| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2015, 16:11
| #1 |
 |  Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Hey, ich bitte um Hilfe. Mein Laptop ist in letzter Zeit enorm langsamer geworden. Habe mir dabei nicht viel gedacht, da er ja doch mittlerweile schon etwas älter ist und auch einige GB an Daten auf ihm sind. Als ich jedoch im Rahmen einer Hausarbeit eine Word-Datei auf Facebook hochstellen wollte und FB mich daran hinderte, weil es meinte es würde sich ein Virus in der Datei befinden machte mich das doch sehr stutzig. Ich ließ den PC mit Malewarebytes scannen und der fand ein bisschen Adware, die ich alle in Quarantäne geschickt hab. Direkt danach meldete sich Antivir, dass ein Zugriff auf die Registry blockiert wurde und ich doch bitte mein System scannen sollte. Gemacht --> Trojaner TR/trash.gen wurde gefunden und ließ sich von Antivir nicht löschen. Er war im Verzeichnis C://Programme(x86)/Common Files/ClaraUpdater/ClaraUpdater.exe Dieses Verzeichnis ist allerdings nicht mehr zu finden. Trotzdem gehe ich davon aus, dass mein Laptop leider noch nicht sauber ist. Leider habe ich auch keine Logfiles von Malewarebytes erstellt, aber hier ist der von Antivir Code:
ATTFilter 06.02.2015,18:53:54 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
06.02.2015,18:58:40 [INFO] ---------------------------------------------------------
06.02.2015,18:58:40 [INFO] Engine-Version: 8.3.28.4
06.02.2015,18:58:40 [INFO] VDF-Version: 8.11.165.190
06.02.2015,18:58:40 [INFO] APC-Version: 2.7.1.3
06.02.2015,18:58:40 [INFO] RDF-Version: 14.0.4.54
06.02.2015,18:58:40 [INFO] Echtzeit-Scanner-Version: 14.00.07.462
06.02.2015,18:58:40 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.02.2015,18:58:45 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
06.02.2015,18:58:45 [INFO] Online-Dienste stehen zur Verfügung.
06.02.2015,19:31:01 [WARNUNG] Ein verdächtiger Zugriff auf die Registry wurde blockiert!
06.02.2015,23:40:21 [FUND] Ist das Trojanische Pferd TR/Trash.Gen!
C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
07.02.2015,00:09:37 [FUND] Ist das Trojanische Pferd TR/Trash.Gen!
C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
07.02.2015,01:03:19 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
07.02.2015,15:17:13 [INFO] ---------------------------------------------------------
07.02.2015,15:17:13 [INFO] Engine-Version: 8.3.28.4
07.02.2015,15:17:13 [INFO] VDF-Version: 8.11.165.190
07.02.2015,15:17:13 [INFO] APC-Version: 2.7.1.3
07.02.2015,15:17:13 [INFO] RDF-Version: 14.0.4.54
07.02.2015,15:17:13 [INFO] Echtzeit-Scanner-Version: 14.00.07.462
07.02.2015,15:17:13 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
07.02.2015,15:17:17 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
07.02.2015,15:17:17 [INFO] Online-Dienste stehen zur Verfügung.
07.02.2015,15:17:52 [WARNUNG] Ein verdächtiger Zugriff auf die Registry wurde blockiert!
Hoffe wir kriegen das ohne hin. Aus diesem Grund wende ich mich an euch und hoffe ihr könnt mir helfen, bevor ich den Laptop platt machen muss. Sind doch noch einige Dinge hier drauf, die ich nicht verlieren möchte. Defogger disable logfile : Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:23 on 07/02/2015 (Flo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Scan. Hatte ihn noch auf dem Laptop, weil meine Freundin auch mal ein Problem hatte. Demnach nicht mehr auf dem Desktop gespeichert gewesen. Falls das ein Problem darstellt führe ich ihn gerne noch mal durch. FRST.txt : Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Flo (administrator) on FLO-LAPTOP on 07-02-2015 15:36:18
Running from C:\Users\Flo\Fuck of Viren\mareike programme
Loaded Profiles: Flo (Available profiles: Flo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxctcoms.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Run: [Spotify Web Helper] => C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-20] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000 -> {766D7B0C-3CF9-4531-AB5C-817B06C2C199} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_44_ff&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAtC0EtCyCzz0EtA0C0CtDtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0DyB0FzyyCyDtCtGtC0FtBtDtGyByC0AtCtG0EyByB0BtGyDtB0EtD0C0AyB0FzzyD0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzzyE0EzytDyD0AtG0CyBzz0FtGyEyC0CyEtG0B0CyCzytGzzyEtByEyDtCtByBzzyD0DtD2Q&cr=657397452&ir=
SearchScopes: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000 -> {82325EEF-E441-441C-BA1A-D2C37221C869} URL = hxxp://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=775
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\q994ry6c.default-1421530135868
FF NewTab:
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1768391208-2957693539-2824807641-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Flo\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\Flo\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Extension: Adblock Plus - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\q994ry6c.default-1421530135868\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-21] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2015-02-06] (IObit)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\Windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 15:23 - 2015-02-07 15:23 - 00000000 ____D () C:\Users\Flo\AppData\Local\{AF0E015A-902C-473A-BFC5-0DB2D877074C}
2015-02-06 18:42 - 2015-02-06 18:42 - 00002882 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2015-02-06 18:42 - 2015-02-06 18:42 - 00001260 _____ () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-06 18:42 - 2015-02-06 18:42 - 00001236 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-06 18:30 - 2015-02-06 18:30 - 06103040 _____ () C:\Program Files (x86)\GUT6061.tmp
2015-02-06 18:30 - 2015-02-06 18:30 - 00000000 ____D () C:\Program Files (x86)\GUM6032.tmp
2015-02-03 19:27 - 2015-02-03 19:27 - 00715038 _____ () C:\Windows\unins000.exe
2015-02-03 19:26 - 2015-02-03 19:27 - 00004134 _____ () C:\Windows\unins000.dat
2015-01-27 16:18 - 2015-02-03 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 14:48 - 2015-01-21 14:48 - 00000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2015-01-21 14:46 - 2015-01-21 14:46 - 00000407 _____ () C:\Users\Flo\AppData\Local\psppirerc
2015-01-21 14:40 - 2015-01-21 14:40 - 00000000 _____ () C:\Users\Flo\pspp.jnl
2015-01-17 22:29 - 2015-01-17 22:29 - 00000000 ____D () C:\Users\Flo\Alte Firefox-Daten
2015-01-17 22:25 - 2015-01-17 22:25 - 00000000 ____D () C:\Users\Flo\Pictures\Documents\RCT3
2015-01-17 22:25 - 2015-01-17 22:25 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 22:25 - 2015-01-17 22:25 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Atari
2015-01-17 22:21 - 2015-02-06 19:30 - 00000000 ____D () C:\Users\Flo\AppData\Local\StartPoint
2015-01-17 22:19 - 2015-02-06 18:47 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite
2015-01-17 22:17 - 2015-02-06 18:47 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-17 22:05 - 2015-01-17 22:05 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2015-01-17 16:39 - 2015-02-06 18:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 16:39 - 2015-01-17 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-17 16:38 - 2015-01-17 16:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-17 16:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 16:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 16:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 15:37 - 2012-08-30 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 15:36 - 2014-06-26 15:51 - 00000000 ____D () C:\FRST
2015-02-07 15:31 - 2012-08-30 10:07 - 01882997 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 15:29 - 2014-11-01 21:36 - 00207741 _____ () C:\Windows\IE11_main.log
2015-02-07 15:24 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 15:24 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 15:19 - 2012-08-30 10:23 - 00000000 ____D () C:\Users\Flo\Pictures\Documents\Youcam
2015-02-07 15:16 - 2014-11-02 00:01 - 00001447 _____ () C:\Windows\setupact.log
2015-02-07 15:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 15:15 - 2014-11-02 00:01 - 00049118 _____ () C:\Windows\PFRO.log
2015-02-07 00:40 - 2012-08-30 10:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 19:36 - 2011-07-18 22:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 18:58 - 2009-07-14 05:45 - 05100216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-06 18:53 - 2014-06-24 18:42 - 00000000 ____D () C:\AdwCleaner
2015-02-06 18:49 - 2014-07-09 10:44 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Avira
2015-02-06 18:49 - 2014-07-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-06 18:48 - 2014-07-09 10:41 - 00000000 ____D () C:\ProgramData\Avira
2015-02-06 18:48 - 2014-07-09 10:41 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-06 18:43 - 2014-06-24 18:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-06 18:41 - 2014-06-24 18:18 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-06 18:35 - 2014-07-09 10:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 19:26 - 2012-08-30 10:29 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Mozilla
2015-01-21 14:40 - 2012-08-30 10:20 - 00000000 ____D () C:\Users\Flo
2015-01-21 13:01 - 2011-05-16 15:04 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 13:01 - 2011-05-16 15:04 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 13:01 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 22:41 - 2014-07-09 09:57 - 00000000 ____D () C:\Users\Flo\Verknüpfungen
2015-01-17 16:37 - 2014-10-21 16:33 - 00000000 ____D () C:\Users\Flo\mareike programme
2015-01-17 16:31 - 2014-06-24 18:12 - 00000000 ____D () C:\Users\Flo\Fuck of Viren
2015-01-17 16:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-17 15:50 - 2012-10-17 20:13 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\vlc
2015-01-11 13:26 - 2013-04-25 22:47 - 00000000 ____D () C:\Users\Flo\Desktop\Arbeitskram
2015-01-10 14:35 - 2013-03-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2015-02-06 18:30 - 2015-02-06 18:30 - 6103040 _____ () C:\Program Files (x86)\GUT6061.tmp
2014-11-16 18:21 - 2014-11-16 18:21 - 0004096 ____H () C:\Users\Flo\AppData\Local\keyfile3.drm
2015-01-21 14:46 - 2015-01-21 14:46 - 0000407 _____ () C:\Users\Flo\AppData\Local\psppirerc
2015-01-21 14:48 - 2015-01-21 14:48 - 0000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2012-08-30 10:57 - 2012-08-30 10:57 - 0017408 _____ () C:\Users\Flo\AppData\Local\WebpageIcons.db
2012-10-03 11:33 - 2012-10-03 11:33 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\13059345546862998378.exe
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\JDSetup130593455441329945.exe
C:\Users\Flo\AppData\Local\Temp\proxy_vole3864521651326105679.dll
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-06 23:41
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Flo at 2015-02-07 15:38:36
Running from C:\Users\Flo\Fuck of Viren\mareike programme
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Convert AVI to MP4 1.3 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp3.com)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414a - CyberLink Corp.)
CyberLink PhotoDirector 2011 (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2430 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3621 - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3621 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1402 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Flatcast Viewer Plugin 5.3.0.784 (HKLM-x32\...\Flatcast Viewer 5.3_is1) (Version: - 1 mal 1 Software GmbH)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{D8057953-CCF0-48B3-B61D-762C580B2A10}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Opera 12.14 (HKLM-x32\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version: - Markement GmbH)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version: - Shape Collage Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten (HKLM\...\{8BE2A226-3A4A-4CB5-AC13-0207F83CACA1}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.0 - Synaptics Incorporated)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
23-01-2015 15:05:40 Windows Update
24-01-2015 17:57:33 Windows Update
24-01-2015 18:04:25 Windows Update
25-01-2015 13:57:17 Windows Update
25-01-2015 14:01:30 Windows Update
25-01-2015 19:02:54 Windows Update
27-01-2015 16:10:22 Windows Update
28-01-2015 16:30:27 Windows Update
28-01-2015 16:36:24 Windows Update
31-01-2015 15:48:38 Windows Update
31-01-2015 15:55:12 Windows Update
01-02-2015 12:09:07 Windows Update
02-02-2015 12:54:04 Windows Update
02-02-2015 12:58:48 Windows Update
03-02-2015 18:10:11 Windows Update
03-02-2015 18:17:29 Windows Update
06-02-2015 18:29:20 Windows Update
06-02-2015 18:50:42 Windows Update
06-02-2015 19:32:37 Entfernt RollerCoaster Tycoon 3
07-02-2015 15:21:39 Windows Update
07-02-2015 15:24:36 Windows Update
07-02-2015 15:27:28 Windows Modules Installer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-06-27 08:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13B10DB9-4798-4071-928B-45FA8C6AB647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {1EDE8C75-EBA6-48C5-8FE7-CE5084590832} - System32\Tasks\AdobeAAMUpdater-1.0-Flo-Laptop-Flo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {281C42BC-2498-4799-AAE2-D20767089080} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2EA6337A-C21C-40B3-820D-7682FA88CBD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {37C9E7B0-78D7-41C5-9F0B-51DDBECDB75D} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {586D88B3-C84B-44EB-BB5A-51D75369B036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8DB94DB5-1934-484F-AE1D-395DDFA10C35} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-02-02] (CyberLink Corp.)
