Trojaner-Board - Spy Eyes und blauer Bildschirm

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Spy Eyes und blauer Bildschirm (https://www.trojaner-board.de/143604-spy-eyes-blauer-bildschirm.html)

Spy Eyes und blauer Bildschirm

Hallo,

gestern fiel mir auch, dass mein USB Stick, nachdem ich ihm vom Copyshop zurückbekommen hatte, alle Dateien nur noch als Verknüpfungen angab. Daraufhin ließ ich mehrere Virusprogramme durchlaufen und eins (Malware) gab mir dann an, dass mehrere Viren auf meinem PC sind, unter anderem auch Spyeyes. Daraufhin löschte ich diese...

Heute wollte ich alles nochmal kontrollieren mit einer anderen Virus-Software (Malwarebytes Anti Malware) und daraufhin kam das während des Scans:

eine Fehlermeldung (blauer Bildschirm) A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you see this stop error screen, restart your computer., etc. angezeigt wird und sich mein Laptop ausschaltet und wieder einschaltet.

Jetzt habe ich noch ein paar Mal probiert den Scan durchzuführen, aber er wird immer wieder abgebrochen.

Was kann/ muss ich tun???

Vielen Dank schon einmal für die Hilfe!
Brauche meinen Laptop wirklich dringend und habe keinerlei Ahnung von so etwas :/

Vera

Hallo Vera,

Zitat:

und eins (Malware) gab mir dann an, dass mehrere Viren auf meinem PC sind, unter anderem auch Spyeyes. Daraufhin löschte ich diese...

Poste bitte das Log dazu. Siehe hier: http://www.trojaner-board.de/125889-...en-posten.html

Zusätzlich:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.

wie poste ich den Logfile?Einfach kopieren?

[Spoiler]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-26 16:28:58
Running from E:\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 14.0.0.383)
Bonanza Deals (remove only) (Version: 5.0.1.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-165C (Version: 1.0.1.0)
CDBurnerXP (Version: 4.4.1.3184)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.46.1.0327)
DivX-Setup (Version: 1.0.0.450)
Dropbox (HKCU Version: 2.0.22)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foto-Mosaik-Edda Standard V5.8.0
Google Update Helper (Version: 1.3.23.0)
HitmanPro 3.7 (Version: 3.7.8.207)
iPhone Backup Extractor (HKCU Version: 4.6.6.0)
iTunes (Version: 11.0.0.163)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Kreuzworträtsel Freeware
MAGIX Music Maker MX Premium Download-Version (Einführungsvideos) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Version: 18.0.0.42)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mediscript-CD GK1
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Skype™ 6.9 (Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Text-To-Speech-Runtime (Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VirtualCloneDrive
VLC media player 2.0.3 (Version: 2.0.3)
Winamp (Version: 5.572 )
Winamp Anwendungserkennung (HKCU Version: 1.0.0.1)
WinRAR

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2C392EBA-5683-404D-A16D-1C846075EFE8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {549BE28E-3410-45CF-8EF5-499C41DD628D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5FF1AA53-F159-4149-B782-E887C0FFBC86} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {9B360EC4-303D-42CD-B166-348140940616} - System32\Tasks\DigitalSite => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: {C7D4C442-B4BB-44EF-9FDB-B72320D8C478} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D1AD3161-06D7-4F36-9D48-99C3B295D239} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {FDF8DD9B-3B6F-45AF-A96D-E072EA5E0190} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-10-15 20:27 - 2013-10-15 20:27 - 34604032 _____ () C:\Users\Vera\AppData\Roaming\Spotify\Data\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vera\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-11 16:24 - 2013-05-24 16:40 - 00740352 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-03-11 16:24 - 2013-05-24 17:58 - 00130048 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-06-30 23:33 - 2013-04-10 01:39 - 00970240 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2010-01-27 03:07 - 2012-02-15 15:23 - 08527008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 419175

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 419175

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 418161

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 418161

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 417162

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 417162

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 416164

System errors:
=============
Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/26/2013 03:36:47 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000030, 0x00000002, 0x00000000, 0x952f28a5)C:\Windows\MEMORY.DMP102613-43056-01

Error: (10/26/2013 03:36:14 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎10.‎2013 um 15:34:44 unerwartet heruntergefahren.

