:05.0387 0x12c0 Themes - ok
20:08:05.0403 0x12c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:08:05.0434 0x12c0 THREADORDER - ok
20:08:05.0449 0x12c0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:08:05.0465 0x12c0 TrkWks - ok
20:08:05.0512 0x12c0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:08:05.0543 0x12c0 TrustedInstaller - ok
20:08:05.0559 0x12c0 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:05.0574 0x12c0 tssecsrv - ok
20:08:05.0590 0x12c0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:08:05.0605 0x12c0 TsUsbFlt - ok
20:08:05.0605 0x12c0 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:08:05.0621 0x12c0 TsUsbGD - ok
20:08:05.0637 0x12c0 [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
20:08:05.0637 0x12c0 tsusbhub - ok
20:08:05.0668 0x12c0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:08:05.0699 0x12c0 tunnel - ok
20:08:05.0715 0x12c0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:08:05.0715 0x12c0 uagp35 - ok
20:08:05.0730 0x12c0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:08:05.0761 0x12c0 udfs - ok
20:08:05.0777 0x12c0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:08:05.0793 0x12c0 UI0Detect - ok
20:08:05.0808 0x12c0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:08:05.0808 0x12c0 uliagpkx - ok
20:08:05.0824 0x12c0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:08:05.0839 0x12c0 umbus - ok
20:08:05.0839 0x12c0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
20:08:05.0855 0x12c0 UmPass - ok
20:08:05.0886 0x12c0 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:08:05.0886 0x12c0 UmRdpService - ok
20:08:05.0917 0x12c0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:08:05.0949 0x12c0 upnphost - ok
20:08:05.0964 0x12c0 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:08:05.0980 0x12c0 USBAAPL64 - ok
20:08:05.0995 0x12c0 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:08:06.0011 0x12c0 usbaudio - ok
20:08:06.0027 0x12c0 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:06.0042 0x12c0 usbccgp - ok
20:08:06.0042 0x12c0 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:08:06.0058 0x12c0 usbcir - ok
20:08:06.0073 0x12c0 [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:08:06.0073 0x12c0 usbehci - ok
20:08:06.0089 0x12c0 [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:08:06.0105 0x12c0 usbhub - ok
20:08:06.0120 0x12c0 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:08:06.0120 0x12c0 usbohci - ok
20:08:06.0151 0x12c0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:08:06.0151 0x12c0 usbprint - ok
20:08:06.0167 0x12c0 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:06.0183 0x12c0 USBSTOR - ok
20:08:06.0183 0x12c0 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:08:06.0198 0x12c0 usbuhci - ok
20:08:06.0229 0x12c0 [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:08:06.0245 0x12c0 usbvideo - ok
20:08:06.0276 0x12c0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:08:06.0292 0x12c0 UxSms - ok
20:08:06.0307 0x12c0 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
20:08:06.0307 0x12c0 VaultSvc - ok
20:08:06.0323 0x12c0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:08:06.0323 0x12c0 vdrvroot - ok
20:08:06.0354 0x12c0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:08:06.0385 0x12c0 vds - ok
20:08:06.0385 0x12c0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:06.0401 0x12c0 vga - ok
20:08:06.0417 0x12c0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:08:06.0432 0x12c0 VgaSave - ok
20:08:06.0448 0x12c0 VGPU - ok
20:08:06.0463 0x12c0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:08:06.0463 0x12c0 vhdmp - ok
20:08:06.0479 0x12c0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:08:06.0479 0x12c0 viaide - ok
20:08:06.0495 0x12c0 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:08:06.0510 0x12c0 vmbus - ok
20:08:06.0526 0x12c0 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:08:06.0526 0x12c0 VMBusHID - ok
20:08:06.0541 0x12c0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:08:06.0541 0x12c0 volmgr - ok
20:08:06.0573 0x12c0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:08:06.0573 0x12c0 volmgrx - ok
20:08:06.0604 0x12c0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:08:06.0604 0x12c0 volsnap - ok
20:08:06.0635 0x12c0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:08:06.0651 0x12c0 vsmraid - ok
20:08:06.0713 0x12c0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:08:06.0775 0x12c0 VSS - ok
20:08:06.0807 0x12c0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:08:06.0807 0x12c0 vwifibus - ok
20:08:06.0838 0x12c0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:08:06.0869 0x12c0 W32Time - ok
20:08:06.0885 0x12c0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:08:06.0885 0x12c0 WacomPen - ok
20:08:06.0916 0x12c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:08:06.0931 0x12c0 WANARP - ok
20:08:06.0947 0x12c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:08:06.0963 0x12c0 Wanarpv6 - ok
20:08:07.0009 0x12c0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:08:07.0056 0x12c0 wbengine - ok
20:08:07.0072 0x12c0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:08:07.0087 0x12c0 WbioSrvc - ok
20:08:07.0103 0x12c0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:08:07.0119 0x12c0 wcncsvc - ok
20:08:07.0134 0x12c0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:08:07.0150 0x12c0 WcsPlugInService - ok
20:08:07.0150 0x12c0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
20:08:07.0150 0x12c0 Wd - ok
20:08:07.0181 0x12c0 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:08:07.0197 0x12c0 Wdf01000 - ok
20:08:07.0212 0x12c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:08:07.0228 0x12c0 WdiServiceHost - ok
20:08:07.0243 0x12c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:08:07.0259 0x12c0 WdiSystemHost - ok
20:08:07.0259 0x12c0 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
20:08:07.0290 0x12c0 WebClient - ok