Task: {985CDA2E-DB97-4DCF-B056-CDF9BFFD3D56} - \ASP No Task File <==== ATTENTION
Task: {BD2C6A37-4963-4829-8651-D7F157A2503C} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {D00ECBDB-F110-416D-BEB2-FCAFD22EA443} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {D79700D5-F17D-493B-A6BE-C0B56148034D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-19] (IObit)
Task: {EADFF637-8D2F-42D5-9789-17279B067AF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {EC699E5F-253C-4666-B2E9-2510E89CD1E7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-09-25 14:45 - 2006-10-18 06:24 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2012-09-25 14:45 - 2006-10-18 04:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-04-11 06:19 - 2010-08-19 17:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-06-08 22:57 - 2011-06-08 22:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-04-11 08:57 - 2012-03-27 01:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-17 12:56 - 2014-09-17 12:56 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\de4aaa11d46d614b5330b337b67e5227\IsdiInterop.ni.dll
2012-04-11 09:39 - 2011-11-30 04:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-27 16:18 - 2015-01-27 16:18 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-04-11 09:31 - 2012-03-06 14:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Flo\Cookies:iDBcKoqeTsMXOvf4int5iLPJ
AlternateDataStreams: C:\Users\Flo\AppData\Local\Temp:yhmWPq93uMAb6UywK1dzA
AlternateDataStreams: C:\Users\Flo\AppData\Local\Temporary Internet Files:9bgJ6jNzYbA1rER5SaBTCSdG
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Flo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Flo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark 5400 Series => "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxctmon.exe => "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Flo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Spotify => "C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
==================== Accounts: =============================
Administrator (S-1-5-21-1768391208-2957693539-2824807641-500 - Administrator - Disabled)
Flo (S-1-5-21-1768391208-2957693539-2824807641-1000 - Administrator - Enabled) => C:\Users\Flo
Gast (S-1-5-21-1768391208-2957693539-2824807641-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768391208-2957693539-2824807641-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/07/2015 03:22:55 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
Error: (02/06/2015 07:34:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service ClaraUpdater since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (02/06/2015 06:41:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/06/2015 06:37:21 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (02/03/2015 08:14:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.7125.5000, Zeitstempel: 0x53745315
Name des fehlerhaften Moduls: wwlib.dll, Version: 14.0.7125.5000, Zeitstempel: 0x53745362
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0023514f
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Error: (01/23/2015 05:07:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/23/2015 05:07:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/21/2015 04:10:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4836
Error: (01/21/2015 04:10:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4836
Error: (01/21/2015 04:10:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/07/2015 03:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/07/2015 03:31:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme
Error: (02/07/2015 03:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/07/2015 03:17:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.
Error: (02/07/2015 03:15:29 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Treiber ACPI hat eine ungültige ID für das untergeordnete Gerät (1) zurückgegeben.
Error: (02/07/2015 01:02:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ClaraUpdater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/07/2015 00:37:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/06/2015 11:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/06/2015 10:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/06/2015 09:37:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Microsoft Office Sessions:
=========================
Error: (02/07/2015 03:22:55 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
Error: (02/06/2015 07:34:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service ClaraUpdater since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (02/06/2015 06:41:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Flo\Fuck of Viren\mareike programme\esetsmartinstaller_deu.exe
Error: (02/06/2015 06:37:21 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (02/03/2015 08:14:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE14.0.7125.500053745315wwlib.dll14.0.7125.500053745362c00000050023514f198401d03fdd86baa1e5C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\Office14\wwlib.dlldbc688b7-abd8-11e4-af27-685d431e168e
Error: (01/23/2015 05:07:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Flo\fuck of viren\mareike programme\esetsmartinstaller_deu.exe
Error: (01/23/2015 05:07:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Flo\fuck of viren\mareike programme\esetsmartinstaller_deu.exe
Error: (01/21/2015 04:10:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4836
Error: (01/21/2015 04:10:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4836
Error: (01/21/2015 04:10:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-06-27 09:02:16.851
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-27 09:02:16.617
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3990.83 MB
Available physical RAM: 1990.84 MB
Total Pagefile: 7979.84 MB
Available Pagefile: 5406.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:422.72 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:17.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=647.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
GMER : Leider konnte ich Antivir nicht deaktivieren Trotzdem mein Logfile : Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-07 16:04:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Flo\AppData\Local\Temp\kwdoikow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800039f6000 45 bytes [00, 00, 1E, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800039f602f 16 bytes [00, 04, 00, 00, 00, 00, 00, ...]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43034057
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d431e168e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d431e168e@805719c39f02 0xF6 0x37 0x9B 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43034057 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d431e168e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d431e168e@805719c39f02 0xF6 0x37 0x9B 0x9A ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen dank schonmal für die Hilfe Flo |
|
07.02.2015, 16:22
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
07.02.2015, 17:27
| #3 |
| | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus danke für die schnelle Antwort.
__________________TDSSKiller : Code:
ATTFilter 16:36:10.0977 0x088c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:36:17.0460 0x088c ============================================================
16:36:17.0460 0x088c Current date / time: 2015/02/07 16:36:17.0460
16:36:17.0460 0x088c SystemInfo:
16:36:17.0460 0x088c
16:36:17.0460 0x088c OS Version: 6.1.7601 ServicePack: 1.0
16:36:17.0460 0x088c Product type: Workstation
16:36:17.0461 0x088c ComputerName: FLO-LAPTOP
16:36:17.0461 0x088c UserName: Flo
16:36:17.0461 0x088c Windows directory: C:\Windows
16:36:17.0461 0x088c System windows directory: C:\Windows
16:36:17.0461 0x088c Running under WOW64
16:36:17.0461 0x088c Processor architecture: Intel x64
16:36:17.0461 0x088c Number of processors: 4
16:36:17.0461 0x088c Page size: 0x1000
16:36:17.0461 0x088c Boot type: Normal boot
16:36:17.0461 0x088c ============================================================
16:36:17.0901 0x088c KLMD registered as C:\Windows\system32\drivers\60312137.sys
16:36:18.0347 0x088c System UUID: {8C68B50A-A5F1-DAF5-AFC5-A471ADD3E731}
16:36:19.0006 0x088c Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:19.0027 0x088c ============================================================
16:36:19.0027 0x088c \Device\Harddisk0\DR0:
16:36:19.0031 0x088c MBR partitions:
16:36:19.0031 0x088c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:36:19.0031 0x088c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x50F13000
16:36:19.0031 0x088c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50F45800, BlocksNum 0x6400000
16:36:19.0031 0x088c ============================================================
16:36:19.0070 0x088c C: <-> \Device\Harddisk0\DR0\Partition2
16:36:19.0124 0x088c D: <-> \Device\Harddisk0\DR0\Partition3
16:36:19.0125 0x088c ============================================================
16:36:19.0125 0x088c Initialize success
16:36:19.0125 0x088c ============================================================
16:37:02.0631 0x1368 ============================================================
16:37:02.0631 0x1368 Scan started
16:37:02.0631 0x1368 Mode: Manual; SigCheck; TDLFS;
16:37:02.0631 0x1368 ============================================================
16:37:02.0631 0x1368 KSN ping started
16:37:05.0429 0x1368 KSN ping finished: true
16:37:06.0992 0x1368 ================ Scan system memory ========================
16:37:06.0992 0x1368 System memory - ok
16:37:06.0993 0x1368 ================ Scan services =============================
16:37:07.0233 0x1368 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:37:07.0294 0x1368 1394ohci - ok
16:37:07.0359 0x1368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:37:07.0389 0x1368 ACPI - ok
16:37:07.0419 0x1368 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:37:07.0434 0x1368 AcpiPmi - ok
16:37:07.0562 0x1368 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:37:07.0593 0x1368 AdobeARMservice - ok
16:37:07.0667 0x1368 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:37:07.0694 0x1368 adp94xx - ok
16:37:07.0728 0x1368 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:37:07.0746 0x1368 adpahci - ok
16:37:07.0777 0x1368 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:37:07.0791 0x1368 adpu320 - ok
16:37:07.0818 0x1368 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:37:07.0853 0x1368 AeLookupSvc - ok
16:37:07.0914 0x1368 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:37:07.0958 0x1368 AFD - ok
16:37:08.0003 0x1368 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:37:08.0028 0x1368 agp440 - ok
16:37:08.0063 0x1368 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:37:08.0083 0x1368 ALG - ok
16:37:08.0122 0x1368 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:37:08.0145 0x1368 aliide - ok
16:37:08.0177 0x1368 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:37:08.0191 0x1368 amdide - ok
16:37:08.0221 0x1368 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:37:08.0234 0x1368 AmdK8 - ok
16:37:08.0247 0x1368 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:37:08.0260 0x1368 AmdPPM - ok
16:37:08.0308 0x1368 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:37:08.0333 0x1368 amdsata - ok
16:37:08.0367 0x1368 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:37:08.0387 0x1368 amdsbs - ok
16:37:08.0404 0x1368 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:37:08.0414 0x1368 amdxata - ok
16:37:08.0448 0x1368 [ 157B1C973637919DCD0D0464167C86BA, 26495E1390392694F0E33100FB26B2539015414C9F8384F73C66B370A16FD187 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:37:08.0471 0x1368 AMPPAL - ok
16:37:08.0480 0x1368 [ 157B1C973637919DCD0D0464167C86BA, 26495E1390392694F0E33100FB26B2539015414C9F8384F73C66B370A16FD187 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:37:08.0495 0x1368 AMPPALP - ok
16:37:08.0619 0x1368 [ FB70F8C1283C8CC6BFAA6F9971107E68, 3EAB3703DC27EE94531DA60C2ACF73CAF33F6BA2ED5822D90BF2A97A3A98C4EA ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:37:09.0074 0x1368 AMPPALR3 - ok
16:37:09.0206 0x1368 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:37:09.0252 0x1368 AntiVirSchedulerService - ok
16:37:09.0327 0x1368 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:37:09.0356 0x1368 AntiVirService - ok
16:37:09.0394 0x1368 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
16:37:09.0433 0x1368 AppID - ok
16:37:09.0451 0x1368 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:37:09.0484 0x1368 AppIDSvc - ok
16:37:09.0510 0x1368 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:37:09.0535 0x1368 Appinfo - ok
16:37:09.0617 0x1368 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:37:09.0643 0x1368 Apple Mobile Device - ok
16:37:09.0690 0x1368 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:37:09.0704 0x1368 arc - ok
16:37:09.0722 0x1368 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:37:09.0736 0x1368 arcsas - ok
16:37:09.0991 0x1368 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:37:10.0026 0x1368 aspnet_state - ok
16:37:10.0051 0x1368 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:37:10.0091 0x1368 AsyncMac - ok
16:37:10.0131 0x1368 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:37:10.0156 0x1368 atapi - ok
16:37:10.0210 0x1368 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:37:10.0260 0x1368 AudioEndpointBuilder - ok
16:37:10.0336 0x1368 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:37:10.0392 0x1368 AudioSrv - ok