Error: (10/26/2013 03:25:23 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (10/26/2013 03:21:54 PM) (Source: atikmdag) (User: )
Description: Display is not active

Microsoft Office Sessions:
=========================
Error: (02/17/2012 10:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/17/2012 10:58:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1543 seconds with 480 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3036.61 MB
Available physical RAM: 1356.52 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3888.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:1.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:92.09 GB) (Free:26.5 GB) NTFS
Drive e: () (Fixed) (Total:143 GB) (Free:122.04 GB) NTFS
Drive k: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7407B56E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 956 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=956 MB) - (Type=06)

==================== End Of Log ============================[/Spoiler]

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01

Ran by Vera (administrator) on VERA-PC on 26-10-2013 16:25:01

Running from E:\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)

HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe

HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)

HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)

HKCU\...\Run: [Roof] - C:\Users\Vera\AppData\Local\Temp\Roof.vbs [60040 2013-09-29] () <===== ATTENTION

HKCU\...\Run: [Iexplorerprog1] - C:\Users\Vera\AppData\Local\Temp\Iexplorerprog1.vbs [60040 2013-09-29] () <===== ATTENTION

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)

MountPoints2: {25d2fadd-904d-11e0-b80c-00265e9f4dce} - M:\LaunchU3.exe -a

MountPoints2: {9a5967c7-70a5-11e0-a6ab-00265e9f4dce} - G:\setup_vmc_lite.exe /checkApplicationPresence

MountPoints2: {9a596853-70a5-11e0-a6ab-00265e9f4dce} - G:\setup_vmc_lite.exe /checkApplicationPresence

MountPoints2: {e7182a56-926a-11e0-9241-00265e9f4dce} - G:\LaunchU3.exe -a

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213

Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)

S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-02] (BonanzaDeals)

S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-02] (BonanzaDeals)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-25] (SurfRight B.V.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)

S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
 

==================== Drivers (Whitelisted) ====================
 

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-26] (Malwarebytes Corporation)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-05] (Duplex Secure Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-26 16:24 - 2013-10-26 16:24 - 00000000 ____D C:\FRST

2013-10-26 16:17 - 2013-10-26 16:18 - 00000176 _____ C:\Users\Vera\defogger_reenable

2013-10-26 15:36 - 2013-10-26 15:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 15:25 - 2013-10-26 16:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-10-26 15:22 - 2013-10-26 15:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 14:06 - 2013-10-26 14:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-26 10:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-25 17:42 - 2013-10-25 17:43 - 00000000 ____D C:\Program Files\HitmanPro

2013-10-25 14:52 - 2013-10-25 17:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 14:52 - 2013-10-25 16:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 14:52 - 2013-10-25 14:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 12:55 - 2013-10-25 12:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 20:25 - 2013-10-22 20:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 16:05 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 16:05 - 2013-10-21 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 16:05 - 2013-10-21 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 16:05 - 2013-10-21 16:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 16:05 - 2013-10-21 16:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 16:04 - 2013-10-21 16:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 10:38 - 2013-09-23 13:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi

2013-10-19 02:24 - 2013-10-19 02:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 02:15 - 2013-10-19 02:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 02:14 - 2013-10-19 02:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 01:34 - 2013-10-19 02:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 01:28 - 2013-10-19 01:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 14:02 - 2013-10-18 14:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 18:20 - 2013-10-17 18:23 - 00000000 ____D C:\Windows\rescache