20:08:07.0290 0x12c0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:08:07.0321 0x12c0 Wecsvc - ok
20:08:07.0337 0x12c0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:08:07.0368 0x12c0 wercplsupport - ok
20:08:07.0399 0x12c0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:08:07.0415 0x12c0 WerSvc - ok
20:08:07.0431 0x12c0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:07.0462 0x12c0 WfpLwf - ok
20:08:07.0462 0x12c0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:08:07.0477 0x12c0 WIMMount - ok
20:08:07.0477 0x12c0 WinDefend - ok
20:08:07.0493 0x12c0 WinHttpAutoProxySvc - ok
20:08:07.0524 0x12c0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:08:07.0555 0x12c0 Winmgmt - ok
20:08:07.0618 0x12c0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
20:08:07.0680 0x12c0 WinRM - ok
20:08:07.0743 0x12c0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:08:07.0743 0x12c0 WinUsb - ok
20:08:07.0774 0x12c0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:08:07.0805 0x12c0 Wlansvc - ok
20:08:07.0821 0x12c0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:08:07.0836 0x12c0 WmiAcpi - ok
20:08:07.0852 0x12c0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:08:07.0867 0x12c0 wmiApSrv - ok
20:08:07.0883 0x12c0 WMPNetworkSvc - ok
20:08:07.0899 0x12c0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:08:07.0899 0x12c0 WPCSvc - ok
20:08:07.0914 0x12c0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:08:07.0930 0x12c0 WPDBusEnum - ok
20:08:07.0930 0x12c0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:08:07.0961 0x12c0 ws2ifsl - ok
20:08:07.0977 0x12c0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
20:08:07.0977 0x12c0 wscsvc - ok
20:08:08.0039 0x12c0 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:08:08.0039 0x12c0 WSDPrintDevice - ok
20:08:08.0039 0x12c0 WSearch - ok
20:08:08.0101 0x12c0 [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv C:\Windows\system32\wuaueng.dll
20:08:08.0195 0x12c0 wuauserv - ok
20:08:08.0211 0x12c0 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:08:08.0242 0x12c0 WudfPf - ok
20:08:08.0273 0x12c0 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:08.0289 0x12c0 WUDFRd - ok
20:08:08.0304 0x12c0 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:08:08.0335 0x12c0 wudfsvc - ok
20:08:08.0351 0x12c0 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:08:08.0367 0x12c0 WwanSvc - ok
20:08:08.0382 0x12c0 ================ Scan global ===============================
20:08:08.0398 0x12c0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:08:08.0398 0x12c0 [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
20:08:08.0413 0x12c0 [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
20:08:08.0445 0x12c0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:08:08.0460 0x12c0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:08:08.0460 0x12c0 [ Global ] - ok
20:08:08.0460 0x12c0 ================ Scan MBR ==================================
20:08:08.0476 0x12c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:08:08.0710 0x12c0 \Device\Harddisk0\DR0 - ok
20:08:08.0710 0x12c0 ================ Scan VBR ==================================
20:08:08.0741 0x12c0 [ F4EE26C490C112FC6FEADE4C0106B383 ] \Device\Harddisk0\DR0\Partition1
20:08:08.0803 0x12c0 \Device\Harddisk0\DR0\Partition1 - ok
20:08:08.0803 0x12c0 ================ Scan generic autorun ======================
20:08:09.0178 0x12c0 [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:08:09.0443 0x12c0 RTHDVCPL - ok
20:08:09.0599 0x12c0 [ 16598A9758F386F82D2C447C70C95D10, 0A698135EFC195C359702AA76897B9C67712FDE0A54B51587134B65510B154ED ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:08:09.0615 0x12c0 StartCCC - ok
20:08:09.0677 0x12c0 [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
20:08:09.0693 0x12c0 iTunesHelper - ok
20:08:09.0864 0x12c0 [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:08:09.0880 0x12c0 avgnt - ok
20:08:09.0958 0x12c0 [ 8EF17A2D0BAB9EFC76C947358B29B75E, 60AC4C49C590B2CBA05784370DCF7718D723B884B10551E26A619B2A6361A63E ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:08:09.0973 0x12c0 Avira Systray - ok
20:08:10.0098 0x12c0 [ 4DA2F2DA54A92850F56C0DB712058188, 9FB9BD1D9874DD64A627FFBE7B54B753D5496425BB595A112D0E17601A5E86A0 ] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe
20:08:10.0098 0x12c0 Malwarebytes Anti-Malware (cleanup) - ok
20:08:10.0145 0x12c0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:08:10.0176 0x12c0 Sidebar - ok
20:08:10.0207 0x12c0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:08:10.0223 0x12c0 mctadmin - ok
20:08:10.0254 0x12c0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:08:10.0285 0x12c0 Sidebar - ok
20:08:10.0301 0x12c0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:08:10.0301 0x12c0 mctadmin - ok
20:08:10.0317 0x12c0 Waiting for KSN requests completion. In queue: 336
20:08:11.0331 0x12c0 Waiting for KSN requests completion. In queue: 25
20:08:12.0345 0x12c0 Waiting for KSN requests completion. In queue: 25
20:08:13.0390 0x12c0 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x40000 ( disabled : updated )
20:08:13.0390 0x12c0 Win FW state via NFP2: enabled
20:08:16.0120 0x12c0 ============================================================
20:08:16.0120 0x12c0 Scan finished
20:08:16.0120 0x12c0 ============================================================
20:08:16.0120 0x117c Detected object count: 0
20:08:16.0120 0x117c Actual detected object count: 0
20:08:20.0113 0x0b6c Deinitialize success
|
|
13.10.2014, 14:27
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2014, 15:03
| #5 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Alles ohne fehlermeldungen. Combofix log: Code:
ATTFilter ComboFix 14-10-13.01 - Florian 14.10.2014 15:39:42.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.10238.8277 [GMT 2:00]
ausgeführt von:: c:\users\Florian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Florian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-14 bis 2014-10-14 ))))))))))))))))))))))))))))))
.