16:37:10.0484 0x1368 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:37:10.0515 0x1368 avgntflt - ok
16:37:10.0560 0x1368 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:37:10.0575 0x1368 avipbb - ok
16:37:10.0608 0x1368 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:37:10.0620 0x1368 avkmgr - ok
16:37:10.0663 0x1368 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:37:10.0713 0x1368 AxInstSV - ok
16:37:10.0775 0x1368 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:37:10.0835 0x1368 b06bdrv - ok
16:37:10.0893 0x1368 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:37:10.0929 0x1368 b57nd60a - ok
16:37:10.0972 0x1368 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:37:11.0005 0x1368 BDESVC - ok
16:37:11.0021 0x1368 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:37:11.0061 0x1368 Beep - ok
16:37:11.0122 0x1368 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:37:11.0198 0x1368 BFE - ok
16:37:11.0271 0x1368 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
16:37:11.0362 0x1368 BITS - ok
16:37:11.0402 0x1368 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:37:11.0416 0x1368 blbdrive - ok
16:37:11.0566 0x1368 [ A52EA1D8C2900055323C93DDB252A3DA, 70C30AACE3948DFD2E4C52818F93F03AF32430B43229F613FEE3C4CD4FA1EFE6 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:37:11.0654 0x1368 Bluetooth Device Monitor - ok
16:37:11.0784 0x1368 [ 091210450CA7CED08F360D9D7FEC5D11, 52298A6FE7DCF5EA484E6A1CBE48E2B1106D006E18F2278CB38AAAB10BB905BD ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:37:11.0897 0x1368 Bluetooth Media Service - ok
16:37:11.0962 0x1368 [ 392450754E17FF778CBC5B9D20583AD1, 4E2CC0D5D41303202EE7655FB1F779C41808A714486BAFF22A321A5BAF9FD0F6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:37:12.0030 0x1368 Bluetooth OBEX Service - ok
16:37:12.0075 0x1368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:37:12.0097 0x1368 Bonjour Service - ok
16:37:12.0131 0x1368 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:37:12.0160 0x1368 bowser - ok
16:37:12.0196 0x1368 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:37:12.0209 0x1368 BrFiltLo - ok
16:37:12.0228 0x1368 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:37:12.0241 0x1368 BrFiltUp - ok
16:37:12.0316 0x1368 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:37:12.0374 0x1368 BridgeMP - ok
16:37:12.0409 0x1368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:37:12.0437 0x1368 Browser - ok
16:37:12.0467 0x1368 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:37:12.0511 0x1368 Brserid - ok
16:37:12.0535 0x1368 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:37:12.0551 0x1368 BrSerWdm - ok
16:37:12.0567 0x1368 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:37:12.0581 0x1368 BrUsbMdm - ok
16:37:12.0605 0x1368 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:37:12.0617 0x1368 BrUsbSer - ok
16:37:12.0668 0x1368 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:37:12.0680 0x1368 BthEnum - ok
16:37:12.0703 0x1368 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:37:12.0718 0x1368 BTHMODEM - ok
16:37:12.0744 0x1368 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:37:12.0764 0x1368 BthPan - ok
16:37:12.0808 0x1368 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:37:12.0838 0x1368 BTHPORT - ok
16:37:12.0883 0x1368 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:37:12.0941 0x1368 bthserv - ok
16:37:13.0001 0x1368 [ FA2D081709A764F6BEE16B7FFE03E36C, 2BBDFBD313ABB87B76D4A30EC042B9D72ED4F62CF18B98229A6366B1A7211ECD ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:37:13.0032 0x1368 BTHSSecurityMgr - ok
16:37:13.0044 0x1368 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:37:13.0059 0x1368 BTHUSB - ok
16:37:13.0086 0x1368 [ 988CC6CC49303665D3B2435C51505C3F, 5217A7A1BAD77EBF4E5D68D191FCFD7CE4FB96ABB91638383A077BE9CE794EE3 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
16:37:13.0112 0x1368 btmaux - ok
16:37:13.0144 0x1368 [ 2B4B508AFAC2A563931AF1FE875A5B16, F6A5261BD3FB8AE7BF26F32B681A15E56317EF8A9D8AB84B9B6BCA66F5484698 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
16:37:13.0180 0x1368 btmhsf - ok
16:37:13.0221 0x1368 catchme - ok
16:37:13.0252 0x1368 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:37:13.0307 0x1368 cdfs - ok
16:37:13.0391 0x1368 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:37:13.0429 0x1368 cdrom - ok
16:37:13.0470 0x1368 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:37:13.0520 0x1368 CertPropSvc - ok
16:37:13.0551 0x1368 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:37:13.0565 0x1368 circlass - ok
16:37:13.0601 0x1368 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:37:13.0624 0x1368 CLFS - ok
16:37:13.0679 0x1368 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:13.0690 0x1368 clr_optimization_v2.0.50727_32 - ok
16:37:13.0793 0x1368 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:37:13.0813 0x1368 clr_optimization_v2.0.50727_64 - ok
16:37:13.0915 0x1368 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:37:13.0934 0x1368 clr_optimization_v4.0.30319_32 - ok
16:37:13.0953 0x1368 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:37:13.0971 0x1368 clr_optimization_v4.0.30319_64 - ok
16:37:14.0021 0x1368 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:37:14.0040 0x1368 clwvd - ok
16:37:14.0076 0x1368 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:37:14.0092 0x1368 CmBatt - ok
16:37:14.0117 0x1368 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:37:14.0127 0x1368 cmdide - ok
16:37:14.0182 0x1368 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
16:37:14.0215 0x1368 CNG - ok
16:37:14.0247 0x1368 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:37:14.0257 0x1368 Compbatt - ok
16:37:14.0300 0x1368 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:37:14.0331 0x1368 CompositeBus - ok
16:37:14.0340 0x1368 COMSysApp - ok
16:37:14.0470 0x1368 [ 236172C3A418B9A0F26B416A72F5A556, 315D8C8A002BE607A7AC011DA17C6CE305C49C6AF458669C3D2B649A06DBCDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:37:14.0508 0x1368 cphs - ok
16:37:14.0545 0x1368 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:37:14.0557 0x1368 crcdisk - ok
16:37:14.0629 0x1368 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:37:14.0672 0x1368 CryptSvc - ok
16:37:14.0731 0x1368 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:37:14.0779 0x1368 DcomLaunch - ok
16:37:14.0818 0x1368 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:37:14.0862 0x1368 defragsvc - ok
16:37:14.0882 0x1368 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:37:14.0915 0x1368 DfsC - ok
16:37:14.0944 0x1368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:37:14.0966 0x1368 Dhcp - ok
16:37:14.0976 0x1368 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:37:15.0010 0x1368 discache - ok
16:37:15.0038 0x1368 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:37:15.0050 0x1368 Disk - ok
16:37:15.0100 0x1368 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:37:15.0151 0x1368 Dnscache - ok
16:37:15.0184 0x1368 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:37:15.0237 0x1368 dot3svc - ok
16:37:15.0278 0x1368 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:37:15.0311 0x1368 DPS - ok
16:37:15.0343 0x1368 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:37:15.0389 0x1368 drmkaud - ok
16:37:15.0436 0x1368 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:37:15.0499 0x1368 DXGKrnl - ok
16:37:15.0545 0x1368 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:37:15.0577 0x1368 EapHost - ok
16:37:15.0733 0x1368 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:37:15.0935 0x1368 ebdrv - ok
16:37:15.0998 0x1368 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
16:37:16.0029 0x1368 EFS - ok
16:37:16.0076 0x1368 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:37:16.0123 0x1368 ehRecvr - ok
16:37:16.0138 0x1368 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:37:16.0154 0x1368 ehSched - ok
16:37:16.0201 0x1368 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:37:16.0232 0x1368 elxstor - ok
16:37:16.0247 0x1368 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:37:16.0263 0x1368 ErrDev - ok
16:37:16.0310 0x1368 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:37:16.0357 0x1368 EventSystem - ok
16:37:16.0591 0x1368 [ 52AE29A233832E0C704FD7FC534AF9FB, CEF03BC535A2330CA33C0C83B6A048CED1663DEFA02FBB80676AC35FA7B0ED0B ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:37:16.0637 0x1368 EvtEng - ok
16:37:16.0669 0x1368 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:37:16.0715 0x1368 exfat - ok
16:37:16.0731 0x1368 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:37:16.0778 0x1368 fastfat - ok
16:37:16.0825 0x1368 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:37:16.0871 0x1368 Fax - ok
16:37:16.0903 0x1368 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:37:16.0918 0x1368 fdc - ok
16:37:16.0949 0x1368 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:37:16.0981 0x1368 fdPHost - ok
16:37:16.0996 0x1368 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:37:17.0027 0x1368 FDResPub - ok
16:37:17.0074 0x1368 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:37:17.0090 0x1368 FileInfo - ok
16:37:17.0105 0x1368 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:37:17.0137 0x1368 Filetrace - ok
16:37:17.0152 0x1368 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:37:17.0168 0x1368 flpydisk - ok
16:37:17.0199 0x1368 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:37:17.0215 0x1368 FltMgr - ok
16:37:17.0293 0x1368 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
16:37:17.0386 0x1368 FontCache - ok
16:37:17.0449 0x1368 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:37:17.0464 0x1368 FontCache3.0.0.0 - ok
16:37:17.0495 0x1368 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:37:17.0511 0x1368 FsDepends - ok
16:37:17.0558 0x1368 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:37:17.0573 0x1368 Fs_Rec - ok
16:37:17.0636 0x1368 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:37:17.0667 0x1368 fvevol - ok
16:37:17.0698 0x1368 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:37:17.0714 0x1368 gagp30kx - ok
16:37:17.0745 0x1368 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:37:17.0761 0x1368 GEARAspiWDM - ok
16:37:17.0839 0x1368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:37:17.0948 0x1368 gpsvc - ok
16:37:18.0135 0x1368 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:37:18.0151 0x1368 gupdate - ok
16:37:18.0229 0x1368 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:37:18.0260 0x1368 gupdatem - ok
16:37:18.0291 0x1368 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:37:18.0307 0x1368 gusvc - ok
16:37:18.0338 0x1368 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:37:18.0369 0x1368 hcw85cir - ok
16:37:18.0400 0x1368 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:37:18.0416 0x1368 HdAudAddService - ok
16:37:18.0447 0x1368 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:37:18.0463 0x1368 HDAudBus - ok
16:37:18.0494 0x1368 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:37:18.0509 0x1368 HidBatt - ok
16:37:18.0525 0x1368 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:37:18.0541 0x1368 HidBth - ok
16:37:18.0572 0x1368 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:37:18.0587 0x1368 HidIr - ok
16:37:18.0619 0x1368 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
16:37:18.0650 0x1368 hidserv - ok
16:37:18.0697 0x1368 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:37:18.0728 0x1368 HidUsb - ok
16:37:18.0790 0x1368 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:37:18.0853 0x1368 hkmsvc - ok
16:37:18.0899 0x1368 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:37:18.0931 0x1368 HomeGroupListener - ok
16:37:18.0962 0x1368 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:37:18.0993 0x1368 HomeGroupProvider - ok
16:37:19.0040 0x1368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:37:19.0071 0x1368 HpSAMD - ok
16:37:19.0149 0x1368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:37:19.0211 0x1368 HTTP - ok
16:37:19.0258 0x1368 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:37:19.0289 0x1368 hwpolicy - ok
16:37:19.0321 0x1368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:37:19.0352 0x1368 i8042prt - ok
16:37:19.0414 0x1368 [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:37:19.0445 0x1368 iaStor - ok
16:37:19.0539 0x1368 [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:37:19.0570 0x1368 IAStorDataMgrSvc - ok
16:37:19.0648 0x1368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:37:19.0679 0x1368 iaStorV - ok
16:37:19.0711 0x1368 [ 60CC7AE9AEDB4D1E7923BD053B176D97, 52783EE81DCA8267267ADD862A1BF049765BB154F904196B55C0CA26E30FD393 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:37:19.0742 0x1368 ibtfltcoex - ok
16:37:19.0851 0x1368 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:37:19.0945 0x1368 idsvc - ok
16:37:21.0286 0x1368 [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:37:21.0973 0x1368 igfx - ok
16:37:22.0035 0x1368 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:37:22.0082 0x1368 iirsp - ok
16:37:22.0160 0x1368 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:37:22.0207 0x1368 IKEEXT - ok
16:37:22.0238 0x1368 [ A387D6DE360C3B2284B23000B212910A, 1DEAFDB1C9A467E437714E753292313F58526B6D719C2B21BD23C6F2F0389251 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:37:22.0253 0x1368 intaud_WaveExtensible - ok
16:37:22.0472 0x1368 [ 059DDDEDBE5701DC3B779D32798108AC, 4735C52D5F7A7AC07985835C17955C96418BB3C3316264CF6A44F6150E10755B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:37:22.0721 0x1368 IntcAzAudAddService - ok
