| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: irgendwas eingefangen??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.03.2015, 00:13
| #1 |
 |  irgendwas eingefangen?? hallo ihr, ich verzweifel grad. ich hab seit 2 tagen egal mit welchem Browser und egal auf welcher webseite massig kleine Popups die zum Teil aussehen wie winzige ICQ-Fenster welche von der Adresse mobalives.com kommen, und minispielewerbepopups welche von opresat.ru kommen. Außerdem hab ich regelmäßig große Popups auf eine Seite namens adultcameras.info. Hab nun sachon malwarebytes, adwcleaner und Microsoft safetyscanner drüberlaufen lassen, alles bisher ohne Erfolg. Was kann ich noch tun bevor ich durchdreh und das sytem neu aufsetze? Dank euch schonmal  |
|
10.03.2015, 06:12
| #2 |
| /// the machine /// TB-Ausbilder    | irgendwas eingefangen?? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
10.03.2015, 06:59
| #3 |
| | irgendwas eingefangen?? die FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2015 01
Ran by molchi (administrator) on MOLCHI-PC on 10-03-2015 06:54:02
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3838\Agent.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5566\Battle.net.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\...\MountPoints2: {8bc2db1a-ca89-11e3-ab8f-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={170A8DC2-4607-4B3D-9606-C4EDEC211CCF}&mid=1f0fb2f3fd3847d281c799127f52ef80-4d67a5cd415e1d767b70e17ec044e3280a45347b&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-28 23:32:15&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {844F9710-987C-4933-9B00-028A0D8F8C33} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={170A8DC2-4607-4B3D-9606-C4EDEC211CCF}&mid=1f0fb2f3fd3847d281c799127f52ef80-4d67a5cd415e1d767b70e17ec044e3280a45347b&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-28 23:32:15&v=4.0.6.10&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: [NameServer] 8.8.4.4,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [107520 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [265416 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-23] (Phoenix Technologies) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 06:49 - 2015-03-10 06:54 - 00011987 _____ () C:\Users\molchi\Desktop\FRST.txt
2015-03-10 06:48 - 2015-03-10 06:54 - 00000000 ____D () C:\FRST
2015-03-10 06:47 - 2015-03-10 06:47 - 01134592 _____ (Farbar) C:\Users\molchi\Desktop\FRST.exe
2015-03-10 00:00 - 2015-03-10 00:00 - 00008321 _____ () C:\Users\molchi\Desktop\hijackthis.log
2015-03-09 23:58 - 2015-03-09 23:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\molchi\Desktop\HiJackThis204.exe
2015-03-09 23:23 - 2015-03-09 23:28 - 00000760 _____ () C:\Users\molchi\Desktop\TP-LINK Modem Router Settings.txt
2015-03-09 23:07 - 2015-03-09 23:07 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-09 07:03 - 2015-03-09 07:03 - 00000830 _____ () C:\Windows\system32\.crusader
2015-03-09 06:48 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-09 06:47 - 2015-03-09 06:47 - 10085648 _____ (SurfRight B.V.) C:\Users\molchi\Downloads\HitmanPro.exe
2015-03-09 04:30 - 2015-03-09 04:45 - 132625648 _____ (Microsoft Corporation) C:\Users\molchi\Desktop\msert.exe
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 04:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 04:24 - 2015-03-09 04:24 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 04:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 04:11 - 2015-03-09 04:12 - 02126848 _____ () C:\Users\molchi\Desktop\adwcleaner_4.111.exe
2015-03-05 23:00 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 23:02 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 06:55 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-02-08 02:36 - 2015-02-08 02:36 - 00000000 ____D () C:\Users\molchi\AppData\Local\SimulationCraft
2015-02-08 02:34 - 2015-02-08 02:34 - 00000000 ____D () C:\Users\molchi\Desktop\Simulationcraft
2015-02-08 02:22 - 2015-02-08 02:24 - 27138434 _____ (Oleg N. Scherbakov) C:\Users\molchi\Desktop\simc-603-26-win32.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 06:53 - 2014-05-10 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-10 06:52 - 2014-04-23 17:24 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\TS3Client
2015-03-10 06:50 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Local\Battle.net
2015-03-10 05:56 - 2014-04-24 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 05:46 - 2009-07-14 05:39 - 00098533 _____ () C:\Windows\setupact.log
2015-03-10 03:11 - 2014-04-23 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-10 00:50 - 2014-04-23 07:20 - 01367825 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 00:11 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 00:11 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 00:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 00:03 - 2014-04-23 03:29 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-09 23:49 - 2015-01-28 23:31 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-09 23:49 - 2015-01-09 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-09 23:49 - 2015-01-04 18:24 - 00000000 ____D () C:\Users\molchi\Desktop\ReBot
2015-03-09 23:49 - 2014-07-25 02:02 - 00000000 ____D () C:\Program Files\Hearthstone
2015-03-09 23:49 - 2014-04-26 02:46 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\vlc
2015-03-09 23:49 - 2014-04-23 09:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 23:49 - 2014-04-23 07:18 - 00000000 ____D () C:\Users\molchi
2015-03-09 23:49 - 2014-04-23 02:08 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Battle.net
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Program Files\Battle.net
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-09 23:07 - 2014-04-23 02:28 - 00146152 _____ () C:\Windows\PFRO.log
2015-03-09 04:14 - 2014-04-25 23:03 - 00000000 ____D () C:\AdwCleaner
2015-03-01 07:25 - 2014-04-26 01:33 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Skype
2015-02-25 18:01 - 2015-01-09 05:53 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-13 22:47 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 03:24 - 2014-05-08 22:57 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\SimulationCraft
==================== Files in the root of some directories =======
2014-12-01 17:30 - 2014-12-01 17:30 - 0000032 _____ () C:\Users\molchi\AppData\Roaming\UserIdentity.dat
2014-07-06 04:04 - 2014-07-06 04:04 - 0007609 _____ () C:\Users\molchi\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\molchi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\molchi\AppData\Local\Temp\raptrpatch.exe
C:\Users\molchi\AppData\Local\Temp\raptr_stub.exe
C:\Users\molchi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\molchi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\molchi\AppData\Local\Temp\tmp1FEE.exe
C:\Users\molchi\AppData\Local\Temp\tmp2CBA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 19:03
==================== End Of Log ============================
Die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-03-2015 01
Ran by molchi at 2015-03-10 06:54:29
Running from C:\Users\molchi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\...\uTorrent) (Version: 1.8.0 - )
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Free Studio version 6.4.0.1111 (HKLM\...\Free Studio_is1) (Version: 6.4.0.1111 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
High-Definition Video Playback (Version: 11.1.10400.2.65 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.1.0 - LIGHTNING UK!)
IObit Apps Toolbar v9.0 (HKLM\...\{48C13178-64E2-4964-9927-B71A04074D08}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IsoBuster 2.1 (HKLM\...\IsoBuster_is1) (Version: 2.1 - Smart Projects)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Nero 11 (HKLM\...\{B7E01095-8BAA-456E-8AED-504C3CCADBA0}) (Version: 11.0.10700 - Nero AG)
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.10000.1.0 - Nero AG)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
Raptr (HKLM\...\Raptr) (Version: - )
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil (HKLM\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
welcome (Version: 11.0.21500.0.4 - Nero AG) Hidden
WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Winamp (nur entfernen) (HKLM\...\Winamp) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
22-02-2015 09:32:41 Scheduled Checkpoint
09-03-2015 07:01:29 Prüfpunkt von HitmanPro
09-03-2015 07:02:59 Prüfpunkt von HitmanPro
09-03-2015 23:45:28 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-05-05 04:58 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {86F535A8-E601-410D-8EB1-A4BEFB16BC1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AA5AF31E-2F4D-4135-B5A3-AD20C3166D5B} - System32\Tasks\Driver Booster SkipUAC (molchi) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {C8D94D33-4939-4C2B-B82D-C64C4F053130} - System32\Tasks\{74D8F492-4E46-4088-9E00-6EEC99CC63BE} => pcalua.exe -a C:\Users\molchi\Desktop\irfanview_plugins_437_setup.exe -d C:\Users\molchi\Desktop
Task: {E90D8732-0D7D-43DE-BF5F-E8E6F031B319} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-04 23:34 - 2015-03-04 23:34 - 00620056 _____ () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-28 23:31 - 2015-01-28 23:31 - 01663512 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5566\libcef.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5566\libGLESv2.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00908288 _____ () C:\Program Files\Battle.net\Battle.net.5566\platforms\qwindows.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5566\libEGL.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qgif.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qico.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qjpeg.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qmng.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qsvg.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5566\imageformats\qtiff.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5566\qml\QtQuick.2\qtquick2plugin.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5566\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-02-26 22:00 - 2015-02-26 22:00 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5566\qml\QtQml\Models.2\modelsplugin.dll
2015-02-05 01:57 - 2015-02-05 01:57 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
2014-04-23 04:22 - 2014-12-19 18:29 - 23950848 _____ () C:\Program Files\World of Warcraft\Utils\libcef.dll
2015-02-27 23:02 - 2015-02-27 23:02 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-27 23:02 - 2015-02-27 23:02 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-27 23:02 - 2015-02-27 23:02 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Classes\exefile: <===== ATTENTION!
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\molchi\AppData\Local\Microsoft\Windows\Themes\London Ar\DesktopBackground\16_imranmirza_trafalgarsquare.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk => C:\Windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Raptr => "C:\Program Files\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Web TuneUp\vprot.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\Winampa.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2469122478-4038941523-3492657438-500 - Administrator - Disabled)
Guest (S-1-5-21-2469122478-4038941523-3492657438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2469122478-4038941523-3492657438-1002 - Limited - Enabled)
molchi (S-1-5-21-2469122478-4038941523-3492657438-1001 - Administrator - Enabled) => C:\Users\molchi
==================== Faulty Device Manager Devices =============
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2015 00:04:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:51:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Scheduled Checkpoint). Zusätzliche Informationen: 0x80070005.
Error: (03/09/2015 11:50:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:32:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:18:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:07:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000398,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,021CF7A8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000310,(null),0,REG_BINARY,005AEF94.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {502f2072-6cee-4a1b-921e-d95f6566b4d5}
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b3c,(null),0,REG_BINARY,04F3EC9C.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {61440e46-38d0-4219-a7ed-efdcf3f7042e}
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000006b4,(null),0,REG_BINARY,00EDF0EC.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {eb525028-a747-45ac-b09d-4634edddae95}
System errors:
=============
Error: (03/10/2015 00:04:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/10/2015 00:04:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/10/2015 00:04:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/10/2015 00:04:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/09/2015 11:50:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/09/2015 11:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/09/2015 11:50:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/09/2015 11:50:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/09/2015 11:32:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/09/2015 11:32:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vToolbarUpdater18.4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (03/10/2015 00:04:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:51:17 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070005
Error: (03/09/2015 11:50:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:32:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:18:30 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 11:07:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000398,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,021CF7A8.64)0x80070005, Access is denied.