2013-10-15 20:27 - 2013-10-25 20:13 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-15 20:27 - 2013-10-15 20:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 20:27 - 2013-10-15 20:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-15 20:25 - 2013-10-26 16:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-10 02:06 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 02:06 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 02:06 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 02:06 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 02:06 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 02:06 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 02:06 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 01:00 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 01:00 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 01:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 01:00 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-10-10 01:00 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 01:00 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 01:00 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 01:00 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 01:00 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 01:00 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 01:00 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 01:00 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 01:00 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 01:00 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 01:00 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 01:00 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 01:00 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 01:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 01:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 01:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 01:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 00:59 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-10 00:59 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-10 00:59 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-10 00:59 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-10 00:59 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-10 00:59 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-07 19:49 - 2013-10-07 19:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-02 01:14 - 2013-10-03 00:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 01:14 - 2013-10-03 00:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-02 00:15 - 2013-10-26 16:20 - 00000906 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

2013-10-02 00:15 - 2013-10-26 15:20 - 00000910 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job

2013-10-02 00:14 - 2013-10-03 08:14 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\DigitalSite

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\BonanzaDealsLive

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDealsLive

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDeals

2013-09-30 09:02 - 2013-09-30 09:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

==================== One Month Modified Files and Folders =======
 

2013-10-26 16:25 - 2013-10-26 15:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-10-26 16:25 - 2013-10-15 20:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-26 16:25 - 2010-03-01 20:43 - 01279772 _____ C:\Windows\WindowsUpdate.log

2013-10-26 16:24 - 2013-10-26 16:24 - 00000000 ____D C:\FRST

2013-10-26 16:21 - 2011-11-14 22:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox

2013-10-26 16:20 - 2013-10-02 00:15 - 00000906 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

2013-10-26 16:20 - 2011-11-14 22:44 - 00000000 ___RD C:\Users\Vera\Dropbox

2013-10-26 16:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-26 16:20 - 2009-07-14 06:39 - 00214134 _____ C:\Windows\setupact.log

2013-10-26 16:18 - 2013-10-26 16:17 - 00000176 _____ C:\Users\Vera\defogger_reenable

2013-10-26 16:17 - 2010-03-01 20:56 - 00000000 ____D C:\Users\Vera

2013-10-26 15:45 - 2009-07-14 06:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-26 15:45 - 2009-07-14 06:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-26 15:36 - 2013-10-26 15:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 15:36 - 2013-03-15 09:26 - 00000000 ____D C:\Windows\Minidump

2013-10-26 15:27 - 2010-03-01 22:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype

2013-10-26 15:22 - 2013-10-26 15:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 15:20 - 2013-10-02 00:15 - 00000910 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job

2013-10-26 14:06 - 2013-10-26 14:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 13:41 - 2012-01-09 20:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job

2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 20:13 - 2013-10-15 20:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-25 17:43 - 2013-10-25 17:42 - 00000000 ____D C:\Program Files\HitmanPro

2013-10-25 17:30 - 2013-10-25 14:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 16:58 - 2013-10-25 14:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 16:38 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-25 16:36 - 2013-03-09 20:40 - 00000000 ____D C:\Program Files\7-Zip

2013-10-25 16:36 - 2010-03-01 23:04 - 00096052 _____ C:\Windows\PFRO.log

2013-10-25 14:52 - 2013-10-25 14:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 12:55 - 2013-10-25 12:55 - 00000000 ____D C:\PPF_Scan1

2013-10-24 20:15 - 2012-01-09 20:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job

2013-10-22 20:27 - 2013-10-22 20:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 16:09 - 2010-04-02 12:52 - 00000000 ____D C:\Program Files\Microsoft Office

2013-10-21 16:05 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 16:04 - 2013-10-21 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 16:04 - 2013-10-21 16:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 16:04 - 2013-10-21 16:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 16:04 - 2013-10-21 16:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 16:04 - 2013-10-21 16:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 09:39 - 2009-07-14 06:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-19 02:24 - 2013-10-19 02:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 02:15 - 2013-10-19 02:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 02:14 - 2013-10-19 02:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 02:07 - 2013-10-19 01:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 01:29 - 2010-03-01 22:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-19 01:28 - 2013-10-19 01:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 16:36 - 2010-03-11 20:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc

2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 14:15 - 2013-10-18 14:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 18:23 - 2013-10-17 18:20 - 00000000 ____D C:\Windows\rescache