16:37:22.0784 0x1368 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:37:22.0831 0x1368 IntcDAud - ok
16:37:22.0924 0x1368 [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:37:22.0971 0x1368 Intel(R) Capability Licensing Service Interface - ok
16:37:23.0002 0x1368 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:37:23.0018 0x1368 intelide - ok
16:37:23.0049 0x1368 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:37:23.0080 0x1368 intelppm - ok
16:37:23.0127 0x1368 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:37:23.0205 0x1368 IPBusEnum - ok
16:37:23.0252 0x1368 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:23.0283 0x1368 IpFilterDriver - ok
16:37:23.0361 0x1368 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:37:23.0423 0x1368 iphlpsvc - ok
16:37:23.0470 0x1368 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:37:23.0501 0x1368 IPMIDRV - ok
16:37:23.0533 0x1368 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:37:23.0579 0x1368 IPNAT - ok
16:37:23.0673 0x1368 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:37:23.0704 0x1368 iPod Service - ok
16:37:23.0735 0x1368 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:37:23.0751 0x1368 IRENUM - ok
16:37:23.0767 0x1368 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:37:23.0782 0x1368 isapnp - ok
16:37:23.0813 0x1368 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:37:23.0829 0x1368 iScsiPrt - ok
16:37:23.0860 0x1368 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
16:37:23.0860 0x1368 iusb3hcs - ok
16:37:23.0907 0x1368 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys
16:37:23.0923 0x1368 iusb3hub - ok
16:37:24.0001 0x1368 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
16:37:24.0047 0x1368 iusb3xhc - ok
16:37:24.0094 0x1368 [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus C:\Windows\system32\drivers\iwdbus.sys
16:37:24.0125 0x1368 iwdbus - ok
16:37:24.0172 0x1368 [ 13E838EA8652F8451F29301D3B56B17B, 2FE65DDBB0ACFD34227001616D0B66B8748132DB7C0FA9342D3AB404B92732CC ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:37:24.0203 0x1368 jhi_service - ok
16:37:24.0235 0x1368 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:37:24.0250 0x1368 kbdclass - ok
16:37:24.0297 0x1368 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:37:24.0297 0x1368 kbdhid - ok
16:37:24.0328 0x1368 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
16:37:24.0328 0x1368 KeyIso - ok
16:37:24.0375 0x1368 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:37:24.0406 0x1368 KSecDD - ok
16:37:24.0422 0x1368 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:37:24.0437 0x1368 KSecPkg - ok
16:37:24.0484 0x1368 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:37:24.0515 0x1368 ksthunk - ok
16:37:24.0578 0x1368 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:37:24.0640 0x1368 KtmRm - ok
16:37:24.0687 0x1368 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:37:24.0734 0x1368 LanmanServer - ok
16:37:24.0765 0x1368 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:37:24.0796 0x1368 LanmanWorkstation - ok
16:37:24.0983 0x1368 [ 9221BD3515C49AED30FA88152BFD7168, CD23280C8A1AE00EEEBFC74D403EDE0BF6CB03DDDC3CB971338A7C9FB76CD7F3 ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
16:37:25.0139 0x1368 LiveUpdateSvc - ok
16:37:25.0234 0x1368 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:37:25.0296 0x1368 lltdio - ok
16:37:25.0343 0x1368 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:37:25.0406 0x1368 lltdsvc - ok
16:37:25.0421 0x1368 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:37:25.0452 0x1368 lmhosts - ok
16:37:25.0484 0x1368 [ BD9457699AC9C1A0FE43398043617279, 7955D2F5B9CB4FAD53F8D2CCC163FD575714175623F03DA1C3C2495CE3C0F342 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:37:25.0499 0x1368 LMS - ok
16:37:25.0546 0x1368 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:37:25.0562 0x1368 LSI_FC - ok
16:37:25.0593 0x1368 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:37:25.0608 0x1368 LSI_SAS - ok
16:37:25.0624 0x1368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:37:25.0640 0x1368 LSI_SAS2 - ok
16:37:25.0655 0x1368 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:37:25.0671 0x1368 LSI_SCSI - ok
16:37:25.0702 0x1368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:37:25.0749 0x1368 luafv - ok
16:37:25.0780 0x1368 lxct_device - ok
16:37:25.0874 0x1368 [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
16:37:25.0920 0x1368 McComponentHostService - ok
16:37:25.0952 0x1368 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:37:25.0983 0x1368 Mcx2Svc - ok
16:37:25.0998 0x1368 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:37:26.0014 0x1368 megasas - ok
16:37:26.0045 0x1368 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:37:26.0061 0x1368 MegaSR - ok
16:37:26.0092 0x1368 [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
16:37:26.0108 0x1368 MEIx64 - ok
16:37:26.0170 0x1368 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA, 18683A7CE5AF0A9C5D7E33EB99588AE55FC61103A8894F3F45E2101355966A71 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
16:37:26.0201 0x1368 MemeoBackgroundService - ok
16:37:26.0279 0x1368 Microsoft SharePoint Workspace Audit Service - ok
16:37:26.0326 0x1368 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:37:26.0388 0x1368 MMCSS - ok
16:37:26.0404 0x1368 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:37:26.0435 0x1368 Modem - ok
16:37:26.0451 0x1368 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:37:26.0466 0x1368 monitor - ok
16:37:26.0513 0x1368 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:37:26.0544 0x1368 mouclass - ok
16:37:26.0576 0x1368 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:37:26.0591 0x1368 mouhid - ok
16:37:26.0607 0x1368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:37:26.0622 0x1368 mountmgr - ok
16:37:26.0685 0x1368 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:37:26.0700 0x1368 MozillaMaintenance - ok
16:37:26.0716 0x1368 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:37:26.0716 0x1368 mpio - ok
16:37:26.0747 0x1368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:37:26.0778 0x1368 mpsdrv - ok
16:37:26.0825 0x1368 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:37:26.0888 0x1368 MpsSvc - ok
16:37:26.0934 0x1368 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:37:26.0966 0x1368 MRxDAV - ok
16:37:26.0997 0x1368 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:27.0028 0x1368 mrxsmb - ok
16:37:27.0059 0x1368 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:27.0075 0x1368 mrxsmb10 - ok
16:37:27.0090 0x1368 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:27.0106 0x1368 mrxsmb20 - ok
16:37:27.0122 0x1368 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:37:27.0137 0x1368 msahci - ok
16:37:27.0168 0x1368 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:37:27.0184 0x1368 msdsm - ok
16:37:27.0215 0x1368 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:37:27.0231 0x1368 MSDTC - ok
16:37:27.0262 0x1368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:37:27.0293 0x1368 Msfs - ok
16:37:27.0309 0x1368 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:37:27.0340 0x1368 mshidkmdf - ok
16:37:27.0356 0x1368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:37:27.0371 0x1368 msisadrv - ok
16:37:27.0402 0x1368 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:37:27.0465 0x1368 MSiSCSI - ok
16:37:27.0465 0x1368 msiserver - ok
16:37:27.0496 0x1368 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:37:27.0527 0x1368 MSKSSRV - ok
16:37:27.0543 0x1368 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:27.0574 0x1368 MSPCLOCK - ok
16:37:27.0590 0x1368 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:37:27.0621 0x1368 MSPQM - ok
16:37:27.0652 0x1368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:37:27.0668 0x1368 MsRPC - ok
16:37:27.0699 0x1368 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:37:27.0730 0x1368 mssmbios - ok
16:37:27.0761 0x1368 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:37:27.0808 0x1368 MSTEE - ok
16:37:27.0824 0x1368 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:37:27.0824 0x1368 MTConfig - ok
16:37:27.0839 0x1368 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:37:27.0855 0x1368 Mup - ok
16:37:27.0886 0x1368 [ 4D02A9A4AAE43280D8631F232AAD79BC, 2122C1901F16FDCAE35C434FF44D86800F63DBB902165EEB471404D93601D5E5 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:37:27.0902 0x1368 MyWiFiDHCPDNS - ok
16:37:27.0948 0x1368 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:37:27.0995 0x1368 napagent - ok
16:37:28.0058 0x1368 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:37:28.0120 0x1368 NativeWifiP - ok
16:37:28.0260 0x1368 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:37:28.0323 0x1368 NDIS - ok
16:37:28.0338 0x1368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:37:28.0370 0x1368 NdisCap - ok
16:37:28.0401 0x1368 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:28.0432 0x1368 NdisTapi - ok
16:37:28.0448 0x1368 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:28.0479 0x1368 Ndisuio - ok
16:37:28.0494 0x1368 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:28.0526 0x1368 NdisWan - ok
16:37:28.0541 0x1368 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:37:28.0572 0x1368 NDProxy - ok
16:37:28.0604 0x1368 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:37:28.0635 0x1368 NetBIOS - ok
16:37:28.0650 0x1368 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:37:28.0697 0x1368 NetBT - ok
16:37:28.0713 0x1368 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
16:37:28.0728 0x1368 Netlogon - ok
16:37:28.0760 0x1368 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:37:28.0806 0x1368 Netman - ok
16:37:28.0884 0x1368 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:28.0931 0x1368 NetMsmqActivator - ok
16:37:28.0962 0x1368 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:28.0978 0x1368 NetPipeActivator - ok
16:37:29.0009 0x1368 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:37:29.0056 0x1368 netprofm - ok
16:37:29.0087 0x1368 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:29.0103 0x1368 NetTcpActivator - ok
16:37:29.0118 0x1368 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:29.0134 0x1368 NetTcpPortSharing - ok
16:37:29.0540 0x1368 [ 262225F08B891FD7F16B3B93A3177C1F, 40F82431C26617B40573BBB6715D13294B10CBE6B357E26D5406FA7321F4554F ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
16:37:30.0195 0x1368 NETwNs64 - ok
16:37:30.0257 0x1368 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:37:30.0288 0x1368 nfrd960 - ok
16:37:30.0304 0x1368 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:37:30.0335 0x1368 NlaSvc - ok
16:37:30.0351 0x1368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:37:30.0382 0x1368 Npfs - ok
16:37:30.0398 0x1368 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:37:30.0429 0x1368 nsi - ok
16:37:30.0444 0x1368 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:37:30.0476 0x1368 nsiproxy - ok
16:37:30.0585 0x1368 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:37:30.0663 0x1368 Ntfs - ok
16:37:30.0678 0x1368 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:37:30.0710 0x1368 Null - ok
16:37:30.0772 0x1368 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
16:37:30.0788 0x1368 NVENETFD - ok
16:37:31.0209 0x1368 [ DD81FBC57AB9134CDDC5CE90880BFD80, 16DF4D9645238D1014FA9189FF171DCF7B7C7573F759B5AC73025518139D86B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:37:31.0677 0x1368 nvlddmkm - ok
16:37:31.0708 0x1368 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:37:31.0724 0x1368 nvraid - ok
16:37:31.0755 0x1368 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:37:31.0770 0x1368 nvstor - ok
16:37:31.0817 0x1368 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:37:31.0848 0x1368 nv_agp - ok
16:37:31.0880 0x1368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:37:31.0895 0x1368 ohci1394 - ok
16:37:31.0958 0x1368 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:37:31.0989 0x1368 ose - ok
16:37:32.0223 0x1368 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:37:32.0441 0x1368 osppsvc - ok
16:37:32.0488 0x1368 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:37:32.0504 0x1368 p2pimsvc - ok
16:37:32.0535 0x1368 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:37:32.0566 0x1368 p2psvc - ok
16:37:32.0582 0x1368 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:37:32.0597 0x1368 Parport - ok
16:37:32.0628 0x1368 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:37:32.0644 0x1368 partmgr - ok
16:37:32.0660 0x1368 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
16:37:32.0691 0x1368 PcaSvc - ok
16:37:32.0706 0x1368 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
16:37:32.0722 0x1368 pci - ok
16:37:32.0753 0x1368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:37:32.0769 0x1368 pciide - ok
16:37:32.0816 0x1368 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:37:32.0847 0x1368 pcmcia - ok
16:37:32.0862 0x1368 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:37:32.0878 0x1368 pcw - ok
16:37:32.0909 0x1368 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:37:32.0956 0x1368 PEAUTH - ok
16:37:33.0018 0x1368 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:37:33.0050 0x1368 PerfHost - ok
16:37:33.0159 0x1368 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:37:33.0252 0x1368 pla - ok
16:37:33.0284 0x1368 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:37:33.0330 0x1368 PlugPlay - ok