.
2014-10-14 13:43 . 2014-10-14 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-14 13:22 . 2014-10-14 13:22 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-12 17:14 . 2014-10-12 17:29 -------- d-----w- C:\FRST
2014-10-12 16:58 . 2014-10-12 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-12 16:53 . 2014-10-12 16:53 -------- d-----w- c:\users\Florian\AppData\Roaming\Process Hacker 2
2014-10-12 16:48 . 2014-10-12 16:48 -------- d-----w- c:\program files\Process Hacker 2
2014-10-12 16:15 . 2014-10-12 16:15 -------- d-----w- c:\users\Florian\AppData\Roaming\Avira
2014-10-12 16:13 . 2014-09-24 10:44 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-12 16:13 . 2014-09-24 10:44 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-12 16:13 . 2014-09-24 10:44 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-12 16:13 . 2014-10-12 16:28 -------- d-----w- c:\program files (x86)\Avira
2014-10-12 16:13 . 2014-10-12 16:28 -------- d-----w- c:\programdata\Avira
2014-10-12 16:11 . 2014-10-12 20:56 -------- d-----w- C:\AdwCleaner
2014-10-12 15:43 . 2014-10-12 15:43 -------- d-----w- c:\programdata\PafoMexla
2014-10-12 12:17 . 2014-10-12 15:19 -------- d-----w- c:\programdata\LoyzOkke
2014-10-12 12:17 . 2014-10-12 15:19 -------- d-----w- c:\programdata\FowajXewem
2014-09-29 18:50 . 2014-10-12 17:40 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-29 18:50 . 2014-09-29 18:50 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-09-29 18:50 . 2014-09-29 18:50 -------- d-----w- c:\programdata\Malwarebytes
2014-09-29 18:50 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-29 18:50 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-29 18:50 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-23 17:53 . 2014-10-12 13:53 -------- d-----w- c:\programdata\EzukuWguqv
2014-09-18 16:26 . 2014-09-18 16:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-18 16:20 . 2014-10-12 12:43 -------- d-----w- c:\programdata\UlibpUfxet
2014-09-18 16:19 . 2014-10-12 12:43 -------- d-----w- c:\programdata\AyabVozoj
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-12 12:13 . 2014-02-12 11:23 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-12 12:13 . 2014-02-12 11:23 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-09-24 703736]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-15 165624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-12 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-33903590.sys
AddRemove-Zug Um Zug - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,65,7c,62,6d,29,f0,4c,b7,4b,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,65,7c,62,6d,29,f0,4c,b7,4b,bc,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-14 16:00:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-10-14 14:00
.
Vor Suchlauf: 14 Verzeichnis(se), 408.754.343.936 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 408.269.119.488 Bytes frei
.