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000310,(null),0,REG_BINARY,005AEF94.64)0x80070005, Access is denied.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {502f2072-6cee-4a1b-921e-d95f6566b4d5}
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b3c,(null),0,REG_BINARY,04F3EC9C.64)0x80070005, Access is denied.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {61440e46-38d0-4219-a7ed-efdcf3f7042e}
Error: (03/09/2015 07:03:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000006b4,(null),0,REG_BINARY,00EDF0EC.64)0x80070005, Access is denied.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {eb525028-a747-45ac-b09d-4634edddae95}
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 440 Processor
Percentage of memory in use: 78%
Total physical RAM: 3199.18 MB
Available physical RAM: 694.62 MB
Total Pagefile: 6396.63 MB
Available Pagefile: 2271.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.26 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:822.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:232.88 GB) (Free:122.4 GB) NTFS
Drive f: (CD099A2) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:14.92 GB) (Free:3.21 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DA721178)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 4E754E74)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)
==================== End Of Log ============================
|
|
10.03.2015, 19:44
| #4 |
| /// the machine /// TB-Ausbilder | irgendwas eingefangen?? Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 22:46
| #5 |
| | irgendwas eingefangen?? Nun hab ich im Revo n kleines problem, er meldet mir beim uninstallversuch das die Funktion die ich verwenden möchte sich auf einer netzressource befindet, über abbrechen komm ich dann aber zur resteentfernung, und kann 135 Registryeinträge löschen, woraufhin im Uninstallfenster auch die Anwendung verschwindet mbar hat nichts gefunden, log hier: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.10.06
rootkit: v2015.02.25.01
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
molchi :: MOLCHI-PC [administrator]
10.03.2015 22:53:59
mbar-log-2015-03-10 (22-53-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320866
Time elapsed: 8 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 23:07:04.0837 0x14bc TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:07:10.0057 0x14bc ============================================================
23:07:10.0057 0x14bc Current date / time: 2015/03/10 23:07:10.0057
23:07:10.0057 0x14bc SystemInfo:
23:07:10.0057 0x14bc
23:07:10.0057 0x14bc OS Version: 6.1.7600 ServicePack: 0.0
23:07:10.0057 0x14bc Product type: Workstation
23:07:10.0057 0x14bc ComputerName: MOLCHI-PC
23:07:10.0057 0x14bc UserName: molchi
23:07:10.0057 0x14bc Windows directory: C:\Windows
23:07:10.0057 0x14bc System windows directory: C:\Windows
23:07:10.0057 0x14bc Processor architecture: Intel x86
23:07:10.0057 0x14bc Number of processors: 3
23:07:10.0057 0x14bc Page size: 0x1000
23:07:10.0057 0x14bc Boot type: Normal boot
23:07:10.0057 0x14bc ============================================================
23:07:11.0637 0x14bc KLMD registered as C:\Windows\system32\drivers\55317730.sys
23:07:12.0117 0x14bc System UUID: {E162F8DE-AFDE-83FB-273E-45BB4FA456ED}
23:07:13.0117 0x14bc Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:07:13.0117 0x14bc Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 ( 232.88 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:07:13.0127 0x14bc Drive \Device\Harddisk2\DR2 - Size: 0x3BC400000 ( 14.94 Gb ), SectorSize: 0x200, Cylinders: 0x79E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:07:13.0127 0x14bc ============================================================
23:07:13.0127 0x14bc \Device\Harddisk0\DR0:
23:07:13.0127 0x14bc MBR partitions:
23:07:13.0127 0x14bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:07:13.0127 0x14bc \Device\Harddisk1\DR1:
23:07:13.0127 0x14bc MBR partitions:
23:07:13.0127 0x14bc \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:07:13.0127 0x14bc \Device\Harddisk2\DR2:
23:07:13.0127 0x14bc MBR partitions:
23:07:13.0127 0x14bc \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x28B0, BlocksNum 0x1DDF750
23:07:13.0127 0x14bc ============================================================
23:07:13.0147 0x14bc C: <-> \Device\Harddisk0\DR0\Partition1
23:07:13.0167 0x14bc D: <-> \Device\Harddisk1\DR1\Partition1
23:07:13.0167 0x14bc ============================================================
23:07:13.0167 0x14bc Initialize success
23:07:13.0167 0x14bc ============================================================
23:07:56.0593 0x1180 ============================================================
23:07:56.0593 0x1180 Scan started
23:07:56.0593 0x1180 Mode: Manual; SigCheck; TDLFS;
23:07:56.0593 0x1180 ============================================================
23:07:56.0593 0x1180 KSN ping started
23:07:59.0579 0x1180 KSN ping finished: true
23:08:00.0440 0x1180 ================ Scan system memory ========================
23:08:00.0440 0x1180 System memory - ok
23:08:00.0441 0x1180 ================ Scan services =============================
23:08:00.0579 0x1180 [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:08:00.0696 0x1180 1394ohci - ok
23:08:00.0719 0x1180 [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:08:00.0736 0x1180 ACPI - ok
23:08:00.0747 0x1180 [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:08:00.0810 0x1180 AcpiPmi - ok
23:08:00.0895 0x1180 [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
23:08:00.0921 0x1180 Adobe Version Cue CS3 - ok
23:08:00.0959 0x1180 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:08:00.0976 0x1180 AdobeARMservice - ok
23:08:01.0020 0x1180 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:08:01.0062 0x1180 AdobeFlashPlayerUpdateSvc - ok
23:08:01.0102 0x1180 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:08:01.0129 0x1180 adp94xx - ok
23:08:01.0148 0x1180 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:08:01.0181 0x1180 adpahci - ok
23:08:01.0208 0x1180 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:08:01.0243 0x1180 adpu320 - ok
23:08:01.0276 0x1180 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:08:01.0331 0x1180 AeLookupSvc - ok
23:08:01.0363 0x1180 [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD C:\Windows\system32\drivers\afd.sys
23:08:01.0413 0x1180 AFD - ok
23:08:01.0427 0x1180 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:08:01.0437 0x1180 agp440 - ok
23:08:01.0450 0x1180 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:08:01.0461 0x1180 aic78xx - ok
23:08:01.0483 0x1180 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
23:08:01.0523 0x1180 ALG - ok
23:08:01.0535 0x1180 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:08:01.0544 0x1180 aliide - ok
23:08:01.0565 0x1180 [ 64710E6C92C0D3893EDBDA84FBCD3188, 06FF1242CECA94260E66C00EAFEE6AC338DD500EB35A3F46F7473AEA546922DE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:08:01.0602 0x1180 AMD External Events Utility - ok
23:08:01.0647 0x1180 AMD FUEL Service - ok
23:08:01.0680 0x1180 [ 20D6B7633C7DE405B447C0B4146E3FB5, A7369C1D97D137DDA324906E4C03234DA501020C94282877C75501C8C072EE5E ] amdacpksd C:\Windows\system32\drivers\amdacpksd.sys
23:08:01.0711 0x1180 amdacpksd - ok
23:08:01.0792 0x1180 [ 47F2176A5C717B6CFC8DBB29E3022C69, 51ABD9D3A7BC7B46340D79680E870C38B48873BD0800F0BF624A9EF57902DB0E ] amdacpusrsvc C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
23:08:01.0825 0x1180 amdacpusrsvc - detected UnsignedFile.Multi.Generic ( 1 )
23:08:04.0875 0x1180 Detect skipped due to KSN trusted
23:08:04.0875 0x1180 amdacpusrsvc - ok
23:08:04.0897 0x1180 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:08:04.0930 0x1180 amdagp - ok
23:08:04.0946 0x1180 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:08:04.0958 0x1180 amdide - ok
23:08:04.0978 0x1180 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:08:05.0008 0x1180 AmdK8 - ok
23:08:05.0442 0x1180 [ 83240DBD6E44CC207B95D1EBB085E3A7, DD29B4F21D22D5DD7DC6F965EEADB40B958934301C74178AC3B0CB2AA59D3808 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:05.0875 0x1180 amdkmdag - ok
23:08:05.0933 0x1180 [ B6DB3BDF2CF56C60ED497104653B8A5C, 8C48866134828336EE287802B1AE6D419D97D15D71CAD12911255EF5CEFFB5A7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:08:05.0979 0x1180 amdkmdap - ok
23:08:05.0993 0x1180 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:08:06.0014 0x1180 AmdPPM - ok
23:08:06.0034 0x1180 [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:08:06.0066 0x1180 amdsata - ok
23:08:06.0093 0x1180 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:08:06.0106 0x1180 amdsbs - ok
23:08:06.0114 0x1180 [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:08:06.0124 0x1180 amdxata - ok
23:08:06.0152 0x1180 AODDriver4.2.0 - ok
23:08:06.0172 0x1180 [ 6E8510A72549883DA01882DB6A096538, C53590E5CBDEB073470CA2DD91696AD0851F023324CD06BF68533AFC331D9283 ] AODDriver4.3 C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys
23:08:06.0195 0x1180 AODDriver4.3 - ok
23:08:06.0214 0x1180 [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
23:08:06.0252 0x1180 AppID - ok
23:08:06.0276 0x1180 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:08:06.0352 0x1180 AppIDSvc - ok
23:08:06.0359 0x1180 [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
23:08:06.0394 0x1180 Appinfo - ok
23:08:06.0412 0x1180 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:08:06.0438 0x1180 AppMgmt - ok
23:08:06.0447 0x1180 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:08:06.0458 0x1180 arc - ok
23:08:06.0470 0x1180 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:08:06.0481 0x1180 arcsas - ok
23:08:06.0566 0x1180 [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:08:06.0609 0x1180 aspnet_state - ok
23:08:06.0623 0x1180 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:06.0657 0x1180 AsyncMac - ok
23:08:06.0677 0x1180 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:08:06.0686 0x1180 atapi - ok
23:08:06.0716 0x1180 [ 04F1A13265313C0E0A4F9D8C2CDC0F76, 8EB81405CFFAD619CAD6FDD8F62AF66AA1741A4EA38D6C4DF9A3151E8C35AFF7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
23:08:06.0752 0x1180 AtiHDAudioService - ok
23:08:06.0772 0x1180 [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:06.0821 0x1180 AudioEndpointBuilder - ok
23:08:06.0847 0x1180 [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:08:06.0899 0x1180 Audiosrv - ok
23:08:06.0928 0x1180 [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
23:08:06.0939 0x1180 Avgdiskx - ok
23:08:07.0114 0x1180 [ E077D9DBE0B2B05D4E83C33F0B6008B5, 8CFCF58A9355678C59FDEA508274666F52BC3D975DD0E76DE6A02B5B1723DC7E ] AVGIDSAgent C:\Program Files\AVG\AVG2015\avgidsagent.exe
23:08:07.0214 0x1180 AVGIDSAgent - ok
23:08:07.0249 0x1180 [ D4899370855466D65A5565544BB3BC05, C382E995B01DD8BC83D4F3A46C68D117E2CA83FB21E1076762C21EF9C56BD54A ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
23:08:07.0265 0x1180 AVGIDSDriver - ok
23:08:07.0280 0x1180 [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
23:08:07.0292 0x1180 AVGIDSHX - ok
23:08:07.0315 0x1180 [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
23:08:07.0324 0x1180 AVGIDSShim - ok
23:08:07.0345 0x1180 [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
23:08:07.0358 0x1180 Avgldx86 - ok
23:08:07.0379 0x1180 [ B97A84EE582A0241E6E08AD07DFE2F74, C3362B9261B4DA099AFC544A2C7F2B3659AE0BDA5DC9DCBD5E383464F9F56A4D ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
23:08:07.0396 0x1180 Avglogx - ok
23:08:07.0412 0x1180 [ 6767ED65A45A1BB8A413C3C65441F1D8, 0DF45133B42D2ECD9C4D3921099258861CA10C3B92D31E0B7BEE2FF90A171D3D ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