16:37:33.0330 0x1368 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:37:33.0346 0x1368 PNRPAutoReg - ok
16:37:33.0377 0x1368 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:37:33.0393 0x1368 PNRPsvc - ok
16:37:33.0424 0x1368 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:37:33.0471 0x1368 PolicyAgent - ok
16:37:33.0518 0x1368 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
16:37:33.0549 0x1368 Power - ok
16:37:33.0580 0x1368 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:37:33.0611 0x1368 PptpMiniport - ok
16:37:33.0627 0x1368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:37:33.0674 0x1368 Processor - ok
16:37:33.0705 0x1368 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
16:37:33.0736 0x1368 ProfSvc - ok
16:37:33.0752 0x1368 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:37:33.0783 0x1368 ProtectedStorage - ok
16:37:33.0798 0x1368 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:37:33.0830 0x1368 Psched - ok
16:37:33.0876 0x1368 [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
16:37:33.0923 0x1368 PSI_SVC_2 - ok
16:37:33.0954 0x1368 [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:37:33.0970 0x1368 PxHlpa64 - ok
16:37:34.0079 0x1368 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:37:34.0142 0x1368 ql2300 - ok
16:37:34.0157 0x1368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:37:34.0173 0x1368 ql40xx - ok
16:37:34.0220 0x1368 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:37:34.0235 0x1368 QWAVE - ok
16:37:34.0266 0x1368 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:37:34.0282 0x1368 QWAVEdrv - ok
16:37:34.0298 0x1368 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:37:34.0329 0x1368 RasAcd - ok
16:37:34.0344 0x1368 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:37:34.0376 0x1368 RasAgileVpn - ok
16:37:34.0391 0x1368 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:37:34.0422 0x1368 RasAuto - ok
16:37:34.0438 0x1368 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:34.0469 0x1368 Rasl2tp - ok
16:37:34.0500 0x1368 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
16:37:34.0532 0x1368 RasMan - ok
16:37:34.0547 0x1368 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:34.0594 0x1368 RasPppoe - ok
16:37:34.0594 0x1368 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:37:34.0625 0x1368 RasSstp - ok
16:37:34.0656 0x1368 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:37:34.0688 0x1368 rdbss - ok
16:37:34.0719 0x1368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:37:34.0734 0x1368 rdpbus - ok
16:37:34.0766 0x1368 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:34.0797 0x1368 RDPCDD - ok
16:37:34.0812 0x1368 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:37:34.0844 0x1368 RDPENCDD - ok
16:37:34.0875 0x1368 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:37:34.0906 0x1368 RDPREFMP - ok
16:37:34.0937 0x1368 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:37:34.0984 0x1368 RDPWD - ok
16:37:35.0031 0x1368 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:37:35.0062 0x1368 rdyboost - ok
16:37:35.0140 0x1368 [ C480D028012881E0136962A49379688D, 538BC0C4A614E90BE1E0351B1D8192ACCB5C550222F51A24F236CB96AEF285D1 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:37:35.0156 0x1368 RegSrvc - ok
16:37:35.0187 0x1368 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:37:35.0234 0x1368 RemoteAccess - ok
16:37:35.0249 0x1368 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:37:35.0296 0x1368 RemoteRegistry - ok
16:37:35.0343 0x1368 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:37:35.0358 0x1368 RFCOMM - ok
16:37:35.0452 0x1368 [ 0B169FE016039571ECC6DB70073F8979, B80663433919C3DE83A02E376E5B3020856C6E9E98B5773D316FD9C1C02C1417 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
16:37:35.0514 0x1368 RichVideo64 - ok
16:37:35.0546 0x1368 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:37:35.0592 0x1368 RpcEptMapper - ok
16:37:35.0608 0x1368 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:37:35.0624 0x1368 RpcLocator - ok
16:37:35.0655 0x1368 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
16:37:35.0702 0x1368 RpcSs - ok
16:37:35.0717 0x1368 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:37:35.0748 0x1368 rspndr - ok
16:37:35.0826 0x1368 [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
16:37:35.0842 0x1368 RSUSBSTOR - ok
16:37:35.0889 0x1368 [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:37:35.0920 0x1368 RTL8167 - ok
16:37:36.0014 0x1368 [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
16:37:36.0060 0x1368 RTL8192su - ok
16:37:36.0076 0x1368 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
16:37:36.0107 0x1368 SamSs - ok
16:37:36.0138 0x1368 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:37:36.0154 0x1368 sbp2port - ok
16:37:36.0185 0x1368 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:37:36.0216 0x1368 SCardSvr - ok
16:37:36.0232 0x1368 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:37:36.0263 0x1368 scfilter - ok
16:37:36.0310 0x1368 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
16:37:36.0372 0x1368 Schedule - ok
16:37:36.0419 0x1368 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:37:36.0450 0x1368 SCPolicySvc - ok
16:37:36.0466 0x1368 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:37:36.0497 0x1368 SDRSVC - ok
16:37:36.0528 0x1368 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:37:36.0591 0x1368 secdrv - ok
16:37:36.0638 0x1368 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
16:37:36.0700 0x1368 seclogon - ok
16:37:36.0716 0x1368 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
16:37:36.0747 0x1368 SENS - ok
16:37:36.0778 0x1368 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:37:36.0809 0x1368 SensrSvc - ok
16:37:36.0840 0x1368 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:37:36.0840 0x1368 Serenum - ok
16:37:36.0872 0x1368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
16:37:36.0887 0x1368 Serial - ok
16:37:36.0934 0x1368 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:37:36.0950 0x1368 sermouse - ok
16:37:36.0965 0x1368 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
16:37:37.0012 0x1368 SessionEnv - ok
16:37:37.0028 0x1368 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:37:37.0043 0x1368 sffdisk - ok
16:37:37.0043 0x1368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:37:37.0059 0x1368 sffp_mmc - ok
16:37:37.0074 0x1368 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:37:37.0090 0x1368 sffp_sd - ok
16:37:37.0106 0x1368 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:37:37.0121 0x1368 sfloppy - ok
16:37:37.0168 0x1368 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:37:37.0246 0x1368 SharedAccess - ok
16:37:37.0293 0x1368 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:37:37.0340 0x1368 ShellHWDetection - ok
16:37:37.0371 0x1368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:37:37.0371 0x1368 SiSRaid2 - ok
16:37:37.0402 0x1368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:37:37.0418 0x1368 SiSRaid4 - ok
16:37:37.0464 0x1368 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:37:37.0496 0x1368 SkypeUpdate - ok
16:37:37.0527 0x1368 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:37:37.0558 0x1368 Smb - ok
16:37:37.0605 0x1368 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:37:37.0636 0x1368 SNMPTRAP - ok
16:37:37.0636 0x1368 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:37:37.0652 0x1368 spldr - ok
16:37:37.0745 0x1368 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:37:37.0776 0x1368 Spooler - ok
16:37:37.0964 0x1368 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:37:38.0182 0x1368 sppsvc - ok
16:37:38.0198 0x1368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:37:38.0229 0x1368 sppuinotify - ok
16:37:38.0260 0x1368 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:37:38.0307 0x1368 srv - ok
16:37:38.0322 0x1368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:37:38.0354 0x1368 srv2 - ok
16:37:38.0369 0x1368 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:37:38.0385 0x1368 srvnet - ok
16:37:38.0416 0x1368 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:37:38.0447 0x1368 SSDPSRV - ok
16:37:38.0463 0x1368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:37:38.0510 0x1368 SstpSvc - ok
16:37:38.0541 0x1368 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:37:38.0541 0x1368 stexstor - ok
16:37:38.0588 0x1368 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
16:37:38.0634 0x1368 StillCam - ok
16:37:38.0697 0x1368 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:37:38.0744 0x1368 stisvc - ok
16:37:38.0775 0x1368 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
16:37:38.0775 0x1368 swenum - ok
16:37:38.0915 0x1368 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:37:38.0962 0x1368 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
16:37:40.0694 0x1078 Object required for P2P: [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi
16:37:41.0411 0x1368 Object required for P2P: [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard
16:37:43.0330 0x1078 Object send P2P result: true
16:37:43.0330 0x1078 Object required for P2P: [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan
16:37:45.0982 0x1078 Object send P2P result: true
16:37:45.0998 0x1078 Object required for P2P: [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV
16:37:57.0510 0x1078 Object send P2P result: true
16:37:57.0557 0x1078 Object required for P2P: [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR
16:37:58.0743 0x1368 Object send P2P result: true
16:37:58.0743 0x1368 Detect skipped due to KSN trusted
16:37:58.0743 0x1368 SwitchBoard - ok
16:37:58.0805 0x1368 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:37:58.0883 0x1368 swprv - ok
16:37:58.0930 0x1368 [ BD4F51AEF67AB7D57698BC4AAD983D1F, 1953BE906222CD9761CC46F471903E92682D7AC68FD0BC14EDB7F59D4C0C7290 ] SynTP C:\Windows\system32\drivers\SynTP.sys
16:37:58.0961 0x1368 SynTP - ok
16:37:59.0055 0x1368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
16:37:59.0117 0x1368 SysMain - ok
16:37:59.0133 0x1368 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:37:59.0149 0x1368 TabletInputService - ok
16:37:59.0180 0x1368 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:37:59.0211 0x1368 TapiSrv - ok
16:37:59.0227 0x1368 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:37:59.0258 0x1368 TBS - ok
16:37:59.0383 0x1368 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:37:59.0476 0x1368 Tcpip - ok
16:37:59.0585 0x1368 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:37:59.0648 0x1368 TCPIP6 - ok
16:37:59.0679 0x1368 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:37:59.0695 0x1368 tcpipreg - ok
16:37:59.0726 0x1368 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:37:59.0741 0x1368 TDPIPE - ok
16:37:59.0773 0x1368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:37:59.0804 0x1368 TDTCP - ok
16:37:59.0835 0x1368 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:37:59.0882 0x1368 tdx - ok
16:37:59.0913 0x1368 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
16:37:59.0929 0x1368 TermDD - ok
16:37:59.0975 0x1368 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
16:38:00.0053 0x1368 TermService - ok
16:38:00.0069 0x1368 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:38:00.0069 0x1078 Object send P2P result: true
16:38:00.0069 0x1078 Object required for P2P: [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port
16:38:00.0085 0x1368 Themes - ok
16:38:00.0100 0x1368 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:38:00.0131 0x1368 THREADORDER - ok
16:38:00.0147 0x1368 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:38:00.0194 0x1368 TrkWks - ok
16:38:00.0241 0x1368 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:38:00.0272 0x1368 TrustedInstaller - ok
16:38:00.0303 0x1368 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:38:00.0319 0x1368 tssecsrv - ok
16:38:00.0334 0x1368 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:38:00.0365 0x1368 TsUsbFlt - ok
16:38:00.0397 0x1368 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:38:00.0412 0x1368 TsUsbGD - ok
16:38:00.0428 0x1368 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:38:00.0475 0x1368 tunnel - ok
16:38:00.0506 0x1368 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:38:00.0521 0x1368 uagp35 - ok
16:38:00.0537 0x1368 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:38:00.0568 0x1368 udfs - ok
16:38:00.0599 0x1368 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:38:00.0615 0x1368 UI0Detect - ok
16:38:00.0646 0x1368 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:38:00.0662 0x1368 uliagpkx - ok
16:38:00.0693 0x1368 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:38:00.0724 0x1368 umbus - ok
16:38:00.0755 0x1368 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:38:00.0771 0x1368 UmPass - ok
16:38:00.0865 0x1368 [ F76057596EF65049869098677AB72C30, 4EE9353243CB64D0A3AFE060924D93225FB2EB085212F3AEC7A862FFF449C82A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:38:00.0911 0x1368 UNS - ok
16:38:00.0958 0x1368 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:38:01.0021 0x1368 upnphost - ok
16:38:01.0052 0x1368 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:38:01.0067 0x1368 USBAAPL64 - ok
16:38:01.0099 0x1368 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:38:01.0130 0x1368 usbccgp - ok
16:38:01.0161 0x1368 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:38:01.0192 0x1368 usbcir - ok
16:38:01.0223 0x1368 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:38:01.0255 0x1368 usbehci - ok
16:38:01.0286 0x1368 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:38:01.0317 0x1368 usbhub - ok