2013-10-17 17:39 - 2013-01-31 18:26 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-10-17 17:39 - 2012-02-15 15:23 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-10-17 10:22 - 2010-03-01 21:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-15 20:27 - 2013-10-15 20:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 20:27 - 2013-10-15 20:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-11 08:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-10 07:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-10-10 02:11 - 2013-08-15 00:13 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 02:09 - 2010-03-28 19:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 02:08 - 2012-05-23 21:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-07 19:49 - 2013-10-07 19:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-07 13:00 - 2013-08-15 12:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-07 13:00 - 2013-08-15 12:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-07 13:00 - 2013-08-15 12:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-07 13:00 - 2013-08-15 12:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-03 08:14 - 2013-10-02 00:14 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job

2013-10-03 00:16 - 2013-10-02 01:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-03 00:16 - 2013-10-02 01:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\DigitalSite

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\BonanzaDealsLive

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDealsLive

2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDeals

2013-10-02 00:14 - 2009-10-05 18:01 - 00001721 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-09-30 09:02 - 2013-09-30 09:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

Files to move or delete:

====================

C:\Users\Vera\AppData\Local\Temp\Roof.vbs

C:\Users\Vera\AppData\Local\Temp\Iexplorerprog1.vbs

C:\Users\Vera\Opera_1101_int_Setup.exe
 
 

Some content of TEMP:

====================

C:\Users\Vera\AppData\Local\Temp\20130514090632366jniverify.dll

C:\Users\Vera\AppData\Local\Temp\5d6843831c37d47abbbd4bebfcad6ef6.exe

C:\Users\Vera\AppData\Local\Temp\AskSLib.dll

C:\Users\Vera\AppData\Local\Temp\avgnt.exe

C:\Users\Vera\AppData\Local\Temp\contentDATs.exe

C:\Users\Vera\AppData\Local\Temp\FileSystemView.dll

C:\Users\Vera\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe

C:\Users\Vera\AppData\Local\Temp\iPodVoiceOverSetup.exe

C:\Users\Vera\AppData\Local\Temp\ose00000.exe

C:\Users\Vera\AppData\Local\Temp\ose00002.exe

C:\Users\Vera\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Vera\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Vera\AppData\Local\Temp\SpotifyUninstall.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-23 17:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01

Ran by Vera at 2013-10-26 16:28:58

Running from E:\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958)

Adobe Bridge 1.0 (Version: 001.000.001)

Adobe Common File Installer (Version: 1.00.001)

Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)

Adobe Flash Player 11 Plugin (Version: 11.1.102.55)

Adobe Help Center 1.0 (Version: 1.0.1)

Adobe Photoshop CS2 (Version: 9.0)

Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)

Adobe Stock Photos 1.0 (Version: 1.0.1)

Apple Application Support (Version: 2.3.2)

Apple Mobile Device Support (Version: 6.0.1.3)

Apple Software Update (Version: 2.1.3.127)

Avira Free Antivirus (Version: 14.0.0.383)

Bonanza Deals (remove only) (Version: 5.0.1.0)

Bonjour (Version: 3.0.0.10)

Brother MFL-Pro Suite DCP-165C (Version: 1.0.1.0)

CDBurnerXP (Version: 4.4.1.3184)

Cisco AnyConnect Secure Mobility Client  (Version: 3.1.00495)

Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)

Command & Conquer Generals (Version: 0.50.0000)

Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)

DAEMON Tools Lite (Version: 4.46.1.0327)

DivX-Setup (Version: 1.0.0.450)

Dropbox (HKCU Version: 2.0.22)

Facebook Video Calling 1.2.0.287 (Version: 1.2.287)

Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)

Foto-Mosaik-Edda Standard V5.8.0

Google Update Helper (Version: 1.3.23.0)

HitmanPro 3.7 (Version: 3.7.8.207)

iPhone Backup Extractor (HKCU Version: 4.6.6.0)

iTunes (Version: 11.0.0.163)

Java 7 Update 45 (Version: 7.0.450)

Java Auto Updater (Version: 2.1.9.8)