23:08:07.0443 0x1180 Avgmfx86 - ok
23:08:07.0469 0x1180 [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
23:08:07.0478 0x1180 Avgrkx86 - ok
23:08:07.0486 0x1180 [ 6BF507CCF2F30A68C36E028A15450D87, 1AAA78520219E3936971C45774CE261A5C4B20CF6CFE60CE8140074612D78D69 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
23:08:07.0518 0x1180 Avgtdix - ok
23:08:07.0559 0x1180 [ 8BF64DFDA90D32F485381F9AE41016E4, 36E92DDCCA0AE4A1A5476BC2E13B36C66B0794221FD621F13CB95C1E9F8513AD ] avgwd C:\Program Files\AVG\AVG2015\avgwdsvc.exe
23:08:07.0576 0x1180 avgwd - ok
23:08:07.0600 0x1180 [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:08:07.0648 0x1180 AxInstSV - ok
23:08:07.0674 0x1180 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:08:07.0737 0x1180 b06bdrv - ok
23:08:07.0783 0x1180 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:08:07.0833 0x1180 b57nd60x - ok
23:08:07.0859 0x1180 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
23:08:07.0894 0x1180 BDESVC - ok
23:08:07.0909 0x1180 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
23:08:07.0951 0x1180 Beep - ok
23:08:07.0985 0x1180 [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
23:08:08.0037 0x1180 BFE - ok
23:08:08.0078 0x1180 [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\System32\qmgr.dll
23:08:08.0131 0x1180 BITS - ok
23:08:08.0148 0x1180 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:08.0160 0x1180 blbdrive - ok
23:08:08.0189 0x1180 [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:08.0237 0x1180 Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )
23:08:11.0226 0x1180 Detect skipped due to KSN trusted
23:08:11.0226 0x1180 Bonjour Service - ok
23:08:11.0255 0x1180 [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:08:11.0314 0x1180 bowser - ok
23:08:11.0338 0x1180 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:08:11.0366 0x1180 BrFiltLo - ok
23:08:11.0384 0x1180 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:08:11.0411 0x1180 BrFiltUp - ok
23:08:11.0436 0x1180 [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser C:\Windows\System32\browser.dll
23:08:11.0478 0x1180 Browser - ok
23:08:11.0503 0x1180 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:08:11.0556 0x1180 Brserid - ok
23:08:11.0574 0x1180 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:11.0613 0x1180 BrSerWdm - ok
23:08:11.0628 0x1180 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:11.0654 0x1180 BrUsbMdm - ok
23:08:11.0668 0x1180 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:11.0696 0x1180 BrUsbSer - ok
23:08:11.0778 0x1180 [ 6670404CB9374C77F737840E1F284964, 6C6E6704D86A49A13333ACA5E278A8C61C75B8844760EDDB7699EA5A51F5F36A ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
23:08:11.0819 0x1180 BstHdAndroidSvc - ok
23:08:11.0858 0x1180 [ 3441277BC30E3526BA02FFA8C932D877, 1F49C6E329F37779A41C32632D91CEDB66F65830B35175CABE2040D7AD62E4EB ] BstHdDrv C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
23:08:11.0869 0x1180 BstHdDrv - ok
23:08:11.0886 0x1180 [ 6F283166909004EF930CCEA18C74C2EF, 5C966BCA2F44F5CFC7BA61E0644E9CB5377CF0EF908E3A4E4F51F2434DCCA517 ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
23:08:11.0902 0x1180 BstHdLogRotatorSvc - ok
23:08:11.0932 0x1180 [ 3A8A1A2AE57F4FB1E6E53B09F9F57540, F29C75F92FB5757EB4430130F8FC9CA1D5AE149E2281B2F508C01732D1DB5BCB ] BstHdUpdaterSvc C:\Program Files\BlueStacks\HD-UpdaterService.exe
23:08:11.0957 0x1180 BstHdUpdaterSvc - ok
23:08:11.0972 0x1180 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:08:11.0986 0x1180 BTHMODEM - ok
23:08:12.0014 0x1180 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
23:08:12.0110 0x1180 bthserv - ok
23:08:12.0128 0x1180 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:08:12.0166 0x1180 cdfs - ok
23:08:12.0191 0x1180 [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:08:12.0236 0x1180 cdrom - ok
23:08:12.0256 0x1180 [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
23:08:12.0291 0x1180 CertPropSvc - ok
23:08:12.0308 0x1180 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:08:12.0321 0x1180 circlass - ok
23:08:12.0339 0x1180 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
23:08:12.0355 0x1180 CLFS - ok
23:08:12.0414 0x1180 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:12.0448 0x1180 clr_optimization_v2.0.50727_32 - ok
23:08:12.0477 0x1180 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:12.0498 0x1180 clr_optimization_v4.0.30319_32 - ok
23:08:12.0511 0x1180 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:12.0537 0x1180 CmBatt - ok
23:08:12.0542 0x1180 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:08:12.0551 0x1180 cmdide - ok
23:08:12.0577 0x1180 [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG C:\Windows\system32\Drivers\cng.sys
23:08:12.0600 0x1180 CNG - ok
23:08:12.0605 0x1180 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:08:12.0615 0x1180 Compbatt - ok
23:08:12.0622 0x1180 [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:12.0643 0x1180 CompositeBus - ok
23:08:12.0647 0x1180 COMSysApp - ok
23:08:12.0664 0x1180 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:08:12.0673 0x1180 crcdisk - ok
23:08:12.0706 0x1180 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:08:12.0744 0x1180 CryptSvc - ok
23:08:12.0778 0x1180 [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC C:\Windows\system32\drivers\csc.sys
23:08:12.0811 0x1180 CSC - ok
23:08:12.0839 0x1180 [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService C:\Windows\System32\cscsvc.dll
23:08:12.0878 0x1180 CscService - ok
23:08:12.0914 0x1180 [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
23:08:12.0954 0x1180 DcomLaunch - ok
23:08:12.0976 0x1180 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
23:08:13.0035 0x1180 defragsvc - ok
23:08:13.0051 0x1180 [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:08:13.0088 0x1180 DfsC - ok
23:08:13.0116 0x1180 [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:08:13.0164 0x1180 Dhcp - ok
23:08:13.0182 0x1180 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
23:08:13.0204 0x1180 discache - ok
23:08:13.0231 0x1180 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:08:13.0242 0x1180 Disk - ok
23:08:13.0256 0x1180 [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:08:13.0294 0x1180 Dnscache - ok
23:08:13.0312 0x1180 [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
23:08:13.0349 0x1180 dot3svc - ok
23:08:13.0383 0x1180 [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
23:08:13.0409 0x1180 DPS - ok
23:08:13.0433 0x1180 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:08:13.0457 0x1180 drmkaud - ok
23:08:13.0498 0x1180 [ 651554E483712B708EDE864D0CA1AA73, A016C03D630A2FF7FC44B826DEA890F5AC09DD270588CEAD05F63A5A0AC79249 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
23:08:13.0511 0x1180 DrvAgent32 - detected UnsignedFile.Multi.Generic ( 1 )
23:08:16.0437 0x1180 Detect skipped due to KSN trusted
23:08:16.0438 0x1180 DrvAgent32 - ok
23:08:16.0510 0x1180 [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:08:16.0543 0x1180 DXGKrnl - ok
23:08:16.0559 0x1180 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
23:08:16.0635 0x1180 EapHost - ok
23:08:16.0735 0x1180 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:08:16.0840 0x1180 ebdrv - ok
23:08:16.0865 0x1180 [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS C:\Windows\System32\lsass.exe
23:08:16.0887 0x1180 EFS - ok
23:08:16.0961 0x1180 [ 3A74A6E33685662B125A3269B1F2114F, 183E180E4B35E549B5D7363D926E17226FF70CFDE7328F7B0B3676B9A27E2569 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:08:17.0011 0x1180 ehRecvr - ok
23:08:17.0022 0x1180 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
23:08:17.0046 0x1180 ehSched - ok
23:08:17.0070 0x1180 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:08:17.0091 0x1180 elxstor - ok
23:08:17.0101 0x1180 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:08:17.0122 0x1180 ErrDev - ok
23:08:17.0159 0x1180 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
23:08:17.0202 0x1180 EventSystem - ok
23:08:17.0226 0x1180 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
23:08:17.0262 0x1180 exfat - ok
23:08:17.0286 0x1180 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:08:17.0325 0x1180 fastfat - ok
23:08:17.0356 0x1180 [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
23:08:17.0407 0x1180 Fax - ok
23:08:17.0419 0x1180 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:08:17.0445 0x1180 fdc - ok
23:08:17.0461 0x1180 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
23:08:17.0482 0x1180 fdPHost - ok
23:08:17.0489 0x1180 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
23:08:17.0511 0x1180 FDResPub - ok
23:08:17.0524 0x1180 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:08:17.0535 0x1180 FileInfo - ok
23:08:17.0545 0x1180 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:08:17.0578 0x1180 Filetrace - ok
23:08:17.0624 0x1180 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:08:17.0650 0x1180 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
23:08:27.0706 0x1180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:08:30.0619 0x1180 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:30.0666 0x1180 flpydisk - ok
23:08:30.0709 0x1180 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:08:30.0730 0x1180 FltMgr - ok
23:08:30.0764 0x1180 [ 151258FC2EC8C48BDF8A53350AE0A676, 21F808E29E06AF03E1E55498C7975830157021BE9648117B27F4D21BBD07E9DB ] FontCache C:\Windows\system32\FntCache.dll
23:08:30.0821 0x1180 FontCache - ok
23:08:30.0861 0x1180 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:30.0870 0x1180 FontCache3.0.0.0 - ok
23:08:30.0886 0x1180 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:08:30.0896 0x1180 FsDepends - ok
23:08:30.0915 0x1180 [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:08:30.0943 0x1180 Fs_Rec - ok
23:08:30.0967 0x1180 [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:08:30.0984 0x1180 fvevol - ok
23:08:31.0004 0x1180 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:08:31.0015 0x1180 gagp30kx - ok
23:08:31.0049 0x1180 [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
23:08:31.0091 0x1180 gpsvc - ok
23:08:31.0106 0x1180 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:08:31.0139 0x1180 hcw85cir - ok
23:08:31.0174 0x1180 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:31.0194 0x1180 HdAudAddService - ok
23:08:31.0215 0x1180 [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:31.0240 0x1180 HDAudBus - ok
23:08:31.0245 0x1180 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:08:31.0262 0x1180 HidBatt - ok
23:08:31.0281 0x1180 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:08:31.0310 0x1180 HidBth - ok
23:08:31.0315 0x1180 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:08:31.0332 0x1180 HidIr - ok
23:08:31.0346 0x1180 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
23:08:31.0369 0x1180 hidserv - ok
23:08:31.0389 0x1180 [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:08:31.0414 0x1180 HidUsb - ok
23:08:31.0460 0x1180 [ 6DDF381740D33DCF8EF0A62029EBDCFA, CA44C880951D629CB0A648D67925FF8EC51889055D3776FC7D4C0D64404607FB ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
23:08:31.0469 0x1180 hitmanpro37 - ok
23:08:31.0485 0x1180 [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:08:31.0519 0x1180 hkmsvc - ok
23:08:31.0538 0x1180 [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:31.0575 0x1180 HomeGroupListener - ok
23:08:31.0589 0x1180 [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:31.0618 0x1180 HomeGroupProvider - ok