16:38:01.0348 0x1368 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:38:01.0364 0x1368 usbohci - ok
16:38:01.0395 0x1368 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:38:01.0411 0x1368 usbprint - ok
16:38:01.0442 0x1368 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
16:38:01.0457 0x1368 usbscan - ok
16:38:01.0473 0x1368 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:38:01.0504 0x1368 USBSTOR - ok
16:38:01.0504 0x1368 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:38:01.0520 0x1368 usbuhci - ok
16:38:01.0551 0x1368 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:38:01.0582 0x1368 usbvideo - ok
16:38:01.0613 0x1368 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:38:01.0660 0x1368 UxSms - ok
16:38:01.0676 0x1368 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
16:38:01.0707 0x1368 VaultSvc - ok
16:38:01.0738 0x1368 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:38:01.0754 0x1368 vdrvroot - ok
16:38:01.0785 0x1368 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:38:01.0832 0x1368 vds - ok
16:38:01.0879 0x1368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:38:01.0910 0x1368 vga - ok
16:38:01.0925 0x1368 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:38:01.0972 0x1368 VgaSave - ok
16:38:01.0988 0x1368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:38:02.0003 0x1368 vhdmp - ok
16:38:02.0019 0x1368 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:38:02.0035 0x1368 viaide - ok
16:38:02.0050 0x1368 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:38:02.0050 0x1368 volmgr - ok
16:38:02.0081 0x1368 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:38:02.0113 0x1368 volmgrx - ok
16:38:02.0144 0x1368 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:38:02.0159 0x1368 volsnap - ok
16:38:02.0191 0x1368 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:38:02.0206 0x1368 vsmraid - ok
16:38:02.0284 0x1368 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:38:02.0378 0x1368 VSS - ok
16:38:02.0409 0x1368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:38:02.0425 0x1368 vwifibus - ok
16:38:02.0456 0x1368 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:38:02.0471 0x1368 vwififlt - ok
16:38:02.0487 0x1368 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:38:02.0503 0x1368 vwifimp - ok
16:38:02.0518 0x1368 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:38:02.0565 0x1368 W32Time - ok
16:38:02.0581 0x1368 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:38:02.0581 0x1368 WacomPen - ok
16:38:02.0612 0x1368 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:38:02.0643 0x1368 WANARP - ok
16:38:02.0659 0x1368 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:38:02.0690 0x1368 Wanarpv6 - ok
16:38:02.0799 0x1368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:38:02.0861 0x1368 WatAdminSvc - ok
16:38:02.0955 0x1368 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:38:03.0033 0x1368 wbengine - ok
16:38:03.0064 0x1368 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:38:03.0080 0x1368 WbioSrvc - ok
16:38:03.0111 0x1368 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:38:03.0142 0x1368 wcncsvc - ok
16:38:03.0142 0x1368 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:38:03.0173 0x1368 WcsPlugInService - ok
16:38:03.0205 0x1368 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:38:03.0220 0x1368 Wd - ok
16:38:03.0267 0x1368 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:38:03.0329 0x1368 Wdf01000 - ok
16:38:03.0345 0x1368 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:38:03.0423 0x1368 WdiServiceHost - ok
16:38:03.0439 0x1368 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:38:03.0485 0x1368 WdiSystemHost - ok
16:38:03.0517 0x1368 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
16:38:03.0548 0x1368 WebClient - ok
16:38:03.0579 0x1368 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:38:03.0626 0x1368 Wecsvc - ok
16:38:03.0641 0x1368 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:38:03.0673 0x1368 wercplsupport - ok
16:38:03.0704 0x1368 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:38:03.0735 0x1368 WerSvc - ok
16:38:03.0766 0x1368 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:38:03.0797 0x1368 WfpLwf - ok
16:38:03.0797 0x1368 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:38:03.0813 0x1368 WIMMount - ok
16:38:03.0829 0x1368 WinDefend - ok
16:38:03.0844 0x1368 WinHttpAutoProxySvc - ok
16:38:03.0907 0x1368 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:38:03.0985 0x1368 Winmgmt - ok
16:38:04.0078 0x1368 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
16:38:04.0187 0x1368 WinRM - ok
16:38:04.0234 0x1368 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:38:04.0234 0x1368 WinUsb - ok
16:38:04.0281 0x1368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:38:04.0328 0x1368 Wlansvc - ok
16:38:04.0359 0x1368 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:38:04.0390 0x1368 wlcrasvc - ok
16:38:04.0546 0x1368 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:38:04.0640 0x1368 wlidsvc - ok
16:38:04.0671 0x1368 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:38:04.0687 0x1368 WmiAcpi - ok
16:38:04.0718 0x1368 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:38:04.0733 0x1368 wmiApSrv - ok
16:38:04.0765 0x1368 WMPNetworkSvc - ok
16:38:04.0796 0x1368 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:38:04.0827 0x1368 WPCSvc - ok
16:38:04.0843 0x1368 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:38:04.0889 0x1368 WPDBusEnum - ok
16:38:04.0905 0x1368 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:38:04.0952 0x1368 ws2ifsl - ok
16:38:04.0983 0x1368 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
16:38:04.0999 0x1368 wscsvc - ok
16:38:04.0999 0x1368 WSearch - ok
16:38:05.0045 0x1368 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA, 7EEB1B8F1430AFB06A18DC6107DBDD57EBBF473FF96F3578481EB89724823393 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
16:38:05.0061 0x1368 wsvd - ok
16:38:05.0217 0x1368 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
16:38:05.0373 0x1368 wuauserv - ok
16:38:05.0404 0x1368 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:38:05.0435 0x1368 WudfPf - ok
16:38:05.0482 0x1368 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:38:05.0513 0x1368 WUDFRd - ok
16:38:05.0545 0x1368 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:38:05.0560 0x1368 wudfsvc - ok
16:38:05.0576 0x1368 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:38:05.0607 0x1368 WwanSvc - ok
16:38:05.0810 0x1368 [ 118C018DF1C53B94F8C06D2CABBBDA52, 7C5844AF7B02DBC5A10ECFA2A09F1CE5121B93A276AF7C1BBE496253C6B0EEAB ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
16:38:05.0966 0x1368 ZeroConfigService - ok
16:38:06.0013 0x1368 ================ Scan global ===============================
16:38:06.0028 0x1368 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:38:06.0075 0x1368 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:38:06.0091 0x1368 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:38:06.0106 0x1368 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:38:06.0137 0x1368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:38:06.0153 0x1368 [ Global ] - ok
16:38:06.0153 0x1368 ================ Scan MBR ==================================
16:38:06.0169 0x1368 [ 9FE16FF95180A12A49CD2E9879C991E6 ] \Device\Harddisk0\DR0
16:38:08.0649 0x1368 \Device\Harddisk0\DR0 - ok
16:38:08.0649 0x1368 ================ Scan VBR ==================================
16:38:08.0649 0x1368 [ A20827DC65E27968F5154F84148E33D6 ] \Device\Harddisk0\DR0\Partition1
16:38:08.0665 0x1368 \Device\Harddisk0\DR0\Partition1 - ok
16:38:08.0665 0x1368 [ 98754DAF62F60B2D0BAF682649A90F83 ] \Device\Harddisk0\DR0\Partition2
16:38:08.0665 0x1368 \Device\Harddisk0\DR0\Partition2 - ok
16:38:08.0680 0x1368 [ 1F00D2B2A965D9948BBC52103EB4B231 ] \Device\Harddisk0\DR0\Partition3
16:38:08.0680 0x1368 \Device\Harddisk0\DR0\Partition3 - ok
16:38:08.0680 0x1368 ================ Scan generic autorun ======================
16:38:08.0758 0x1368 [ F10B83038ACC83CEEA4B3C6C6FE46E72, 947B374696957E317BAAA7D240FAE58DE613792347E6C1CEF287A3CCAC54227D ] C:\Windows\system32\hkcmd.exe
16:38:08.0805 0x1368 HotKeysCmds - ok
16:38:08.0836 0x1368 [ 143DA8EEAE483C00DEF75BA50B218C67, 170A8C4B9864E8A26F63E583BCD494895CD1BE253CD797318F8BA50A4092AF22 ] C:\Windows\system32\igfxpers.exe
16:38:08.0852 0x1368 Persistence - ok
16:38:09.0304 0x1368 [ CCC2990D218899C9D4EA36CD520DD29A, C78FD6490778DBFA174DDAEEB60E1C610F4E8AA24C35752E9CAE331BD27B7058 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
16:38:09.0803 0x1368 RtHDVCpl - ok
16:38:09.0866 0x1368 [ B1DDCBE7D17DE94045FE9E40EB3D0170, 76EAF208139160C10937FEB4CB47A9890BF66414A3958289DDDCE62EA6E701FC ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
16:38:09.0928 0x1368 RtHDVBg_Dolby - ok
16:38:10.0006 0x1368 [ 393F021E2A9FA19AC94BA4482E32FC6C, 8DC7A061643099B8A1915ADB59D89912A117883D4194BCC05F653E19DFD321A9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
16:38:10.0053 0x1368 AdobeAAMUpdater-1.0 - ok
16:38:10.0100 0x1368 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:38:10.0131 0x1368 USB3MON - ok
16:38:10.0178 0x1368 [ EFC77110B674E4F0945E7E85E2EAAB7C, F6CC7D74C45A9EDAC81E97EB225DD1465A640A6DF79605A468C1C381FB12D5F4 ] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
16:38:10.0209 0x1368 Dolby Advanced Audio v2 - ok
16:38:10.0240 0x1368 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:38:10.0256 0x1368 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
16:38:10.0256 0x1368 Object required for P2P: [ F577910A133A592234EBAAD3F3AFA258 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:38:12.0799 0x1368 Object send P2P result: true
16:38:12.0799 0x1368 Detect skipped due to KSN trusted
16:38:12.0799 0x1368 SwitchBoard - ok
16:38:12.0970 0x1368 [ E1636F57581CAB5D995FD54D2991EF57, BB6B3D005054D386D596A4BA4D9D2F1284D7C845C1CD5EE63775B4569559E0EB ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
16:38:13.0033 0x1368 AdobeCS5.5ServiceManager - ok
16:38:13.0142 0x1368 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:38:13.0189 0x1368 Adobe ARM - ok
16:38:13.0282 0x1368 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
16:38:13.0345 0x1368 avgnt - ok
16:38:13.0423 0x1368 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
16:38:13.0454 0x1368 HP Software Update - ok
16:38:13.0547 0x1368 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
16:38:13.0657 0x1368 Sidebar - ok
16:38:13.0828 0x1368 [ BD13B6E4F250358DCE617047FF3512D4, C7D3291191B4D76738C291B582ECF97D538FFCAE1D23B5F594AA237022FD82E7 ] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
16:38:13.0937 0x1368 HP Deskjet 3050A J611 series (NET) - ok
16:38:14.0109 0x1368 [ B66E0842FCF485F3E2D41BF0BA10966F, 966B8386B2D060167E8EAAE478509013A8729FE2CF11F890D3F9DCDA90768F34 ] C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
16:38:14.0187 0x1368 Spotify Web Helper - ok
16:38:14.0187 0x1368 Waiting for KSN requests completion. In queue: 133
16:38:15.0201 0x1368 Waiting for KSN requests completion. In queue: 133
16:38:16.0215 0x1368 Waiting for KSN requests completion. In queue: 133
16:38:16.0667 0x087c Object required for P2P: [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave
16:38:17.0229 0x1368 Waiting for KSN requests completion. In queue: 89
16:38:18.0243 0x1368 Waiting for KSN requests completion. In queue: 89
16:38:19.0257 0x1368 Waiting for KSN requests completion. In queue: 89
16:38:19.0288 0x087c Object send P2P result: true
16:38:20.0084 0x1078 Object send P2P result: false
16:38:20.0084 0x1078 Object required for P2P: [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4
16:38:20.0271 0x1368 Waiting for KSN requests completion. In queue: 6
16:38:21.0285 0x1368 Waiting for KSN requests completion. In queue: 6
16:38:22.0299 0x1368 Waiting for KSN requests completion. In queue: 6
16:38:22.0845 0x1078 Object send P2P result: true
16:38:23.0469 0x1368 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41010 ( enabled : outofdate )
16:38:23.0485 0x1368 Win FW state via NFP2: enabled
16:38:25.0981 0x1368 ============================================================
16:38:25.0981 0x1368 Scan finished
16:38:25.0981 0x1368 ============================================================
16:38:25.0996 0x15e4 Detected object count: 0
16:38:25.0996 0x15e4 Actual detected object count: 0
Malwarebytes Rootkit : Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.02.07.05
rootkit: v2015.02.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLO-LAPTOP [administrator]
07.02.2015 16:43:59
mbar-log-2015-02-07 (16-43-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 369008
Time elapsed: 24 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
LG Flo |
|
08.02.2015, 09:47
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2015, 11:10
| #5 |
| | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus hier das Logfile von Combofix. Ich hab bei Avira sowohl die Firewall, als auch den Echtzeitscanner deaktivieren können (ging gestern noch nicht). Trotzdem hat sich Avira während dem Scan gemeldet, dass Zugriff auf die Registry blockiert wurde. Soll ich Avira mal neuinstallieren und vorm Neuinstallieren im Offline Modus Combofix noch mal laufen lassen? Nach dem Scan jetzt sind einige Programme aus meiner Taskleiste (unten rechts) entfernt worden. Unter anderem auch Avira ... Code:
ATTFilter ComboFix 15-02-02.01 - Flo 08.02.2015 10:47:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3991.2188 [GMT 1:00]
ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-08 bis 2015-02-08 ))))))))))))))))))))))))))))))
.