- - End Of File - - 9125677BCD48BF6B685C275B930F131D
A36C5E4F47E84449FF07ED3517B43A31
|
|
15.10.2014, 09:49
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert |
|
15.10.2014, 14:58
| #7 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Alles ohne Fehlermeldungen! Mbam log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15.10.2014 Scan Time: 15:34:00 Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.15.03 Rootkit Database: v2014.10.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Florian Scan Type: Threat Scan Result: Completed Objects Scanned: 325711 Time Elapsed: 8 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 15/10/2014 um 15:45:45
# DB v2014-10-15.7
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Florian - FLORIAN-PC
# Gestartet von : C:\Users\Florian\Desktop\adwcleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v32.0.3 (x86 de)
*************************
AdwCleaner[R0].txt - [2665 octets] - [12/10/2014 18:24:56]
AdwCleaner[R1].txt - [1026 octets] - [12/10/2014 22:55:13]
AdwCleaner[R2].txt - [1007 octets] - [15/10/2014 15:44:22]
AdwCleaner[S0].txt - [2627 octets] - [12/10/2014 18:26:32]
AdwCleaner[S1].txt - [1088 octets] - [12/10/2014 22:56:40]
AdwCleaner[S2].txt - [922 octets] - [15/10/2014 15:45:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [981 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Ultimate x64
Ran by Florian on 15.10.2014 at 15:51:50,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\sykl6rog.default\prefs.js
user_pref("Zapp_18268.global.DisplayRecentSearches", "true");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_executeCode", "var VBATES_IsValidUrl=function(currentUrl,currentBrowser,queryParam){try{var urlParts=curren
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_fastdailyfind.com", "not set");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_us.yhs4.search.yahoo.com", "not set");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partners", "{\"www.brandalley.co.uk\":\"www.awin1.com/awclick.php?mid=3676&id=178119\",\"www.currys.co.uk\"
Emptied folder: C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\sykl6rog.default\minidumps [15 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.10.2014 at 15:54:35,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Florian (administrator) on FLORIAN-PC on 15-10-2014 15:55:25
Running from C:\Users\Florian\Desktop
Loaded Profile: Florian (Available profiles: Florian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-09-15] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F8E481452CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\abs@avira.com [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-15] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 15:54 - 2014-10-15 15:54 - 00001666 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-10-15 15:51 - 2014-10-15 15:51 - 00001060 _____ () C:\Users\Florian\Desktop\AdwCleaner[S2].txt
2014-10-15 15:51 - 2014-10-15 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 15:44 - 2014-10-15 15:44 - 01976320 _____ () C:\Users\Florian\Desktop\adwcleaner_4.000.exe
2014-10-15 15:43 - 2014-10-15 15:43 - 00001057 _____ () C:\Users\Florian\Desktop\mbam.txt
2014-10-15 15:32 - 2014-10-15 15:32 - 01705698 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-10-14 16:13 - 2014-10-14 16:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-14 16:00 - 2014-10-14 16:00 - 00013779 _____ () C:\ComboFix.txt
2014-10-14 15:37 - 2014-10-14 16:00 - 00000000 ____D () C:\Qoobox
2014-10-14 15:37 - 2014-10-14 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-14 15:35 - 2014-10-14 15:36 - 05582915 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-10-14 15:22 - 2014-10-14 15:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-12 19:39 - 2014-10-12 19:39 - 00000000 _____ () C:\Users\Florian\Desktop\gmer.log
2014-10-12 19:28 - 2014-10-15 15:55 - 00008620 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-10-12 19:28 - 2014-10-12 19:29 - 00030132 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-10-12 19:14 - 2014-10-15 15:55 - 00000000 ____D () C:\FRST
2014-10-12 19:13 - 2014-10-12 19:13 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-10-12 19:13 - 2014-10-12 19:13 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-10-12 19:12 - 2014-10-12 19:13 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2014-10-12 19:11 - 2014-10-12 19:12 - 02110464 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-10-12 19:10 - 2014-10-12 19:10 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-12 18:54 - 2014-10-12 18:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Desktop\tdsskiller.exe
2014-10-12 18:53 - 2014-10-12 18:53 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 01932448 _____ (wj32 ) C:\Users\Florian\Downloads\processhacker-2.33-setup.exe
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-12 18:28 - 2014-10-12 18:28 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-12 18:27 - 2014-10-15 15:47 - 00163288 _____ () C:\Windows\PFRO.log
2014-10-12 18:27 - 2014-10-15 15:47 - 00000448 _____ () C:\Windows\setupact.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Windows\pss
2014-10-12 18:15 - 2014-10-12 18:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-12 18:13 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-12 18:11 - 2014-10-15 15:45 - 00000000 ____D () C:\AdwCleaner
2014-10-12 18:10 - 2014-10-12 18:12 - 150010760 _____ () C:\Users\Florian\Downloads\avira07_free_antivirus_de.exe
2014-10-12 17:54 - 2014-10-12 17:54 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-10-12 17:54 - 2014-10-12 17:54 - 00001908 _____ () C:\Windows\diagerr.xml
2014-10-12 17:43 - 2014-10-12 17:43 - 00000000 ____D () C:\ProgramData\PafoMexla
2014-10-12 15:31 - 2014-10-12 15:31 - 00041687 _____ () C:\Users\Florian\Documents\gmerlog.log
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\LoyzOkke
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\FowajXewem
2014-10-12 14:13 - 2014-10-14 22:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 14:13 - 2014-10-12 14:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 20:50 - 2014-10-15 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 20:50 - 2014-09-29 20:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 20:50 - 2014-09-29 20:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 09:57 - 2014-09-25 09:57 - 00001644 _____ () C:\Users\Florian\Desktop\Photoshop.lnk
2014-09-25 09:17 - 2014-09-25 09:17 - 00000000 _____ () C:\Users\Florian\Desktop\1037 - 1131.txt
2014-09-25 09:16 - 2014-09-29 21:03 - 00000000 ____D () C:\Users\Florian\Desktop\tag der leitlinien
2014-09-23 19:53 - 2014-10-12 15:53 - 00000000 ____D () C:\ProgramData\EzukuWguqv
2014-09-18 18:20 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\UlibpUfxet
2014-09-18 18:19 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\AyabVozoj