23:08:31.0645 0x1180 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:08:31.0655 0x1180 HpSAMD - ok
23:08:31.0684 0x1180 [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:08:31.0731 0x1180 HTTP - ok
23:08:31.0752 0x1180 [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:08:31.0761 0x1180 hwpolicy - ok
23:08:31.0769 0x1180 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:31.0790 0x1180 i8042prt - ok
23:08:31.0823 0x1180 [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:08:31.0840 0x1180 iaStorV - ok
23:08:31.0885 0x1180 [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:31.0942 0x1180 idsvc - ok
23:08:31.0965 0x1180 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:08:31.0975 0x1180 iirsp - ok
23:08:32.0002 0x1180 [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
23:08:32.0054 0x1180 IKEEXT - ok
23:08:32.0070 0x1180 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:08:32.0080 0x1180 intelide - ok
23:08:32.0089 0x1180 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:08:32.0102 0x1180 intelppm - ok
23:08:32.0111 0x1180 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:08:32.0143 0x1180 IPBusEnum - ok
23:08:32.0163 0x1180 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:32.0185 0x1180 IpFilterDriver - ok
23:08:32.0203 0x1180 [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:08:32.0248 0x1180 iphlpsvc - ok
23:08:32.0265 0x1180 [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:08:32.0288 0x1180 IPMIDRV - ok
23:08:32.0303 0x1180 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:08:32.0326 0x1180 IPNAT - ok
23:08:32.0331 0x1180 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:08:32.0344 0x1180 IRENUM - ok
23:08:32.0349 0x1180 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:08:32.0359 0x1180 isapnp - ok
23:08:32.0374 0x1180 [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:32.0387 0x1180 iScsiPrt - ok
23:08:32.0401 0x1180 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:32.0411 0x1180 kbdclass - ok
23:08:32.0429 0x1180 [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:32.0450 0x1180 kbdhid - ok
23:08:32.0464 0x1180 [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso C:\Windows\system32\lsass.exe
23:08:32.0477 0x1180 KeyIso - ok
23:08:32.0498 0x1180 [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:08:32.0509 0x1180 KSecDD - ok
23:08:32.0525 0x1180 [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:08:32.0537 0x1180 KSecPkg - ok
23:08:32.0568 0x1180 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:08:32.0610 0x1180 KtmRm - ok
23:08:32.0639 0x1180 [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer C:\Windows\system32\srvsvc.dll
23:08:32.0678 0x1180 LanmanServer - ok
23:08:32.0701 0x1180 [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:08:32.0726 0x1180 LanmanWorkstation - ok
23:08:32.0747 0x1180 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:08:32.0782 0x1180 lltdio - ok
23:08:32.0800 0x1180 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:08:32.0828 0x1180 lltdsvc - ok
23:08:32.0845 0x1180 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:08:32.0885 0x1180 lmhosts - ok
23:08:32.0908 0x1180 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:32.0919 0x1180 LSI_FC - ok
23:08:32.0928 0x1180 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:32.0939 0x1180 LSI_SAS - ok
23:08:32.0955 0x1180 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:32.0965 0x1180 LSI_SAS2 - ok
23:08:32.0981 0x1180 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:32.0992 0x1180 LSI_SCSI - ok
23:08:33.0004 0x1180 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
23:08:33.0028 0x1180 luafv - ok
23:08:33.0054 0x1180 [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:08:33.0067 0x1180 Mcx2Svc - ok
23:08:33.0082 0x1180 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:08:33.0092 0x1180 megasas - ok
23:08:33.0107 0x1180 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:33.0122 0x1180 MegaSR - ok
23:08:33.0131 0x1180 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
23:08:33.0165 0x1180 MMCSS - ok
23:08:33.0181 0x1180 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
23:08:33.0211 0x1180 Modem - ok
23:08:33.0238 0x1180 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:08:33.0261 0x1180 monitor - ok
23:08:33.0276 0x1180 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:08:33.0307 0x1180 mouclass - ok
23:08:33.0329 0x1180 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:08:33.0340 0x1180 mouhid - ok
23:08:33.0363 0x1180 [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:08:33.0374 0x1180 mountmgr - ok
23:08:33.0412 0x1180 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:08:33.0425 0x1180 MozillaMaintenance - ok
23:08:33.0438 0x1180 [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:08:33.0450 0x1180 mpio - ok
23:08:33.0474 0x1180 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:08:33.0516 0x1180 mpsdrv - ok
23:08:33.0548 0x1180 [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:08:33.0589 0x1180 MpsSvc - ok
23:08:33.0598 0x1180 [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:08:33.0624 0x1180 MRxDAV - ok
23:08:33.0652 0x1180 [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:33.0671 0x1180 mrxsmb - ok
23:08:33.0686 0x1180 [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:33.0713 0x1180 mrxsmb10 - ok
23:08:33.0736 0x1180 [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:33.0748 0x1180 mrxsmb20 - ok
23:08:33.0757 0x1180 [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:08:33.0767 0x1180 msahci - ok
23:08:33.0777 0x1180 [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:08:33.0788 0x1180 msdsm - ok
23:08:33.0803 0x1180 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
23:08:33.0829 0x1180 MSDTC - ok
23:08:33.0851 0x1180 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:08:33.0901 0x1180 Msfs - ok
23:08:33.0916 0x1180 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:08:33.0937 0x1180 mshidkmdf - ok
23:08:33.0947 0x1180 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:08:33.0956 0x1180 msisadrv - ok
23:08:33.0971 0x1180 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:08:34.0006 0x1180 MSiSCSI - ok
23:08:34.0010 0x1180 msiserver - ok
23:08:34.0027 0x1180 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:08:34.0059 0x1180 MSKSSRV - ok
23:08:34.0078 0x1180 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:34.0109 0x1180 MSPCLOCK - ok
23:08:34.0113 0x1180 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:08:34.0140 0x1180 MSPQM - ok
23:08:34.0161 0x1180 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:08:34.0174 0x1180 MsRPC - ok
23:08:34.0187 0x1180 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:34.0197 0x1180 mssmbios - ok
23:08:34.0207 0x1180 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:08:34.0228 0x1180 MSTEE - ok
23:08:34.0232 0x1180 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:34.0244 0x1180 MTConfig - ok
23:08:34.0261 0x1180 [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
23:08:34.0298 0x1180 MTsensor - ok
23:08:34.0310 0x1180 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
23:08:34.0321 0x1180 Mup - ok
23:08:34.0346 0x1180 [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
23:08:34.0386 0x1180 napagent - ok
23:08:34.0416 0x1180 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:08:34.0447 0x1180 NativeWifiP - ok
23:08:34.0546 0x1180 [ 1BBBF640BC0E0B750537BAECE8D66C18, 621C1130B0C48AA900D78097E1685507A614AA9953644972C572DE267B2A6348 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
23:08:34.0575 0x1180 NAUpdate - ok
23:08:34.0584 0x1180 [ E240F3204E86B7B6CCF266B2A2AD32B4, 38DEDD8E25E582455435C0BA3A554D7F05FFB02FD25D933EB8D3B40CFC942FDC ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
23:08:34.0593 0x1180 NBVol - ok
23:08:34.0612 0x1180 [ C0CF3CCCCE3C75F7280C89029AB47866, 5AC7D6332AD30B489D4AE1E2945B968D445F1AA44A985B5D9395652E7D993857 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
23:08:34.0620 0x1180 NBVolUp - ok
23:08:34.0644 0x1180 [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:08:34.0681 0x1180 NDIS - ok
23:08:34.0695 0x1180 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:34.0728 0x1180 NdisCap - ok
23:08:34.0740 0x1180 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:34.0796 0x1180 NdisTapi - ok
23:08:34.0813 0x1180 [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:34.0845 0x1180 Ndisuio - ok
23:08:34.0859 0x1180 [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:34.0892 0x1180 NdisWan - ok
23:08:34.0904 0x1180 [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:08:34.0927 0x1180 NDProxy - ok
23:08:34.0939 0x1180 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:08:34.0972 0x1180 NetBIOS - ok
23:08:34.0994 0x1180 [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:08:35.0020 0x1180 NetBT - ok
23:08:35.0039 0x1180 [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon C:\Windows\system32\lsass.exe
23:08:35.0067 0x1180 Netlogon - ok
23:08:35.0105 0x1180 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
23:08:35.0143 0x1180 Netman - ok
23:08:35.0172 0x1180 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0187 0x1180 NetMsmqActivator - ok
23:08:35.0197 0x1180 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0230 0x1180 NetPipeActivator - ok
23:08:35.0260 0x1180 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
23:08:35.0303 0x1180 netprofm - ok
23:08:35.0310 0x1180 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0324 0x1180 NetTcpActivator - ok
23:08:35.0330 0x1180 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:35.0343 0x1180 NetTcpPortSharing - ok
23:08:35.0367 0x1180 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:35.0377 0x1180 nfrd960 - ok
23:08:35.0395 0x1180 [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:08:35.0424 0x1180 NlaSvc - ok
23:08:35.0434 0x1180 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:08:35.0456 0x1180 Npfs - ok
23:08:35.0468 0x1180 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
23:08:35.0490 0x1180 nsi - ok
23:08:35.0495 0x1180 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:08:35.0527 0x1180 nsiproxy - ok
23:08:35.0579 0x1180 [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:08:35.0627 0x1180 Ntfs - ok
23:08:35.0641 0x1180 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
23:08:35.0676 0x1180 Null - ok
23:08:35.0704 0x1180 [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:08:35.0716 0x1180 nvraid - ok
23:08:35.0727 0x1180 [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:08:35.0740 0x1180 nvstor - ok
23:08:35.0754 0x1180 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:08:35.0784 0x1180 nv_agp - ok
23:08:35.0806 0x1180 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:08:35.0827 0x1180 ohci1394 - ok
23:08:35.0870 0x1180 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:35.0895 0x1180 ose - ok
23:08:35.0930 0x1180 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:08:35.0963 0x1180 p2pimsvc - ok
23:08:35.0982 0x1180 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
23:08:36.0012 0x1180 p2psvc - ok
23:08:36.0028 0x1180 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:08:36.0056 0x1180 Parport - ok
23:08:36.0083 0x1180 [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:08:36.0093 0x1180 partmgr - ok
23:08:36.0102 0x1180 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:08:36.0112 0x1180 Parvdm - ok
23:08:36.0129 0x1180 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:08:36.0158 0x1180 PcaSvc - ok
23:08:36.0178 0x1180 [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
23:08:36.0191 0x1180 pci - ok
23:08:36.0198 0x1180 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:08:36.0207 0x1180 pciide - ok