.
2015-02-08 10:01 . 2015-02-08 10:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-02-08 10:01 . 2015-02-08 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-17 15:38 . 2015-02-07 15:42 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-17 15:38 . 2015-01-17 15:39 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-01-17 15:38 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-17 15:38 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 14:42 . 2014-10-21 15:27 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-13 12:05 223432 ----a-w- c:\users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-13 12:05 223432 ----a-w- c:\users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-13 12:05 223432 ----a-w- c:\users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"Spotify Web Helper"="c:\users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-11-20 1514040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-21 702768]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21446272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 09:52]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 14:56]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 14:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-06 17:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-13 12:05 262344 ----a-w- c:\users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-13 12:05 262344 ----a-w- c:\users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-13 12:05 262344 ----a-w- c:\users\Flo\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\q994ry6c.default-1421530135868\
FF - prefs.js: keyword.URL -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_’\00\00’\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~’\00\00’\00\00\00\00’\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-08 11:04:59
ComboFix-quarantined-files.txt 2015-02-08 10:04
ComboFix2.txt 2014-06-27 07:06
.
Vor Suchlauf: 11 Verzeichnis(se), 454.088.609.792 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 453.576.278.016 Bytes frei
.
- - End Of File - - F90B8BB0DB85A77B94220ACA9A6EA679
|
|
08.02.2015, 16:17
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus |
|
08.02.2015, 19:30
| #7 |
| | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Malewarebytes : heute hat er nichts mehr gefunden, aber ich hab noch die Logdatei vom 6.2. gefunden. Da waren ein paar Schädlinge drauf  8.2. : Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.02.2015 Scan Time: 18:21:22 Logfile: mbam08021845.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.08.05 Rootkit Database: v2015.02.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Flo Scan Type: Threat Scan Result: Completed Objects Scanned: 368453 Time Elapsed: 22 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 06.02.2015 Scan Time: 19:00:12 Logfile: mbam06021900.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.17.03 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Flo Scan Type: Threat Scan Result: Completed Objects Scanned: 366381 Time Elapsed: 28 min, 55 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Clara.A, C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe, 2132, Delete-on-Reboot, [c1b6e117375238fe202ac59c41c24db3] Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.BoBrowser.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\bobrowser.exe, Quarantined, [c4b38d6b0c7d6cca8a028be49b6849b7], PUP.Optional.BoBrowser.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\bobrowser.exe, Quarantined, [2c4b44b44e3bbf7756362d427e85c63a], PUP.Optional.Clara.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ClaraUpdater, Quarantined, [c1b6e117375238fe202ac59c41c24db3], Registry Values: 0 (No malicious items detected) Registry Data: 1 PUP.Optional.StrtPoint.A, HKU\S-1-5-21-1768391208-2957693539-2824807641-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=578080078, Good: (www.google.com), Bad: (hxxp://search.strtpoint.com/?v=insMac&t=1411&ap=578080078),Delete-on-Reboot,[a8cf03f56b1edc5abecaa1eb9273946c] Folders: 5 PUP.Optional.Clara.A, C:\Program Files (x86)\Common Files\ClaraUpdater, Delete-on-Reboot, [c1b6e117375238fe202ac59c41c24db3], PUP.Optional.StartPoint.A, C:\Users\Flo\AppData\Local\StartPoint\startpoint, Quarantined, [7205a05807829c9a8eaec0a94eb5f709], PUP.Optional.BoBrowser.A, C:\Users\Flo\AppData\Local\BoBrowser, Quarantined, [bdba09ef8ffa5cda815dc5a8976c966a], PUP.Optional.BoBrowser.A, C:\Users\Flo\AppData\Local\BoBrowser\User Data, Quarantined, [bdba09ef8ffa5cda815dc5a8976c966a], PUP.Optional.BoBrowser.A, C:\Users\Flo\AppData\Local\BoBrowser\User Data\Default, Quarantined, [bdba09ef8ffa5cda815dc5a8976c966a], Files: 10 PUP.Optional.PayByAds.A, C:\Users\Flo\AppData\Local\Temp\res.dll, Quarantined, [a5d27385fb8e2f077a306468bf4640c0], PUP.Optional.Clara.A, C:\Users\Flo\AppData\Local\Temp\setup.exe, Quarantined, [2a4d83752663c175228e2aaab9480cf4], PUP.Optional.StartPoint.A, C:\Users\Flo\AppData\Local\Temp\startpoint_1.exe, Quarantined, [2c4bb444a7e283b34784a7b4827e946c], PUP.Optional.Somoto, C:\Users\Flo\AppData\Local\Temp\bitool.dll, Quarantined, [383f906821680c2ab35e8629ab57728e], PUP.Optional.Somoto, C:\Users\Flo\AppData\Local\Temp\nsj7745.tmp, Quarantined, [6a0dbc3c9dec280e277a45bed431738d], PUP.Optional.BoBrowser.A, C:\Windows\System32\Tasks\Run_Bobby_Browser, Quarantined, [8becf6026d1c2610e83484ed4bb80df3], PUP.Optional.Clara.A, C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe, Delete-on-Reboot, [c1b6e117375238fe202ac59c41c24db3], PUP.Optional.BoBrowser.A, C:\Users\Flo\AppData\Local\BoBrowser\User Data\Local State, Quarantined, [bdba09ef8ffa5cda815dc5a8976c966a], PUP.Optional.BoBrowser.A, C:\Users\Flo\AppData\Local\BoBrowser\User Data\Default\History Provider Cache, Quarantined, [bdba09ef8ffa5cda815dc5a8976c966a], PUP.Optional.BoBrowser.A, C:\Users\Flo\AppData\Local\BoBrowser\User Data\Default\Preferences, Quarantined, [bdba09ef8ffa5cda815dc5a8976c966a], Physical Sectors: 0 (No malicious items detected) (end) ADW Cleaner hat auch noch mal bisschen aufgeräumt : Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 18:48:24
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Flo - FLO-LAPTOP
# Gestarted von : C:\Users\Flo\Desktop\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Flo\AppData\Local\StartPoint
***** [ Geplante Tasks ] *****
Task Gelöscht : ASP
Task Gelöscht : Run_Bobby_Browser
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{766D7B0C-3CF9-4531-AB5C-817B06C2C199}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82325EEF-E441-441C-BA1A-D2C37221C869}
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16563
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [3056 Bytes] - [24/06/2014 18:43:00]
AdwCleaner[R1].txt - [827 Bytes] - [24/06/2014 19:06:40]
AdwCleaner[R2].txt - [977 Bytes] - [01/07/2014 14:27:08]
AdwCleaner[R3].txt - [2397 Bytes] - [17/01/2015 16:13:38]
AdwCleaner[R4].txt - [2457 Bytes] - [17/01/2015 16:24:40]
AdwCleaner[R5].txt - [1593 Bytes] - [06/02/2015 18:52:16]
AdwCleaner[R6].txt - [2531 Bytes] - [08/02/2015 18:46:14]
AdwCleaner[S0].txt - [2829 Bytes] - [24/06/2014 18:43:52]
AdwCleaner[S1].txt - [883 Bytes] - [24/06/2014 19:07:25]
AdwCleaner[S2].txt - [2367 Bytes] - [17/01/2015 16:25:22]
AdwCleaner[S3].txt - [1608 Bytes] - [06/02/2015 18:53:01]
AdwCleaner[S4].txt - [2201 Bytes] - [08/02/2015 18:48:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2260 Bytes] ##########
Da ich Antivir nicht so einfach beenden konnte habe ich den PC vom Internet getrennt, es deinstalliert, JRT laufen lassen und anschließend Antivir wieder installiert bevor ich ins Netz gegangen bin. Siehe da. Ich kann Antivir wieder updaten  JRT : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Flo on 08.02.2015 at 19:09:41,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Flo\appdata\local\{11A6A484-E866-42F4-A451-72AF38288621}
Successfully deleted: [Empty Folder] C:\Users\Flo\appdata\local\{765B7F0C-C565-43BF-915E-B2F12E0DC789}
Successfully deleted: [Empty Folder] C:\Users\Flo\appdata\local\{AF0E015A-902C-473A-BFC5-0DB2D877074C}
~~~ FireFox
Emptied folder: C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\q994ry6c.default-1421530135868\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 19:12:41,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und das frische FRST Log : Code:
ATTFilter 2015-01-10 14:35 - 2013-03-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2015-02-06 18:30 - 2015-02-06 18:30 - 6103040 _____ () C:\Program Files (x86)\GUT6061.tmp
2014-11-16 18:21 - 2014-11-16 18:21 - 0004096 ____H () C:\Users\Flo\AppData\Local\keyfile3.drm
2015-01-21 14:46 - 2015-01-21 14:46 - 0000407 _____ () C:\Users\Flo\AppData\Local\psppirerc
2015-01-21 14:48 - 2015-01-21 14:48 - 0000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2012-08-30 10:57 - 2012-08-30 10:57 - 0017408 _____ () C:\Users\Flo\AppData\Local\WebpageIcons.db
2012-10-03 11:33 - 2012-10-03 11:33 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe
C:\Users\Flo\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-06 23:41
==================== End Of Log ============================
 Lag es daran, weil er nicht mit dem Internet verbunden war? |
|
09.02.2015, 06:42
| #8 |
| /// the machine /// TB-Ausbilder | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Nee die wird nur beim ersten Mal erstellt. Bitte die Kiste nicht vom Inet trennen. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.02.2015, 20:25
| #9 |
| | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Eset hat dann doch mal noch ein paar Sachen gefunden ... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ceb5dc5fe76cef4e9d16cd03460e2166
# engine=22380
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-09 06:54:27
# local_time=2015-02-09 07:54:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 88291 6690667 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 18843359 175137917 0 0
# scanned=377563
# found=7
# cleaned=0
# scan_time=10506
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=2D2A789C1C16BD020384A2382CBDBF6651760F47 ft=1 fh=5fd57de508e0ac01 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Flo\Desktop\Studium\2. Semester\Prüfungspläne und wichtiges\pdf24-creator.exe"
sh=5DE5F639F9C161A9C1A6798ED899852407FD1AA3 ft=1 fh=a6202afd9d0e4f0e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Flo\Downloads\FreeAudioDub1.7.9.9.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Flo\Festplatte\FlorianLapTop\Florian-Iomega\Programme\Nero 9 All\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=167B898DF1C970E3CE7E5CE795716AEB9F48FDF3 ft=1 fh=04f0313fb292dfc4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Flo\mareike programme\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"
Security Check hat mir ne Fehlermeldung ausgespuckt, warum weiß ich nicht. Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 14.0.0.145 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
und zum Schluss noch das frische FRST : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Flo (administrator) on FLO-LAPTOP on 09-02-2015 20:16:07
Running from C:\Users\Flo\Fuck of Viren\mareike programme
Loaded Profiles: Flo (Available profiles: Flo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxctcoms.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Run: [Spotify Web Helper] => C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-20] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1768391208-2957693539-2824807641-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\q994ry6c.default-1421530135868
FF NewTab:
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1768391208-2957693539-2824807641-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Flo\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\Flo\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Extension: Adblock Plus - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\q994ry6c.default-1421530135868\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF HKU\S-1-5-21-1768391208-2957693539-2824807641-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2015-02-06] (IObit)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\Windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 20:10 - 2015-02-09 20:10 - 00000965 _____ () C:\Users\Flo\Desktop\checkup.txt