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 15:53 - 2011-04-12 09:43 - 00698826 _____ () C:\Windows\system32\perfh007.dat
2014-10-15 15:53 - 2011-04-12 09:43 - 00148966 _____ () C:\Windows\system32\perfc007.dat
2014-10-15 15:53 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 15:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 15:45 - 2014-02-11 23:00 - 00267755 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 15:45 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 15:45 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 15:28 - 2014-02-11 23:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-14 16:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-14 15:58 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 19:22 - 2014-04-11 23:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-12 19:22 - 2014-02-12 00:06 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-10-12 19:21 - 2014-04-11 23:42 - 00000000 ____D () C:\Program Files\Adobe
2014-10-12 19:19 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-12 19:19 - 2014-02-14 01:56 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DVDVideoSoft
2014-10-12 19:13 - 2014-02-11 22:56 - 00000000 ____D () C:\Users\Florian
2014-10-12 18:29 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2014-10-12 18:28 - 2014-02-11 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 18:24 - 2014-03-04 15:14 - 01316352 ___SH () C:\Users\Florian\Downloads\Thumbs.db
2014-10-12 18:19 - 2014-02-21 02:31 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-10-12 18:19 - 2014-02-11 22:50 - 00000000 ____D () C:\Windows\Panther
2014-10-12 17:34 - 2014-02-12 00:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-12 16:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-12 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-10-12 14:13 - 2014-02-12 13:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 14:13 - 2014-02-12 13:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 20:49 - 2014-02-14 01:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc
2014-09-24 22:35 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Programme
2014-09-23 23:29 - 2014-02-12 00:14 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Skype
2014-09-23 19:16 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
2014-09-23 19:16 - 2014-02-27 16:36 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\TS3Client
2014-09-23 19:16 - 2014-02-11 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 19:15 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Spiele
2014-09-18 18:27 - 2014-02-12 00:14 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 00:15 - 2014-02-14 01:03 - 00000000 ____D () C:\Users\Florian\Downloads\Serien
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-12 16:05
==================== End Of Log ============================
|
|
15.10.2014, 21:03
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 18:08
| #9 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Guten Abend, soweit alles gut keine 100 fachen explorer.exe´n mehr oder andere also der PC läuft schon mal wieder sehr flüßig. Irgendein Virus hat allerdings immer noch meine Aktivierung von Windows rausgehauen. Es handelt sich um ein Originalprodukt habe eine CD mit Lizenz. ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f8b0540c3eac5240978477f46434635e
# engine=20628
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-16 03:36:08
# local_time=2014-10-16 05:36:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 93703 1918308 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 110879545 165103618 0 0
# scanned=225488
# found=6
# cleaned=0
# scan_time=5520
sh=9CA71C727934861E9351AF97CC28CEA38811B07C ft=1 fh=15a0a042e9313939 vn="Variante von Win32/AdWare.Adpeak.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=D7C9CF365077DF259EF4EA2DEAF7F1D32328A969 ft=1 fh=abc0d90f52b917d3 vn="Win32/PSW.Papras.DJ Trojaner" ac=I fn="C:\ProgramData\PafoMexla\PafoMexla.dat"
sh=6B6105C0BF9C8942B523C7BC6279BF1D241909BA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\temp\InstallFilter64.msi"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\temp\t.msi"
sh=D7C9CF365077DF259EF4EA2DEAF7F1D32328A969 ft=1 fh=abc0d90f52b917d3 vn="Win32/PSW.Papras.DJ Trojaner" ac=I fn="C:\Users\All Users\PafoMexla\PafoMexla.dat"
sh=CC0C4A3D2B8B8A1F88C60BEDB9A34CB49134A1DD ft=1 fh=1f476992d2ed37c4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Florian\Downloads\CCleaner - CHIP-Downloader.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 15.0.0.152
Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Florian (administrator) on FLORIAN-PC on 16-10-2014 19:03:39
Running from C:\Users\Florian\Desktop
Loaded Profile: Florian (Available profiles: Florian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F8E481452CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\abs@avira.com [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 19:03 - 2014-10-16 19:03 - 00000000 ____D () C:\Users\Florian\Desktop\FRST-OlderVersion
2014-10-16 19:01 - 2014-10-16 19:01 - 00000798 _____ () C:\Users\Florian\Desktop\checkup.txt
2014-10-16 18:59 - 2014-10-16 18:59 - 00854417 _____ () C:\Users\Florian\Desktop\SecurityCheck.exe
2014-10-16 16:01 - 2014-10-16 16:01 - 02347384 _____ (ESET) C:\Users\Florian\Desktop\esetsmartinstaller_deu.exe
2014-10-16 16:01 - 2014-10-16 16:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-15 15:54 - 2014-10-15 15:54 - 00001666 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-10-15 15:51 - 2014-10-15 15:51 - 00001060 _____ () C:\Users\Florian\Desktop\AdwCleaner[S2].txt
2014-10-15 15:51 - 2014-10-15 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 15:44 - 2014-10-15 15:44 - 01976320 _____ () C:\Users\Florian\Desktop\adwcleaner_4.000.exe
2014-10-15 15:43 - 2014-10-15 15:43 - 00001057 _____ () C:\Users\Florian\Desktop\mbam.txt
2014-10-15 15:32 - 2014-10-15 15:32 - 01705698 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-10-14 16:13 - 2014-10-14 16:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-14 16:00 - 2014-10-14 16:00 - 00013779 _____ () C:\ComboFix.txt
2014-10-14 15:37 - 2014-10-14 16:00 - 00000000 ____D () C:\Qoobox
2014-10-14 15:37 - 2014-10-14 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-14 15:35 - 2014-10-14 15:36 - 05582915 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-10-14 15:22 - 2014-10-14 15:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-12 19:39 - 2014-10-12 19:39 - 00000000 _____ () C:\Users\Florian\Desktop\gmer.log
2014-10-12 19:28 - 2014-10-16 19:03 - 00008814 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-10-12 19:28 - 2014-10-12 19:29 - 00030132 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-10-12 19:14 - 2014-10-16 19:03 - 00000000 ____D () C:\FRST