23:08:36.0223 0x1180 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:08:36.0237 0x1180 pcmcia - ok
23:08:36.0250 0x1180 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
23:08:36.0260 0x1180 pcw - ok
23:08:36.0285 0x1180 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:08:36.0341 0x1180 PEAUTH - ok
23:08:36.0384 0x1180 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:08:36.0448 0x1180 PeerDistSvc - ok
23:08:36.0506 0x1180 [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
23:08:36.0613 0x1180 pla - ok
23:08:36.0647 0x1180 [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:08:36.0677 0x1180 PlugPlay - ok
23:08:36.0689 0x1180 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:08:36.0715 0x1180 PNRPAutoReg - ok
23:08:36.0747 0x1180 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:08:36.0781 0x1180 PNRPsvc - ok
23:08:36.0813 0x1180 [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:08:36.0860 0x1180 PolicyAgent - ok
23:08:36.0894 0x1180 [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
23:08:36.0920 0x1180 Power - ok
23:08:36.0941 0x1180 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:08:36.0963 0x1180 PptpMiniport - ok
23:08:36.0976 0x1180 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:08:36.0988 0x1180 Processor - ok
23:08:37.0011 0x1180 [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc C:\Windows\system32\profsvc.dll
23:08:37.0032 0x1180 ProfSvc - ok
23:08:37.0047 0x1180 [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:08:37.0058 0x1180 ProtectedStorage - ok
23:08:37.0071 0x1180 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:08:37.0094 0x1180 Psched - ok
23:08:37.0122 0x1180 [ 40FEDD328F98245AD201CF5F9F311724, CE1582652B6A7CACE46D8B492CAA8E51EA46C3890EF640E8C5E1E053731A4D74 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:08:37.0131 0x1180 PxHelp20 - ok
23:08:37.0175 0x1180 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:08:37.0246 0x1180 ql2300 - ok
23:08:37.0273 0x1180 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:08:37.0285 0x1180 ql40xx - ok
23:08:37.0301 0x1180 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
23:08:37.0333 0x1180 QWAVE - ok
23:08:37.0346 0x1180 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:08:37.0359 0x1180 QWAVEdrv - ok
23:08:37.0372 0x1180 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:08:37.0393 0x1180 RasAcd - ok
23:08:37.0398 0x1180 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:37.0419 0x1180 RasAgileVpn - ok
23:08:37.0434 0x1180 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
23:08:37.0469 0x1180 RasAuto - ok
23:08:37.0487 0x1180 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:37.0523 0x1180 Rasl2tp - ok
23:08:37.0541 0x1180 [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
23:08:37.0581 0x1180 RasMan - ok
23:08:37.0599 0x1180 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:37.0636 0x1180 RasPppoe - ok
23:08:37.0641 0x1180 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:08:37.0664 0x1180 RasSstp - ok
23:08:37.0681 0x1180 [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:08:37.0709 0x1180 rdbss - ok
23:08:37.0732 0x1180 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:37.0745 0x1180 rdpbus - ok
23:08:37.0764 0x1180 [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:37.0794 0x1180 RDPCDD - ok
23:08:37.0862 0x1180 [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:08:37.0912 0x1180 RDPDR - ok
23:08:37.0929 0x1180 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:08:37.0950 0x1180 RDPENCDD - ok
23:08:37.0965 0x1180 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:08:37.0996 0x1180 RDPREFMP - ok
23:08:38.0015 0x1180 [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:08:38.0040 0x1180 RDPWD - ok
23:08:38.0053 0x1180 [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:08:38.0067 0x1180 rdyboost - ok
23:08:38.0089 0x1180 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:08:38.0114 0x1180 RemoteAccess - ok
23:08:38.0129 0x1180 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:08:38.0170 0x1180 RemoteRegistry - ok
23:08:38.0193 0x1180 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:08:38.0227 0x1180 RpcEptMapper - ok
23:08:38.0240 0x1180 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
23:08:38.0263 0x1180 RpcLocator - ok
23:08:38.0287 0x1180 [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\system32\rpcss.dll
23:08:38.0338 0x1180 RpcSs - ok
23:08:38.0361 0x1180 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:08:38.0395 0x1180 rspndr - ok
23:08:38.0431 0x1180 [ 99D0440E4CABCD9172CD2D79B9C1B348, 2775F108222C927341614918080C4B37236D5F792B54D6A6C5F58C5927336C28 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:08:38.0457 0x1180 RTL8167 - ok
23:08:38.0477 0x1180 [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:08:38.0512 0x1180 s3cap - ok
23:08:38.0530 0x1180 [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs C:\Windows\system32\lsass.exe
23:08:38.0545 0x1180 SamSs - ok
23:08:38.0554 0x1180 sbapifs - ok
23:08:38.0574 0x1180 [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:08:38.0585 0x1180 sbp2port - ok
23:08:38.0599 0x1180 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:08:38.0640 0x1180 SCardSvr - ok
23:08:38.0645 0x1180 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:08:38.0679 0x1180 scfilter - ok
23:08:38.0722 0x1180 [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule C:\Windows\system32\schedsvc.dll
23:08:38.0770 0x1180 Schedule - ok
23:08:38.0789 0x1180 [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:08:38.0828 0x1180 SCPolicySvc - ok
23:08:38.0854 0x1180 [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:08:38.0873 0x1180 SDRSVC - ok
23:08:38.0883 0x1180 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:08:38.0913 0x1180 secdrv - ok
23:08:38.0938 0x1180 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
23:08:38.0970 0x1180 seclogon - ok
23:08:38.0985 0x1180 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
23:08:39.0024 0x1180 SENS - ok
23:08:39.0047 0x1180 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:08:39.0080 0x1180 SensrSvc - ok
23:08:39.0101 0x1180 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:08:39.0113 0x1180 Serenum - ok
23:08:39.0121 0x1180 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:08:39.0149 0x1180 Serial - ok
23:08:39.0154 0x1180 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:08:39.0165 0x1180 sermouse - ok
23:08:39.0189 0x1180 [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
23:08:39.0213 0x1180 SessionEnv - ok
23:08:39.0233 0x1180 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:08:39.0267 0x1180 sffdisk - ok
23:08:39.0279 0x1180 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:08:39.0304 0x1180 sffp_mmc - ok
23:08:39.0324 0x1180 [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:08:39.0337 0x1180 sffp_sd - ok
23:08:39.0351 0x1180 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:08:39.0391 0x1180 sfloppy - ok
23:08:39.0423 0x1180 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:08:39.0460 0x1180 SharedAccess - ok
23:08:39.0474 0x1180 [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:08:39.0498 0x1180 ShellHWDetection - ok
23:08:39.0509 0x1180 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:08:39.0519 0x1180 sisagp - ok
23:08:39.0535 0x1180 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:08:39.0545 0x1180 SiSRaid2 - ok
23:08:39.0562 0x1180 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:08:39.0573 0x1180 SiSRaid4 - ok
23:08:39.0587 0x1180 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:08:39.0611 0x1180 Smb - ok
23:08:39.0619 0x1180 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:08:39.0644 0x1180 SNMPTRAP - ok
23:08:39.0648 0x1180 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
23:08:39.0658 0x1180 spldr - ok
23:08:39.0692 0x1180 [ D1BB750EB51694DE183E08B9C33BE5B2, 07B3A7EF51957615B6B8793F610BCC73EA0524B379B5CE457928CE2E021D0C06 ] Spooler C:\Windows\System32\spoolsv.exe
23:08:39.0757 0x1180 Spooler - ok
23:08:39.0843 0x1180 [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
23:08:39.0950 0x1180 sppsvc - ok
23:08:39.0969 0x1180 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:08:39.0993 0x1180 sppuinotify - ok
23:08:40.0014 0x1180 [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:08:40.0057 0x1180 srv - ok
23:08:40.0076 0x1180 [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:08:40.0095 0x1180 srv2 - ok
23:08:40.0109 0x1180 [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:08:40.0133 0x1180 srvnet - ok
23:08:40.0149 0x1180 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:08:40.0175 0x1180 SSDPSRV - ok
23:08:40.0184 0x1180 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:08:40.0216 0x1180 SstpSvc - ok
23:08:40.0330 0x1180 [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
23:08:40.0368 0x1180 Steam Client Service - ok
23:08:40.0379 0x1180 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:08:40.0389 0x1180 stexstor - ok
23:08:40.0424 0x1180 [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
23:08:40.0463 0x1180 StiSvc - ok
23:08:40.0483 0x1180 [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:08:40.0493 0x1180 storflt - ok
23:08:40.0500 0x1180 [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:08:40.0510 0x1180 storvsc - ok
23:08:40.0516 0x1180 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:08:40.0525 0x1180 swenum - ok
23:08:40.0619 0x1180 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:08:40.0671 0x1180 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
23:08:47.0246 0x1180 Detect skipped due to KSN trusted
23:08:47.0246 0x1180 SwitchBoard - ok
23:08:47.0281 0x1180 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
23:08:47.0332 0x1180 swprv - ok
23:08:47.0371 0x1180 [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
23:08:47.0425 0x1180 SysMain - ok
23:08:47.0440 0x1180 [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:08:47.0456 0x1180 TabletInputService - ok
23:08:47.0469 0x1180 [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
23:08:47.0480 0x1180 tap0901 - ok
23:08:47.0498 0x1180 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:08:47.0527 0x1180 TapiSrv - ok
23:08:47.0539 0x1180 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
23:08:47.0564 0x1180 TBS - ok
23:08:47.0607 0x1180 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:08:47.0655 0x1180 Tcpip - ok
23:08:47.0689 0x1180 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:08:47.0743 0x1180 TCPIP6 - ok
23:08:47.0772 0x1180 [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:08:47.0794 0x1180 tcpipreg - ok
23:08:47.0811 0x1180 [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:08:47.0843 0x1180 TDPIPE - ok
23:08:47.0859 0x1180 [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:08:47.0884 0x1180 TDTCP - ok
23:08:47.0898 0x1180 [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:08:47.0934 0x1180 tdx - ok
23:08:47.0952 0x1180 [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:08:47.0962 0x1180 TermDD - ok
23:08:47.0984 0x1180 [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
23:08:48.0035 0x1180 TermService - ok
23:08:48.0050 0x1180 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
23:08:48.0074 0x1180 Themes - ok
23:08:48.0089 0x1180 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
23:08:48.0112 0x1180 THREADORDER - ok
23:08:48.0137 0x1180 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
23:08:48.0174 0x1180 TrkWks - ok
23:08:48.0205 0x1180 [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:08:48.0221 0x1180 TrustedInstaller - ok