2015-02-09 20:02 - 2015-02-09 20:02 - 00000041 _____ () C:\Users\Flo\Desktop\checkup1.txt
2015-02-09 19:59 - 2015-02-09 19:59 - 00852594 _____ () C:\Users\Flo\Desktop\SecurityCheck.exe
2015-02-09 16:55 - 2015-02-09 16:55 - 02347384 _____ (ESET) C:\Users\Flo\Desktop\esetsmartinstaller_deu.exe
2015-02-08 19:22 - 2015-02-08 19:21 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-08 19:21 - 2015-02-08 19:21 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Avira
2015-02-08 19:20 - 2015-02-08 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-08 19:19 - 2015-02-08 19:19 - 00000000 ____D () C:\ProgramData\Avira
2015-02-08 19:19 - 2015-02-08 19:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-08 19:19 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-08 19:19 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-08 19:19 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-08 19:12 - 2015-02-08 19:12 - 00001080 _____ () C:\Users\Flo\Desktop\JRT.txt
2015-02-08 18:53 - 2015-02-08 18:53 - 00002348 _____ () C:\Users\Flo\Desktop\AdwCleaner[S4].txt
2015-02-08 18:45 - 2015-02-08 18:45 - 00003794 _____ () C:\Users\Flo\Desktop\mbam06021900.txt
2015-02-08 18:45 - 2015-02-08 18:45 - 00001062 _____ () C:\Users\Flo\Desktop\mbam08021845.txt
2015-02-08 18:20 - 2015-02-08 18:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 18:20 - 2015-02-08 18:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-08 18:20 - 2015-02-08 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-08 18:20 - 2015-02-08 18:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-08 18:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-08 18:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-08 18:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 18:19 - 2015-02-08 18:19 - 01388274 _____ (Thisisu) C:\Users\Flo\Desktop\JRT.exe
2015-02-08 18:18 - 2015-02-08 18:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Flo\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 18:18 - 2015-02-08 18:18 - 02112512 _____ () C:\Users\Flo\Desktop\AdwCleaner_4.110.exe
2015-02-08 11:04 - 2015-02-08 11:04 - 00016065 _____ () C:\ComboFix.txt
2015-02-08 10:44 - 2015-02-08 10:44 - 05611380 ____R (Swearware) C:\Users\Flo\Desktop\ComboFix.exe
2015-02-07 16:43 - 2015-02-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 16:42 - 2015-02-07 17:25 - 00000000 ____D () C:\Users\Flo\Desktop\mbar
2015-02-07 16:35 - 2015-02-07 16:35 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Flo\Desktop\mbar-1.08.3.1004.exe
2015-02-07 16:34 - 2015-02-07 16:34 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Flo\Desktop\tdsskiller.exe
2015-02-06 18:42 - 2015-02-06 18:42 - 00002882 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2015-02-06 18:42 - 2015-02-06 18:42 - 00001260 _____ () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-06 18:42 - 2015-02-06 18:42 - 00001236 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-06 18:30 - 2015-02-06 18:30 - 06103040 _____ () C:\Program Files (x86)\GUT6061.tmp
2015-02-06 18:30 - 2015-02-06 18:30 - 00000000 ____D () C:\Program Files (x86)\GUM6032.tmp
2015-02-03 19:27 - 2015-02-03 19:27 - 00715038 _____ () C:\Windows\unins000.exe
2015-02-03 19:26 - 2015-02-03 19:27 - 00004134 _____ () C:\Windows\unins000.dat
2015-01-27 16:18 - 2015-02-03 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 14:48 - 2015-01-21 14:48 - 00000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2015-01-21 14:46 - 2015-01-21 14:46 - 00000407 _____ () C:\Users\Flo\AppData\Local\psppirerc
2015-01-21 14:40 - 2015-01-21 14:40 - 00000000 _____ () C:\Users\Flo\pspp.jnl
2015-01-17 22:29 - 2015-01-17 22:29 - 00000000 ____D () C:\Users\Flo\Alte Firefox-Daten
2015-01-17 22:25 - 2015-01-17 22:25 - 00000000 ____D () C:\Users\Flo\Pictures\Documents\RCT3
2015-01-17 22:25 - 2015-01-17 22:25 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 22:25 - 2015-01-17 22:25 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Atari
2015-01-17 22:19 - 2015-02-06 18:47 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite
2015-01-17 22:17 - 2015-02-06 18:47 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-17 22:05 - 2015-01-17 22:05 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 20:16 - 2014-06-26 15:51 - 00000000 ____D () C:\FRST
2015-02-09 20:15 - 2012-08-30 10:23 - 00000000 ____D () C:\Users\Flo\Pictures\Documents\Youcam
2015-02-09 20:12 - 2012-08-30 10:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 20:11 - 2014-11-02 00:01 - 00001727 _____ () C:\Windows\setupact.log
2015-02-09 20:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 20:09 - 2009-07-14 05:45 - 05100216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 20:04 - 2014-11-02 00:01 - 00201904 _____ () C:\Windows\PFRO.log
2015-02-09 20:02 - 2012-08-30 10:07 - 01254476 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 19:46 - 2012-08-30 10:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 19:37 - 2012-08-30 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 19:15 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 19:15 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 18:48 - 2014-06-24 18:42 - 00000000 ____D () C:\AdwCleaner
2015-02-08 11:05 - 2014-06-27 07:49 - 00000000 ____D () C:\Qoobox
2015-02-08 11:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-07 20:10 - 2014-11-01 21:36 - 00216825 _____ () C:\Windows\IE11_main.log
2015-02-07 15:40 - 2012-08-30 10:10 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 15:40 - 2012-08-30 10:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 19:36 - 2011-07-18 22:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 18:43 - 2014-06-24 18:18 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-06 18:41 - 2014-06-24 18:18 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-06 18:35 - 2014-07-09 10:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 19:26 - 2012-08-30 10:29 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Mozilla
2015-01-21 14:40 - 2012-08-30 10:20 - 00000000 ____D () C:\Users\Flo
2015-01-21 13:01 - 2011-05-16 15:04 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 13:01 - 2011-05-16 15:04 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 13:01 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 22:41 - 2014-07-09 09:57 - 00000000 ____D () C:\Users\Flo\Verknüpfungen
2015-01-17 16:37 - 2014-10-21 16:33 - 00000000 ____D () C:\Users\Flo\mareike programme
2015-01-17 16:31 - 2014-06-24 18:12 - 00000000 ____D () C:\Users\Flo\Fuck of Viren
2015-01-17 16:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-17 15:50 - 2012-10-17 20:13 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\vlc
2015-01-11 13:26 - 2013-04-25 22:47 - 00000000 ____D () C:\Users\Flo\Desktop\Arbeitskram
2015-01-10 14:35 - 2013-03-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
==================== Files in the root of some directories =======
2015-02-06 18:30 - 2015-02-06 18:30 - 6103040 _____ () C:\Program Files (x86)\GUT6061.tmp
2014-11-16 18:21 - 2014-11-16 18:21 - 0004096 ____H () C:\Users\Flo\AppData\Local\keyfile3.drm
2015-01-21 14:46 - 2015-01-21 14:46 - 0000407 _____ () C:\Users\Flo\AppData\Local\psppirerc
2015-01-21 14:48 - 2015-01-21 14:48 - 0000218 _____ () C:\Users\Flo\AppData\Local\recently-used.xbel
2012-08-30 10:57 - 2012-08-30 10:57 - 0017408 _____ () C:\Users\Flo\AppData\Local\WebpageIcons.db
2012-10-03 11:33 - 2012-10-03 11:33 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\avgnt.exe
C:\Users\Flo\AppData\Local\Temp\Quarantine.exe
C:\Users\Flo\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-06 23:41
==================== End Of Log ============================
--- --- --- Vielen Dank noch mal für deine bisherige Hilfe. Kriegen wir die Schädlinge noch komplett entfernt ? |
|
10.02.2015, 06:59
| #10 |
| /// the machine /// TB-Ausbilder | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Java und Flash updaten. Da sind nur noch Reste. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Flo\Desktop\Studium\2. Semester\Prüfungspläne und wichtiges\pdf24-creator.exe
C:\Users\Flo\Downloads\FreeAudioDub1.7.9.9.exe
C:\Users\Flo\Festplatte\FlorianLapTop\Florian-Iomega\Programme\Nero 9 All\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\Flo\mareike programme\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.02.2015, 17:46
| #11 |
| | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Fixlog : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Flo at 2015-02-10 17:32:45 Run:1
Running from C:\Users\Flo\Fuck of Viren\mareike programme
Loaded Profiles: Flo (Available profiles: Flo)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Flo\Desktop\Studium\2. Semester\Prüfungspläne und wichtiges\pdf24-creator.exe
C:\Users\Flo\Downloads\FreeAudioDub1.7.9.9.exe
C:\Users\Flo\Festplatte\FlorianLapTop\Florian-Iomega\Programme\Nero 9 All\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\Flo\mareike programme\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe
Emptytemp:
*****************
C:\Users\Flo\Desktop\Studium\2. Semester\Prüfungspläne und wichtiges\pdf24-creator.exe => Moved successfully.
C:\Users\Flo\Downloads\FreeAudioDub1.7.9.9.exe => Moved successfully.
C:\Users\Flo\Festplatte\FlorianLapTop\Florian-Iomega\Programme\Nero 9 All\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe => Moved successfully.
C:\Users\Flo\mareike programme\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.
D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe => Moved successfully.
EmptyTemp: => Removed 245.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:33:40 ====
Das waren ja wohl dann die Daten, in denen sich der Virus noch festgesetzt hat, oder verstehe ich das falsch? Die Word Datei, von der ich ganz am Anfang gesprochen habe befindet sich noch auf einem USB-Stick, den ich aber beim Scan mit ESET auch angeschlossen hatte. Da hat er aber nichts gefunden. Sollte ich diese Datei vorsichtshalber auch löschen und nicht mehr öffnen? und die FSS.txt : Code:
ATTFilter Farbar Service Scanner Version: 17-01-2015
Ran by Flo (administrator) on 10-02-2015 at 17:42:00
Running from "C:\Users\Flo\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Vielen Dank!!! |
|
11.02.2015, 07:06
| #12 |
| /// the machine /// TB-Ausbilder | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Ja die kannste löschen. 
 Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.02.2015, 10:33
| #13 |
| | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Naja ganz funktioniert noch nicht alles. Der Trojaner ist scheinbar nicht mehr hier zumindest könnte avira ihn nicht mehr finden. Leider hat mein Laptop einige Probleme im wartungscenter. Zum Beispiel soll ich mich vor unerwünschter Software schützen. Wenn ich das Problem dann beheben will, kann ich avira auswählen, aber irgendwie tut sich nichts Dachte tweaking würde diese Probleme beheben, aber leider hat sich da nichts getan. Soll ich mal nen Screenshot von den Problemen machen? |
|
17.02.2015, 12:01
| #14 |
| /// Avira Support  | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Hallo Flo, wenn das Avira Update immer noch nach einem Neustart verlangt obwohl dieser ausgeführt wurde, liegt das an einer Datei die auf dem Rechner. Du kannst diese Datei ohne bedenken löschen: https://answers.avira.com/de/questio...erbleibt-10163 Nun sollte das Update wieder funktionieren. Bitte führe danach einen Neustart durch. Eventuell behebt dies auch schon das Problem mit dem Windows Wartungscenter. Falls nicht, kannst du diese Schritte durchführen: https://answers.avira.com/de/questio...iert-ist-10045 Bitte melde dich falls es mit einer der Anleitungen Schwierigkeiten gibt.
__________________ Working@Avira |
|
17.02.2015, 20:01
| #15 |
| /// the machine /// TB-Ausbilder | Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus Wenn obiges nicht hilft Avira deinstallieren und neu installieren, das hilft eigentlich immer.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner TR/trash.gen; Windows7; Claraupdater.exe; Antivir verlangt nach Neustart für Update; Worddatei enthält Virus |
| .com, 0x8007042, antivir, avira, blockiert, bonjour, browser, combofix, desktop, device driver, dvdvideosoft ltd., failed, firefox, flash player, google, home, newtab, onedrive, popup, problem, proxy, realtek, scan, software, svchost.exe, system, trojaner, updates, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