2014-10-12 19:13 - 2014-10-12 19:13 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-10-12 19:13 - 2014-10-12 19:13 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-10-12 19:12 - 2014-10-12 19:13 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2014-10-12 19:11 - 2014-10-16 19:03 - 02111488 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-10-12 19:10 - 2014-10-12 19:10 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-12 18:54 - 2014-10-12 18:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Desktop\tdsskiller.exe
2014-10-12 18:53 - 2014-10-12 18:53 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 01932448 _____ (wj32 ) C:\Users\Florian\Downloads\processhacker-2.33-setup.exe
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-12 18:28 - 2014-10-16 16:05 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-12 18:27 - 2014-10-16 15:59 - 00163646 _____ () C:\Windows\PFRO.log
2014-10-12 18:27 - 2014-10-16 15:59 - 00000504 _____ () C:\Windows\setupact.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Windows\pss
2014-10-12 18:15 - 2014-10-12 18:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-10-12 18:13 - 2014-10-16 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-12 18:13 - 2014-10-16 16:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Avira
2014-10-12 18:13 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-12 18:11 - 2014-10-15 15:45 - 00000000 ____D () C:\AdwCleaner
2014-10-12 18:10 - 2014-10-12 18:12 - 150010760 _____ () C:\Users\Florian\Downloads\avira07_free_antivirus_de.exe
2014-10-12 17:54 - 2014-10-12 17:54 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-10-12 17:54 - 2014-10-12 17:54 - 00001908 _____ () C:\Windows\diagerr.xml
2014-10-12 17:43 - 2014-10-12 17:43 - 00000000 ____D () C:\ProgramData\PafoMexla
2014-10-12 15:31 - 2014-10-12 15:31 - 00041687 _____ () C:\Users\Florian\Documents\gmerlog.log
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\LoyzOkke
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\FowajXewem
2014-10-12 14:13 - 2014-10-16 18:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 14:13 - 2014-10-15 16:10 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 20:50 - 2014-10-15 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 20:50 - 2014-09-29 20:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 20:50 - 2014-09-29 20:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 09:57 - 2014-09-25 09:57 - 00001644 _____ () C:\Users\Florian\Desktop\Photoshop.lnk
2014-09-25 09:17 - 2014-09-25 09:17 - 00000000 _____ () C:\Users\Florian\Desktop\1037 - 1131.txt
2014-09-25 09:16 - 2014-09-29 21:03 - 00000000 ____D () C:\Users\Florian\Desktop\tag der leitlinien
2014-09-23 19:53 - 2014-10-12 15:53 - 00000000 ____D () C:\ProgramData\EzukuWguqv
2014-09-18 18:20 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\UlibpUfxet
2014-09-18 18:19 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\AyabVozoj
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 18:59 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 18:59 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 16:06 - 2014-02-11 23:00 - 00271438 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 16:05 - 2014-02-11 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-16 16:04 - 2011-04-12 09:43 - 00698826 _____ () C:\Windows\system32\perfh007.dat
2014-10-16 16:04 - 2011-04-12 09:43 - 00148966 _____ () C:\Windows\system32\perfc007.dat
2014-10-16 16:04 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 15:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 16:10 - 2014-02-12 13:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-15 16:10 - 2014-02-12 13:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 15:28 - 2014-02-11 23:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-14 16:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-14 15:58 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 19:22 - 2014-04-11 23:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-12 19:22 - 2014-02-12 00:06 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-10-12 19:21 - 2014-04-11 23:42 - 00000000 ____D () C:\Program Files\Adobe
2014-10-12 19:19 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-12 19:19 - 2014-02-14 01:56 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DVDVideoSoft
2014-10-12 19:13 - 2014-02-11 22:56 - 00000000 ____D () C:\Users\Florian
2014-10-12 18:29 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2014-10-12 18:24 - 2014-03-04 15:14 - 01316352 ___SH () C:\Users\Florian\Downloads\Thumbs.db
2014-10-12 18:19 - 2014-02-21 02:31 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-10-12 18:19 - 2014-02-11 22:50 - 00000000 ____D () C:\Windows\Panther
2014-10-12 17:34 - 2014-02-12 00:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-12 16:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-12 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-09-29 20:49 - 2014-02-14 01:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc
2014-09-24 22:35 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Programme
2014-09-23 23:29 - 2014-02-12 00:14 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Skype
2014-09-23 19:16 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
2014-09-23 19:16 - 2014-02-27 16:36 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\TS3Client
2014-09-23 19:16 - 2014-02-11 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 19:15 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Spiele
2014-09-18 18:27 - 2014-02-12 00:14 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 18:52
==================== End Of Log ============================
|
|
17.10.2014, 08:35
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\PafoMexla
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
2014-09-23 19:53 - 2014-10-12 15:53 - 00000000 ____D () C:\ProgramData\EzukuWguqv
2014-09-18 18:20 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\UlibpUfxet
2014-09-18 18:19 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\AyabVozoj
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Key von Windows schon mal neu eingegeben?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.10.2014, 15:05
| #11 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Guten Tag, FRST log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Florian at 2014-10-17 16:00:20 Run:1
Running from C:\Users\Florian\Desktop
Loaded Profile: Florian (Available profiles: Florian)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\PafoMexla
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
2014-09-23 19:53 - 2014-10-12 15:53 - 00000000 ____D () C:\ProgramData\EzukuWguqv
2014-09-18 18:20 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\UlibpUfxet
2014-09-18 18:19 - 2014-10-12 14:43 - 00000000 ____D () C:\ProgramData\AyabVozoj
Emptytemp:
*****************
C:\ProgramData\PafoMexla => Moved successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\ProgramData\EzukuWguqv => Moved successfully.