23:08:48.0234 0x1180 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:48.0265 0x1180 tssecsrv - ok
23:08:48.0293 0x1180 [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:08:48.0317 0x1180 tunnel - ok
23:08:48.0328 0x1180 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:08:48.0339 0x1180 uagp35 - ok
23:08:48.0356 0x1180 [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:08:48.0431 0x1180 udfs - ok
23:08:48.0473 0x1180 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:08:48.0496 0x1180 UI0Detect - ok
23:08:48.0508 0x1180 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:08:48.0518 0x1180 uliagpkx - ok
23:08:48.0538 0x1180 [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:08:48.0551 0x1180 umbus - ok
23:08:48.0558 0x1180 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:08:48.0583 0x1180 UmPass - ok
23:08:48.0609 0x1180 [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService C:\Windows\System32\umrdp.dll
23:08:48.0634 0x1180 UmRdpService - ok
23:08:48.0654 0x1180 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
23:08:48.0684 0x1180 upnphost - ok
23:08:48.0696 0x1180 [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:48.0709 0x1180 usbccgp - ok
23:08:48.0719 0x1180 [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:08:48.0747 0x1180 usbcir - ok
23:08:48.0751 0x1180 [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:08:48.0763 0x1180 usbehci - ok
23:08:48.0780 0x1180 [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:08:48.0798 0x1180 usbhub - ok
23:08:48.0808 0x1180 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:08:48.0830 0x1180 usbohci - ok
23:08:48.0843 0x1180 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:08:48.0864 0x1180 usbprint - ok
23:08:48.0883 0x1180 [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:48.0895 0x1180 USBSTOR - ok
23:08:48.0905 0x1180 [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:48.0917 0x1180 usbuhci - ok
23:08:48.0927 0x1180 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
23:08:48.0950 0x1180 UxSms - ok
23:08:48.0955 0x1180 [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc C:\Windows\system32\lsass.exe
23:08:48.0967 0x1180 VaultSvc - ok
23:08:48.0980 0x1180 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:08:49.0025 0x1180 vdrvroot - ok
23:08:49.0058 0x1180 [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
23:08:49.0091 0x1180 vds - ok
23:08:49.0106 0x1180 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:49.0128 0x1180 vga - ok
23:08:49.0147 0x1180 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:08:49.0168 0x1180 VgaSave - ok
23:08:49.0182 0x1180 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:08:49.0195 0x1180 vhdmp - ok
23:08:49.0219 0x1180 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:08:49.0230 0x1180 viaagp - ok
23:08:49.0243 0x1180 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:08:49.0312 0x1180 ViaC7 - ok
23:08:49.0330 0x1180 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:08:49.0344 0x1180 viaide - ok
23:08:49.0367 0x1180 [ DCA32F7079C1F9E99E16D47CF4D8D436, E3E815A767F9344F8243EEACF21364E47EB9D9EED3D717F56B072A0F01D8CADB ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
23:08:49.0377 0x1180 VIAKaraokeService - ok
23:08:49.0397 0x1180 [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:08:49.0411 0x1180 vmbus - ok
23:08:49.0415 0x1180 [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:08:49.0426 0x1180 VMBusHID - ok
23:08:49.0434 0x1180 [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:08:49.0444 0x1180 volmgr - ok
23:08:49.0459 0x1180 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:08:49.0475 0x1180 volmgrx - ok
23:08:49.0498 0x1180 [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:08:49.0513 0x1180 volsnap - ok
23:08:49.0533 0x1180 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:08:49.0546 0x1180 vsmraid - ok
23:08:49.0577 0x1180 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
23:08:49.0643 0x1180 VSS - ok
23:08:49.0669 0x1180 vToolbarUpdater18.4.0 - ok
23:08:49.0686 0x1180 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:08:49.0699 0x1180 vwifibus - ok
23:08:49.0728 0x1180 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
23:08:49.0759 0x1180 W32Time - ok
23:08:49.0765 0x1180 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:08:49.0776 0x1180 WacomPen - ok
23:08:49.0786 0x1180 [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:08:49.0808 0x1180 WANARP - ok
23:08:49.0813 0x1180 [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:08:49.0835 0x1180 Wanarpv6 - ok
23:08:49.0875 0x1180 [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
23:08:49.0934 0x1180 wbengine - ok
23:08:49.0952 0x1180 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:08:49.0970 0x1180 WbioSrvc - ok
23:08:49.0994 0x1180 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:08:50.0036 0x1180 wcncsvc - ok
23:08:50.0045 0x1180 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:08:50.0077 0x1180 WcsPlugInService - ok
23:08:50.0081 0x1180 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:08:50.0090 0x1180 Wd - ok
23:08:50.0116 0x1180 [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:08:50.0136 0x1180 Wdf01000 - ok
23:08:50.0152 0x1180 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:08:50.0175 0x1180 WdiServiceHost - ok
23:08:50.0179 0x1180 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:08:50.0195 0x1180 WdiSystemHost - ok
23:08:50.0217 0x1180 [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient C:\Windows\System32\webclnt.dll
23:08:50.0242 0x1180 WebClient - ok
23:08:50.0255 0x1180 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:08:50.0281 0x1180 Wecsvc - ok
23:08:50.0295 0x1180 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:08:50.0328 0x1180 wercplsupport - ok
23:08:50.0361 0x1180 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
23:08:50.0385 0x1180 WerSvc - ok
23:08:50.0407 0x1180 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:08:50.0443 0x1180 WfpLwf - ok
23:08:50.0475 0x1180 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:08:50.0484 0x1180 WIMMount - ok
23:08:50.0526 0x1180 [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:08:50.0591 0x1180 WinDefend - ok
23:08:50.0600 0x1180 WinHttpAutoProxySvc - ok
23:08:50.0648 0x1180 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:08:50.0712 0x1180 Winmgmt - ok
23:08:50.0757 0x1180 [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
23:08:50.0856 0x1180 WinRM - ok
23:08:50.0904 0x1180 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:08:50.0956 0x1180 Wlansvc - ok
23:08:50.0973 0x1180 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:08:50.0984 0x1180 WmiAcpi - ok
23:08:50.0998 0x1180 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:08:51.0013 0x1180 wmiApSrv - ok
23:08:51.0051 0x1180 [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:51.0123 0x1180 WMPNetworkSvc - ok
23:08:51.0134 0x1180 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:08:51.0166 0x1180 WPCSvc - ok
23:08:51.0182 0x1180 [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:08:51.0207 0x1180 WPDBusEnum - ok
23:08:51.0216 0x1180 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:08:51.0247 0x1180 ws2ifsl - ok
23:08:51.0271 0x1180 [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc C:\Windows\System32\wscsvc.dll
23:08:51.0285 0x1180 wscsvc - ok
23:08:51.0289 0x1180 WSearch - ok
23:08:51.0377 0x1180 [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
23:08:51.0406 0x1180 WtuSystemSupport - ok
23:08:51.0467 0x1180 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
23:08:51.0525 0x1180 wuauserv - ok
23:08:51.0540 0x1180 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:08:51.0577 0x1180 WudfPf - ok
23:08:51.0594 0x1180 [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:51.0630 0x1180 WUDFRd - ok
23:08:51.0655 0x1180 [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:08:51.0679 0x1180 wudfsvc - ok
23:08:51.0698 0x1180 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:08:51.0746 0x1180 WwanSvc - ok
23:08:51.0763 0x1180 ================ Scan global ===============================
23:08:51.0786 0x1180 [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
23:08:51.0809 0x1180 [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:08:51.0821 0x1180 [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:08:51.0892 0x1180 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
23:08:51.0934 0x1180 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
23:08:51.0951 0x1180 [ Global ] - ok
23:08:51.0952 0x1180 ================ Scan MBR ==================================
23:08:51.0979 0x1180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:08:52.0465 0x1180 \Device\Harddisk0\DR0 - ok
23:08:52.0473 0x1180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:08:52.0539 0x1180 \Device\Harddisk1\DR1 - ok
23:08:52.0548 0x1180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:08:52.0707 0x1180 \Device\Harddisk2\DR2 - ok
23:08:52.0708 0x1180 ================ Scan VBR ==================================
23:08:52.0711 0x1180 [ 4D9D541C725E19413A06630D541602C8 ] \Device\Harddisk0\DR0\Partition1
23:08:52.0747 0x1180 \Device\Harddisk0\DR0\Partition1 - ok
23:08:52.0754 0x1180 [ 63EABB96F75E5CEFE8774E8377DBEA56 ] \Device\Harddisk1\DR1\Partition1
23:08:52.0756 0x1180 \Device\Harddisk1\DR1\Partition1 - ok
23:08:52.0767 0x1180 [ 7EE6FA9ECE8AB12D7873B5248222AAD9 ] \Device\Harddisk2\DR2\Partition1
23:08:52.0770 0x1180 \Device\Harddisk2\DR2\Partition1 - ok
23:08:52.0771 0x1180 ================ Scan generic autorun ======================
23:08:52.0879 0x1180 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:08:52.0986 0x1180 Sidebar - ok
23:08:53.0014 0x1180 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:08:53.0033 0x1180 mctadmin - ok
23:08:53.0063 0x1180 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:08:53.0101 0x1180 Sidebar - ok
23:08:53.0107 0x1180 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:08:53.0122 0x1180 mctadmin - ok
23:08:53.0123 0x1180 Waiting for KSN requests completion. In queue: 92
23:08:54.0123 0x1180 Waiting for KSN requests completion. In queue: 92
23:08:55.0123 0x1180 Waiting for KSN requests completion. In queue: 92
23:08:56.0125 0x1180 Waiting for KSN requests completion. In queue: 92
23:08:57.0125 0x1180 Waiting for KSN requests completion. In queue: 92
23:08:58.0125 0x1180 Waiting for KSN requests completion. In queue: 92
23:08:59.0125 0x1180 Waiting for KSN requests completion. In queue: 92
23:09:00.0215 0x1180 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5751 ), 0x41000 ( enabled : updated )
23:09:00.0235 0x1180 Win FW state via NFP2: enabled
23:09:03.0035 0x1180 ============================================================
23:09:03.0035 0x1180 Scan finished
23:09:03.0035 0x1180 ============================================================
23:09:03.0055 0x1758 Detected object count: 1
23:09:03.0055 0x1758 Actual detected object count: 1
23:09:26.0376 0x1758 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:09:26.0376 0x1758 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von molchi (10.03.2015 um 23:11 Uhr) |
|
11.03.2015, 12:11
| #6 |
| /// the machine /// TB-Ausbilder | irgendwas eingefangen?? hi, Scan mit Combofix
__________________ --> irgendwas eingefangen?? |
|
11.03.2015, 23:39
| #7 |
| | irgendwas eingefangen?? was mach ich nun mit dem 1 gefundenen von TDSSKiller? Logfile Combofix: Code:
ATTFilter ComboFix 15-03-09.01 - molchi 11.03.2015 23:27:05.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.3199.1624 [GMT 1:00]
ausgeführt von:: c:\users\molchi\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-11 bis 2015-03-11 ))))))))))))))))))))))))))))))
.
.
2015-03-11 22:35 . 2015-03-11 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-10 21:53 . 2015-03-10 22:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-10 21:37 . 2015-03-10 21:37 -------- d-----w- c:\program files\VS Revo Group
2015-03-10 05:48 . 2015-03-10 05:54 -------- d-----w- C:\FRST
2015-03-09 22:07 . 2015-03-09 22:07 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-03-09 05:48 . 2015-03-09 22:49 -------- d-----w- c:\programdata\HitmanPro
2015-03-09 03:24 . 2015-03-10 21:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-09 03:24 . 2015-03-10 21:52 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-09 03:24 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-09 03:24 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-09 03:24 . 2015-03-09 22:49 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-02-27 22:02 . 2015-03-09 22:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2015-02-27 05:55 . 2015-03-09 22:49 -------- d-----w- c:\programdata\Avg_Update_0215tb
2015-02-19 20:28 . 2015-02-19 20:28 217568 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-02-18 21:47 . 2015-02-18 21:47 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 00:57 . 2014-04-24 20:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 00:57 . 2014-04-24 20:22 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-03 09:47 . 2015-02-03 09:47 265184 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-01-23 08:40 . 2015-01-23 08:40 107488 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-01-16 10:15 . 2015-01-16 10:15 210400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-02-13 12:20 3057808 --sha-r- c:\windows\System32\avcodec-lav-55.dll
2014-02-13 12:20 98960 --sha-r- c:\windows\System32\avfilter-lav-3.dll
2014-02-13 12:20 539280 --sha-r- c:\windows\System32\avformat-lav-55.dll
2009-09-27 07:39 415744 --sh--w- c:\windows\System32\avisynth.dll
2014-02-13 12:20 59536 --sha-r- c:\windows\System32\avresample-lav-1.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\System32\AVSredirect.dll
2014-02-13 12:20 180368 --sha-r- c:\windows\System32\avutil-lav-52.dll
2004-02-22 08:11 764416 --sh--w- c:\windows\System32\devil.dll
2014-02-13 12:20 122512 --sha-r- c:\windows\System32\HLaudio.dll
2014-02-13 12:20 202384 --sha-r- c:\windows\System32\HLsplit.dll
2014-02-13 12:20 313520 --sha-r- c:\windows\System32\HLvideo.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\System32\i420vfw.dll
2014-02-13 12:20 152720 --sha-r- c:\windows\System32\IntelQuickSyncDecoder.dll
2014-02-13 12:20 109200 --sha-r- c:\windows\System32\swscale-lav-2.dll
2012-10-05 17:54 188416 --sha-r- c:\windows\System32\winDCE32.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\System32\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-19 3710416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-05-21 19:03 832272 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 12:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2015-01-30 22:25 55568 ----a-w- c:\program files\Raptr\raptrstub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-11-20 20:41 748232 ----a-w- c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2015-03-04 22:34 3033112 ----a-w- c:\program files\AVG Web TuneUp\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2014-04-25 23:56 12288 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe_ID0EYTHM"=c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-02-19 3411408]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2014-04-23 23456]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-03-09 35992]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-02-03 265184]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-02-19 217568]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-01-16 210400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2014-11-20 276992]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys [2014-11-21 265416]
S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [2014-11-20 107520]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-02-19 308720]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-05-21 113424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-05-21 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-05-21 774928]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files\AVG Web TuneUp\WtuSystemSupport.exe [2015-03-04 620056]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-04-23 693464]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-24 00:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://mysearch.avg.com?cid={170A8DC2-4607-4B3D-9606-C4EDEC211CCF}&mid=1f0fb2f3fd3847d281c799127f52ef80-4d67a5cd415e1d767b70e17ec044e3280a45347b&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-28 23:32&v=4.1.0.411&pid=wtu&sg=&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-11 23:37:15
ComboFix-quarantined-files.txt 2015-03-11 22:37
.
Vor Suchlauf: 10 Verzeichnis(se), 882.518.892.544 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 883.282.337.792 Bytes frei
.
- - End Of File - - 5097AF0160D7E1D1EC06CA7813AB7CFA
A36C5E4F47E84449FF07ED3517B43A31
|
|
12.03.2015, 18:51
| #8 |
| /// the machine /// TB-Ausbilder | irgendwas eingefangen?? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2015, 22:35
| #9 |
| | irgendwas eingefangen?? Die besagten programme hatte ich schon or dem Forenpost erfolgreich arbeiten lassen. Seit gestern hab ich auch keine nervigen pop-up's mehr, irgendeins deiner Programme scheint offenbar gegriffen zu haben, was mach ich mit dem einen Fund von TDSSKiller den ich nach dem scan einfach geskipped habe?? Zur sicherheit trotzdem die logs, malwarebtes ohne fund: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.03.2015 Suchlauf-Zeit: 22:38:00 Logdatei: mbscan.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.12.06 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: molchi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 332153 Verstrichene Zeit: 7 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.112 - Logfile created 12/03/2015 at 22:52:51
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : molchi - MOLCHI-PC
# Running from : C:\Users\molchi\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v36.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [3286 bytes] - [26/04/2014 05:36:20]
AdwCleaner[R1].txt - [873 bytes] - [05/05/2014 06:24:54]
AdwCleaner[R2].txt - [3833 bytes] - [31/05/2014 02:09:06]
AdwCleaner[R3].txt - [3195 bytes] - [09/01/2015 05:35:54]
AdwCleaner[R4].txt - [3482 bytes] - [09/03/2015 04:05:56]
AdwCleaner[R5].txt - [3637 bytes] - [09/03/2015 04:13:01]
AdwCleaner[R6].txt - [1492 bytes] - [12/03/2015 22:49:20]
AdwCleaner[S0].txt - [3423 bytes] - [26/04/2014 05:37:09]
AdwCleaner[S1].txt - [933 bytes] - [05/05/2014 06:26:25]
AdwCleaner[S2].txt - [3653 bytes] - [31/05/2014 02:11:02]
AdwCleaner[S3].txt - [3253 bytes] - [09/01/2015 05:38:25]
AdwCleaner[S4].txt - [3774 bytes] - [09/03/2015 04:14:49]
AdwCleaner[S5].txt - [1421 bytes] - [12/03/2015 22:52:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1480 bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x86
Ran by molchi on 12.03.2015 at 22:56:22,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (molchi)
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2015 at 23:00:09,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by molchi (administrator) on MOLCHI-PC on 12-03-2015 23:01:27
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {844F9710-987C-4933-9B00-028A0D8F8C33} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: [NameServer] 8.8.4.4,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [107520 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [265416 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-23] (Phoenix Technologies) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 catchme; \??\C:\Users\molchi\AppData\Local\Temp\catchme.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 23:01 - 2015-03-12 23:01 - 00000000 ____D () C:\Users\molchi\Desktop\FRST-OlderVersion
2015-03-12 23:00 - 2015-03-12 23:00 - 00001642 _____ () C:\Users\molchi\Desktop\JRT.txt
2015-03-12 22:55 - 2015-03-12 22:55 - 01388333 _____ (Thisisu) C:\Users\molchi\Desktop\JRT.exe
2015-03-12 22:48 - 2015-03-12 22:48 - 02171392 _____ () C:\Users\molchi\Desktop\adwcleaner_4.112.exe
2015-03-12 22:46 - 2015-03-12 22:46 - 00001190 _____ () C:\Users\molchi\Desktop\mbscan.txt
2015-03-11 23:37 - 2015-03-11 23:37 - 00012776 _____ () C:\ComboFix.txt
2015-03-11 23:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-11 23:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-11 23:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-11 23:24 - 2015-03-11 23:37 - 00000000 ____D () C:\Qoobox
2015-03-11 23:24 - 2015-03-11 23:36 - 00000000 ____D () C:\Windows\erdnt
2015-03-11 23:23 - 2015-03-11 23:24 - 05613296 ____R (Swearware) C:\Users\molchi\Desktop\ComboFix.exe
2015-03-10 23:04 - 2015-03-10 23:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\molchi\Desktop\tdsskiller.exe
2015-03-10 22:53 - 2015-03-10 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-10 22:51 - 2015-03-10 23:02 - 00000000 ____D () C:\Users\molchi\Desktop\mbar
2015-03-10 22:50 - 2015-03-10 22:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\molchi\Desktop\mbar-1.09.1.1004.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\molchi\Desktop\revosetup95.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 00001226 _____ () C:\Users\molchi\Desktop\Revo Uninstaller.lnk
2015-03-10 22:37 - 2015-03-10 22:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-10 06:54 - 2015-03-10 06:54 - 00025492 _____ () C:\Users\molchi\Desktop\Addition.txt
2015-03-10 06:49 - 2015-03-12 23:01 - 00010762 _____ () C:\Users\molchi\Desktop\FRST.txt
2015-03-10 06:48 - 2015-03-12 23:01 - 00000000 ____D () C:\FRST
2015-03-10 06:47 - 2015-03-12 23:01 - 01135104 _____ (Farbar) C:\Users\molchi\Desktop\FRST.exe
2015-03-10 00:00 - 2015-03-10 00:00 - 00008321 _____ () C:\Users\molchi\Desktop\hijackthis.log
2015-03-09 23:58 - 2015-03-09 23:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\molchi\Desktop\HiJackThis204.exe
2015-03-09 23:23 - 2015-03-09 23:28 - 00000760 _____ () C:\Users\molchi\Desktop\TP-LINK Modem Router Settings.txt
2015-03-09 23:07 - 2015-03-09 23:07 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-09 07:03 - 2015-03-09 07:03 - 00000830 _____ () C:\Windows\system32\.crusader
2015-03-09 06:48 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-09 06:47 - 2015-03-09 06:47 - 10085648 _____ (SurfRight B.V.) C:\Users\molchi\Downloads\HitmanPro.exe
2015-03-09 04:30 - 2015-03-09 04:45 - 132625648 _____ (Microsoft Corporation) C:\Users\molchi\Desktop\msert.exe
2015-03-09 04:24 - 2015-03-12 22:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 04:24 - 2015-03-10 22:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 04:24 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 04:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-05 23:00 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 23:02 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 06:55 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 23:01 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 23:01 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 22:56 - 2014-04-24 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 22:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 22:53 - 2014-04-23 07:20 - 01465067 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 22:53 - 2014-04-23 03:29 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-12 22:53 - 2009-07-14 05:39 - 00099317 _____ () C:\Windows\setupact.log
2015-03-12 22:52 - 2014-04-25 23:03 - 00000000 ____D () C:\AdwCleaner
2015-03-12 22:32 - 2014-04-23 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-12 08:58 - 2014-04-23 17:24 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\TS3Client
2015-03-12 08:55 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Local\Battle.net
2015-03-11 23:40 - 2014-04-23 02:28 - 00146704 _____ () C:\Windows\PFRO.log
2015-03-11 23:37 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-11 23:36 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-11 07:01 - 2014-04-26 01:33 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Skype
2015-03-10 06:53 - 2014-05-10 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-09 23:49 - 2015-01-28 23:31 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-09 23:49 - 2015-01-09 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-09 23:49 - 2015-01-04 18:24 - 00000000 ____D () C:\Users\molchi\Desktop\ReBot
2015-03-09 23:49 - 2014-07-25 02:02 - 00000000 ____D () C:\Program Files\Hearthstone
2015-03-09 23:49 - 2014-04-26 02:46 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\vlc
2015-03-09 23:49 - 2014-04-23 09:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 23:49 - 2014-04-23 07:18 - 00000000 ____D () C:\Users\molchi
2015-03-09 23:49 - 2014-04-23 02:08 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Battle.net
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Program Files\Battle.net
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-25 18:01 - 2015-01-09 05:53 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-13 22:47 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-12-01 17:30 - 2014-12-01 17:30 - 0000032 _____ () C:\Users\molchi\AppData\Roaming\UserIdentity.dat