C:\ProgramData\UlibpUfxet => Moved successfully.
C:\ProgramData\AyabVozoj => Moved successfully.
EmptyTemp: => Removed 45.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
18.10.2014, 09:53
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Ok, dann poste bitte nochmal ein frisches FRST log. Noch Probleme ausser mit dem Key?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2014, 10:42
| #13 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Guten Tag, bisher alles wieder schick um den key kümmer ich mich wenn alles paletti ist. Vielen Dank für die Hilfe!  FRST log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Florian (administrator) on FLORIAN-PC on 18-10-2014 11:37:23
Running from C:\Users\Florian\Desktop
Loaded Profile: Florian (Available profiles: Florian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F8E481452CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\abs@avira.com [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\sykl6rog.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-11]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 19:03 - 2014-10-17 16:00 - 00000000 ____D () C:\Users\Florian\Desktop\FRST-OlderVersion
2014-10-16 19:01 - 2014-10-16 19:01 - 00000798 _____ () C:\Users\Florian\Desktop\checkup.txt
2014-10-16 18:59 - 2014-10-16 18:59 - 00854417 _____ () C:\Users\Florian\Desktop\SecurityCheck.exe
2014-10-16 16:01 - 2014-10-16 16:01 - 02347384 _____ (ESET) C:\Users\Florian\Desktop\esetsmartinstaller_deu.exe
2014-10-15 15:54 - 2014-10-15 15:54 - 00001666 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-10-15 15:51 - 2014-10-15 15:51 - 00001060 _____ () C:\Users\Florian\Desktop\AdwCleaner[S2].txt
2014-10-15 15:51 - 2014-10-15 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 15:44 - 2014-10-15 15:44 - 01976320 _____ () C:\Users\Florian\Desktop\adwcleaner_4.000.exe
2014-10-15 15:43 - 2014-10-15 15:43 - 00001057 _____ () C:\Users\Florian\Desktop\mbam.txt
2014-10-15 15:32 - 2014-10-15 15:32 - 01705698 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-10-14 16:13 - 2014-10-14 16:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-14 16:00 - 2014-10-14 16:00 - 00013779 _____ () C:\ComboFix.txt
2014-10-14 15:37 - 2014-10-14 16:00 - 00000000 ____D () C:\Qoobox
2014-10-14 15:37 - 2014-10-14 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 15:37 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 15:37 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 15:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 15:37 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-14 15:35 - 2014-10-14 15:36 - 05582915 ____R (Swearware) C:\Users\Florian\Desktop\ComboFix.exe
2014-10-14 15:22 - 2014-10-14 15:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-12 19:39 - 2014-10-12 19:39 - 00000000 _____ () C:\Users\Florian\Desktop\gmer.log
2014-10-12 19:28 - 2014-10-18 11:37 - 00008372 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-10-12 19:28 - 2014-10-12 19:29 - 00030132 _____ () C:\Users\Florian\Desktop\Addition.txt
2014-10-12 19:14 - 2014-10-18 11:37 - 00000000 ____D () C:\FRST
2014-10-12 19:13 - 2014-10-12 19:13 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-10-12 19:13 - 2014-10-12 19:13 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-10-12 19:12 - 2014-10-12 19:13 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2014-10-12 19:11 - 2014-10-17 16:00 - 02112000 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-10-12 19:10 - 2014-10-12 19:10 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-10-12 18:58 - 2014-10-12 18:58 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-12 18:54 - 2014-10-12 18:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Florian\Desktop\tdsskiller.exe
2014-10-12 18:53 - 2014-10-12 18:53 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 01932448 _____ (wj32 ) C:\Users\Florian\Downloads\processhacker-2.33-setup.exe
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-10-12 18:48 - 2014-10-12 18:48 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-10-12 18:28 - 2014-10-16 16:05 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-12 18:27 - 2014-10-18 11:35 - 00000728 _____ () C:\Windows\setupact.log
2014-10-12 18:27 - 2014-10-17 16:01 - 00173768 _____ () C:\Windows\PFRO.log
2014-10-12 18:27 - 2014-10-12 18:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 18:21 - 2014-10-12 18:21 - 00000000 ____D () C:\Windows\pss
2014-10-12 18:15 - 2014-10-12 18:15 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2014-10-12 18:13 - 2014-10-16 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-12 18:13 - 2014-10-16 16:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-12 18:13 - 2014-10-12 18:28 - 00000000 ____D () C:\ProgramData\Avira
2014-10-12 18:13 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-12 18:13 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-12 18:11 - 2014-10-15 15:45 - 00000000 ____D () C:\AdwCleaner
2014-10-12 18:10 - 2014-10-12 18:12 - 150010760 _____ () C:\Users\Florian\Downloads\avira07_free_antivirus_de.exe