2014-07-06 04:04 - 2014-07-06 04:04 - 0007609 _____ () C:\Users\molchi\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\molchi\AppData\Local\Temp\Quarantine.exe
C:\Users\molchi\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 19:03
==================== End Of Log ============================
Geändert von molchi (12.03.2015 um 23:02 Uhr) |
|
13.03.2015, 12:34
| #10 |
| /// the machine /// TB-Ausbilder | irgendwas eingefangen??ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.03.2015, 00:57
| #11 |
| | irgendwas eingefangen?? logfile eset mit 28 funden. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f276d6bc175456479330dfaacfb9556c
# engine=22899
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-13 11:53:53
# local_time=2015-03-14 12:53:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 6616 113424817 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7917149 177922024 0 0
# scanned=391626
# found=28
# cleaned=0
# scan_time=5789
sh=B52FD6403E1D1F8CB9D3BACFBE3FEDDE5B428BA4 ft=1 fh=a0ce568e482fc573 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir"
sh=6C2A540166FA9D494C6295CB67C0E090C2A534FD ft=1 fh=0efc383dfd3d144d vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\AtuZi\AtuZiBHO.dll.vir"
sh=C6C61D8056DD0FDCE3D9E2010BBCFA0A9CADE3EB ft=1 fh=d24c614fb0f939ac vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\AtuZi\AtuZiUninstall.exe.vir"
sh=7AFD70B805F472B442C109791F51FF65E6C883F8 ft=1 fh=2b635b2e5b118e14 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\SlickSavings\SlickSavingsSetup.exe.vir"
sh=B06CEDEC6BF5107AF2D0C5EFC7C65B42FB59AA39 ft=1 fh=746c44b02a751ec7 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir"
sh=59E697C9F5BB3D86352B1FACA3AAD8BCB30A73D9 ft=1 fh=5340284e173e7526 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll.vir"
sh=9745BBE8290C1CE3C3A805E4B49071ED7B6DB888 ft=1 fh=ccd023872ef98989 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE64.dll.vir"
sh=B152F93C2F68A07FE8E4B9E32914A035F9AB1AB5 ft=1 fh=c71c0011c1b5643e vn="Variante von Win32/AdWare.AddLyrics.BH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PassShow-soft\170.dll.vir"
sh=E2B1FD8D92C97E369BF777F802C6E6C7FE380980 ft=1 fh=c71c00115fe5870f vn="Variante von Win32/AdWare.AddLyrics.AM Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PassShow-soft\PassShowT01.exe.vir"
sh=39533BB3C9822C0ECEE56F293AD38168CDC1E9D3 ft=1 fh=e187698507402098 vn="Variante von Win32/AdWare.AddLyrics.AS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PassShow-soft\Uninstall.exe.vir"
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=9BA6DC699104472080E202066F9A6194C861BBC4 ft=1 fh=644180d9ce5cd441 vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=311437CF4EC68FC9E3F298BBF883F8D286FB793C ft=1 fh=6d2ccfecc66b253f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\RHEng\4589E28CA1DF42BBAFD0472861CF8A9E\13443.exe.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=312B4326F089F044FEFE73A81FD94223E3F36410 ft=1 fh=789dc111d976203c vn="Variante von Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\molchi\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe"
sh=3F021F9BE3A9F9A63F9FDA3F91BAE2EF0B74A6CC ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2015
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (36.0.1)
Mozilla Thunderbird (31.5.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by molchi (administrator) on MOLCHI-PC on 14-03-2015 01:18:43
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3838\Agent.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5566\Battle.net.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2469122478-4038941523-3492657438-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> {844F9710-987C-4933-9B00-028A0D8F8C33} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-2469122478-4038941523-3492657438-1001 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{BE5B6ADA-3AE3-4C56-9ED6-63626131474E}: [NameServer] 8.8.4.4,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\molchi\AppData\Roaming\Mozilla\Firefox\Profiles\0jpy64qo.default-1425873212397\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [107520 2014-11-20] (Advanced Micro Devices) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-04] ()
S2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [265416 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-23] (Phoenix Technologies) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 catchme; \??\C:\Users\molchi\AppData\Local\Temp\catchme.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-14 00:59 - 2015-03-14 00:59 - 00852604 _____ () C:\Users\molchi\Desktop\SecurityCheck.exe
2015-03-13 23:04 - 2015-03-13 23:04 - 02347384 _____ (ESET) C:\Users\molchi\Desktop\esetsmartinstaller_deu.exe
2015-03-12 23:01 - 2015-03-12 23:01 - 00000000 ____D () C:\Users\molchi\Desktop\FRST-OlderVersion
2015-03-12 23:00 - 2015-03-12 23:00 - 00001642 _____ () C:\Users\molchi\Desktop\JRT.txt
2015-03-12 22:55 - 2015-03-12 22:55 - 01388333 _____ (Thisisu) C:\Users\molchi\Desktop\JRT.exe
2015-03-12 22:48 - 2015-03-12 22:48 - 02171392 _____ () C:\Users\molchi\Desktop\adwcleaner_4.112.exe
2015-03-12 22:46 - 2015-03-12 22:46 - 00001190 _____ () C:\Users\molchi\Desktop\mbscan.txt
2015-03-11 23:37 - 2015-03-11 23:37 - 00012776 _____ () C:\ComboFix.txt
2015-03-11 23:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-11 23:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-11 23:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-11 23:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-11 23:24 - 2015-03-11 23:37 - 00000000 ____D () C:\Qoobox
2015-03-11 23:24 - 2015-03-11 23:36 - 00000000 ____D () C:\Windows\erdnt
2015-03-11 23:23 - 2015-03-11 23:24 - 05613296 ____R (Swearware) C:\Users\molchi\Desktop\ComboFix.exe
2015-03-10 23:04 - 2015-03-10 23:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\molchi\Desktop\tdsskiller.exe
2015-03-10 22:53 - 2015-03-10 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-10 22:51 - 2015-03-10 23:02 - 00000000 ____D () C:\Users\molchi\Desktop\mbar
2015-03-10 22:50 - 2015-03-10 22:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\molchi\Desktop\mbar-1.09.1.1004.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\molchi\Desktop\revosetup95.exe
2015-03-10 22:37 - 2015-03-10 22:37 - 00001226 _____ () C:\Users\molchi\Desktop\Revo Uninstaller.lnk
2015-03-10 22:37 - 2015-03-10 22:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-10 06:54 - 2015-03-10 06:54 - 00025492 _____ () C:\Users\molchi\Desktop\Addition.txt
2015-03-10 06:49 - 2015-03-14 01:18 - 00010915 _____ () C:\Users\molchi\Desktop\FRST.txt
2015-03-10 06:48 - 2015-03-14 01:18 - 00000000 ____D () C:\FRST
2015-03-10 06:47 - 2015-03-12 23:01 - 01135104 _____ (Farbar) C:\Users\molchi\Desktop\FRST.exe
2015-03-10 00:00 - 2015-03-10 00:00 - 00008321 _____ () C:\Users\molchi\Desktop\hijackthis.log
2015-03-09 23:58 - 2015-03-09 23:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\molchi\Desktop\HiJackThis204.exe
2015-03-09 23:23 - 2015-03-09 23:28 - 00000760 _____ () C:\Users\molchi\Desktop\TP-LINK Modem Router Settings.txt
2015-03-09 23:07 - 2015-03-09 23:07 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-09 07:03 - 2015-03-09 07:03 - 00000830 _____ () C:\Windows\system32\.crusader
2015-03-09 06:48 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-09 06:47 - 2015-03-09 06:47 - 10085648 _____ (SurfRight B.V.) C:\Users\molchi\Downloads\HitmanPro.exe
2015-03-09 04:30 - 2015-03-09 04:45 - 132625648 _____ (Microsoft Corporation) C:\Users\molchi\Desktop\msert.exe
2015-03-09 04:24 - 2015-03-12 22:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 04:24 - 2015-03-10 22:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-03-09 04:24 - 2015-03-09 04:24 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 04:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 04:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-05 23:00 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 23:02 - 2015-03-09 23:49 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 06:55 - 2015-03-09 23:49 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-18 22:47 - 2015-02-18 22:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-14 01:16 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Local\Battle.net
2015-03-14 00:56 - 2014-04-24 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 00:50 - 2014-04-23 07:20 - 01490149 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 23:57 - 2014-04-23 17:24 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\TS3Client
2015-03-13 23:55 - 2009-07-14 05:39 - 00099877 _____ () C:\Windows\setupact.log
2015-03-13 23:07 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 23:07 - 2009-07-14 05:34 - 00020352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 23:03 - 2014-04-23 21:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-13 23:00 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 07:24 - 2014-04-23 03:29 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-12 22:52 - 2014-04-25 23:03 - 00000000 ____D () C:\AdwCleaner
2015-03-11 23:40 - 2014-04-23 02:28 - 00146704 _____ () C:\Windows\PFRO.log
2015-03-11 23:37 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-11 23:36 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-11 07:01 - 2014-04-26 01:33 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Skype
2015-03-10 06:53 - 2014-05-10 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-09 23:49 - 2015-01-28 23:31 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-03-09 23:49 - 2015-01-09 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-09 23:49 - 2015-01-04 18:24 - 00000000 ____D () C:\Users\molchi\Desktop\ReBot
2015-03-09 23:49 - 2014-07-25 02:02 - 00000000 ____D () C:\Program Files\Hearthstone
2015-03-09 23:49 - 2014-04-26 02:46 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\vlc
2015-03-09 23:49 - 2014-04-23 09:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 23:49 - 2014-04-23 07:18 - 00000000 ____D () C:\Users\molchi
2015-03-09 23:49 - 2014-04-23 02:08 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Users\molchi\AppData\Roaming\Battle.net
2015-03-09 23:49 - 2014-04-23 01:37 - 00000000 ____D () C:\Program Files\Battle.net
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 23:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-25 18:01 - 2015-01-09 05:53 - 00000951 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-13 22:47 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-12-01 17:30 - 2014-12-01 17:30 - 0000032 _____ () C:\Users\molchi\AppData\Roaming\UserIdentity.dat
2014-07-06 04:04 - 2014-07-06 04:04 - 0007609 _____ () C:\Users\molchi\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\molchi\AppData\Local\Temp\Quarantine.exe
C:\Users\molchi\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 19:03
==================== End Of Log ============================
Probleme spürbar keine vorhanden, bleibt die frage was mach ich mit den 28 Fundenvon eset wo ja "nicht entfernen" eingstellt war, und dem einen von tdsskiller der ja auf skip anstatt entfernen stand? Geändert von molchi (14.03.2015 um 01:24 Uhr) |
|
14.03.2015, 12:37
| #12 |
| /// the machine /// TB-Ausbilder | irgendwas eingefangen?? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe
C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
JEtzt bitte die versäumten 5 Jahre WIndows Updates machen inkl. Servicepack 1, dann nochmal ein frisches FRST Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.03.2015, 22:34
| #13 |
| | irgendwas eingefangen?? frst-log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by molchi at 2015-03-14 22:25:25 Run:1
Running from C:\Users\molchi\Desktop
Loaded Profiles: molchi (Available profiles: molchi)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe
C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js
Emptytemp:
*****************
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe => Moved successfully.
C:\Dokumente und Einstellungen\molchi\Eigene Dateien\Eigene Dateien\Downloads\FreeYouTubeToMp3Converter39.exe => Moved successfully.
C:\Users\molchi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQDFZQHF\inpage_linkid[1].js => Moved successfully.
EmptyTemp: => Removed 415.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog 22:26:55 ====
 ) mach ich gleich, schieb ich schon ewig vor mir her *schäm*Bleibt die Frage ob ich die 28 infizierten dateien die Eset erkannte, aber "nicht entfernen" eingestellt war ignoriere oder jetzt noch entfernen soll, ebenso der 1 Fund den TDSSKiller hatte welcher aber ja auf Skip stand.  Dank dir vielmals  |
|
15.03.2015, 13:44
| #14 | |
| /// the machine /// TB-Ausbilder | irgendwas eingefangen??Zitat:
Wir haben alle Funde von Interesse gelöscht, Rest ist schon in Quarantäne.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.03.2015, 16:46
| #15 |
| | irgendwas eingefangen?? Ok, war nur irritiert weil die beiden programme ja auf nur erkennen standen Seit 2011? o.O ich habs erst 2013 oder so installiert und alles, aber gut, updates sin drauf. Dank dir vieeelmals für die super Hilfe, ihr seid die besten hier |
|
| Themen zu irgendwas eingefangen?? |
| adresse, adwcleaner, aussehen, browser, eingefangen, gefangen, große, kleine, malwarebytes, massig, microsoft, namens, neu, popups, regelmäßig, schonmal, sytem, tagen, verzweifel, webseite, welchem |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