2014-10-12 17:54 - 2014-10-12 17:54 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-10-12 17:54 - 2014-10-12 17:54 - 00001908 _____ () C:\Windows\diagerr.xml
2014-10-12 15:31 - 2014-10-12 15:31 - 00041687 _____ () C:\Users\Florian\Documents\gmerlog.log
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\LoyzOkke
2014-10-12 14:17 - 2014-10-12 17:19 - 00000000 ____D () C:\ProgramData\FowajXewem
2014-10-12 14:13 - 2014-10-17 19:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 14:13 - 2014-10-15 16:10 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 20:50 - 2014-10-15 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 20:50 - 2014-09-29 20:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Florian\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 20:50 - 2014-09-29 20:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 20:50 - 2014-09-29 20:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-29 20:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 20:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 20:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 09:57 - 2014-09-25 09:57 - 00001644 _____ () C:\Users\Florian\Desktop\Photoshop.lnk
2014-09-25 09:17 - 2014-09-25 09:17 - 00000000 _____ () C:\Users\Florian\Desktop\1037 - 1131.txt
2014-09-25 09:16 - 2014-09-29 21:03 - 00000000 ____D () C:\Users\Florian\Desktop\tag der leitlinien
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 11:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 19:39 - 2014-02-11 23:00 - 00283526 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 19:39 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 19:39 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 16:05 - 2011-04-12 09:43 - 00698826 _____ () C:\Windows\system32\perfh007.dat
2014-10-17 16:05 - 2011-04-12 09:43 - 00148966 _____ () C:\Windows\system32\perfc007.dat
2014-10-17 16:05 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 16:05 - 2014-02-11 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 16:10 - 2014-02-12 13:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-15 16:10 - 2014-02-12 13:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 15:28 - 2014-02-11 23:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-14 16:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-14 15:58 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 19:22 - 2014-04-11 23:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-12 19:22 - 2014-02-12 00:06 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Adobe
2014-10-12 19:21 - 2014-04-11 23:42 - 00000000 ____D () C:\Program Files\Adobe
2014-10-12 19:19 - 2014-04-11 23:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-12 19:19 - 2014-02-14 01:56 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DVDVideoSoft
2014-10-12 19:13 - 2014-02-11 22:56 - 00000000 ____D () C:\Users\Florian
2014-10-12 18:29 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Florian\AppData\Local\LogMeIn Hamachi
2014-10-12 18:24 - 2014-03-04 15:14 - 01316352 ___SH () C:\Users\Florian\Downloads\Thumbs.db
2014-10-12 18:19 - 2014-02-21 02:31 - 00000000 ____D () C:\Users\Florian\AppData\Local\CrashDumps
2014-10-12 18:19 - 2014-02-11 22:50 - 00000000 ____D () C:\Windows\Panther
2014-10-12 17:34 - 2014-02-12 00:03 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-12 16:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-12 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-09-29 20:49 - 2014-02-14 01:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\vlc
2014-09-24 22:35 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Programme
2014-09-23 23:29 - 2014-02-12 00:14 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Skype
2014-09-23 19:16 - 2014-03-04 13:44 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite
2014-09-23 19:16 - 2014-02-27 16:36 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\TS3Client
2014-09-23 19:16 - 2014-02-11 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 19:15 - 2014-03-04 15:01 - 00000000 ____D () C:\Users\Florian\Desktop\Spiele
2014-09-18 18:27 - 2014-02-12 00:14 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 18:52
==================== End Of Log ============================
|
|
18.10.2014, 20:37
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2014, 15:06
| #15 |
| | Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert Vielen Dank hat alles geklappt und ich hab wieder draus gelernt. Verwende nie USB-Sticks von anderen Leuten   |
|
| Themen zu Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, boo/cidox.b, branding, explorer.exe, fehlercode 0x0, fehlercode 0xc0000005, fehlercode 0xc000070a, fehlercode 22, fehlercode windows, firefox, flash player, mozilla, problem, registry, services.exe, software, svchost.exe, system, teredo, this device cannot start. (code10), this device is disabled. (code 22), trojan.fakems.ed, virus, win32/adware.adpeak.g, win32/downloadsponsor.a, win32/psw.papras.dj |
WARNUNG an die MITLESER: 
Linear-Darstellung