Kreuzworträtsel Freeware

MAGIX Music Maker MX Premium Download-Version (Einführungsvideos) (Version: 1.0.0.0)

MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) (Version: 1.0.0.0)

MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) (Version: 1.0.0.0)

MAGIX Music Maker MX Premium Download-Version (Version: 18.0.0.42)

MAGIX Screenshare (Version: 4.3.6.1987)

MAGIX Speed burnR (MSI) (Version: 7.0.2.6)

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)

McAfee Security Scan Plus (Version: 3.8.130.8)

Mediscript-CD GK1

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Rosetta Stone Version 3 (Version: 3.4.5.0)

Skype™ 6.9 (Version: 6.9.106)

Spotify (HKCU Version: 0.9.4.185.g7545a404)

SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0)

Synaptics Pointing Device Driver (Version: 13.2.4.12)

Text-To-Speech-Runtime (Version: 1.0.0.0)

Unity Web Player (HKCU Version: )

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Outlook 2007 Help (KB963677)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)

VirtualCloneDrive

VLC media player 2.0.3 (Version: 2.0.3)

Winamp (Version: 5.572 )

Winamp Anwendungserkennung (HKCU Version: 1.0.0.1)

WinRAR
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {2C392EBA-5683-404D-A16D-1C846075EFE8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)

Task: {549BE28E-3410-45CF-8EF5-499C41DD628D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)

Task: {5FF1AA53-F159-4149-B782-E887C0FFBC86} - System32\Tasks\BonanzaDealsUpdate => C:\Program

Task: {9B360EC4-303D-42CD-B166-348140940616} - System32\Tasks\DigitalSite => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE

Task: {C7D4C442-B4BB-44EF-9FDB-B72320D8C478} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {D1AD3161-06D7-4F36-9D48-99C3B295D239} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)

Task: {FDF8DD9B-3B6F-45AF-A96D-E072EA5E0190} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe

Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe

Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2013-10-15 20:27 - 2013-10-15 20:27 - 34604032 _____ () C:\Users\Vera\AppData\Roaming\Spotify\Data\libcef.dll

2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vera\AppData\Roaming\Dropbox\bin\libcef.dll

2011-03-11 16:24 - 2013-05-24 16:40 - 00740352 _____ () C:\Program Files\SRWare Iron\libglesv2.dll

2011-03-11 16:24 - 2013-05-24 17:58 - 00130048 _____ () C:\Program Files\SRWare Iron\libegl.dll

2013-06-30 23:33 - 2013-04-10 01:39 - 00970240 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll

2010-01-27 03:07 - 2012-02-15 15:23 - 08527008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 419175
 

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 419175
 

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 418161
 

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 418161
 

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 417162
 

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 417162
 

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (10/26/2013 02:03:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 416164
 
 

System errors:

=============

Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )

Description: Display is not active
 

Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )

Description: CPLIB :: General - Invalid Parameter
 

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )

Description: Display is not active
 

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )

Description: CPLIB :: General - Invalid Parameter
 

Error: (10/26/2013 03:36:47 PM) (Source: BugCheck) (User: )

Description: 0x000000d1 (0x00000030, 0x00000002, 0x00000000, 0x952f28a5)C:\Windows\MEMORY.DMP102613-43056-01
 

Error: (10/26/2013 03:36:14 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎26.‎10.‎2013 um 15:34:44 unerwartet heruntergefahren.
 

Error: (10/26/2013 03:25:23 PM) (Source: DCOM) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
 

Error: (10/26/2013 03:21:54 PM) (Source: atikmdag) (User: )

Description: Display is not active
 
 

Microsoft Office Sessions:

=========================

Error: (02/17/2012 10:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (02/17/2012 10:58:05 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1543 seconds with 480 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 55%

Total physical RAM: 3036.61 MB

Available physical RAM: 1356.52 MB

Total Pagefile: 6069.46 MB

Available Pagefile: 3888.65 MB

Total Virtual: 2047.88 MB

Available Virtual: 1885.71 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:50 GB) (Free:1.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:92.09 GB) (Free:26.5 GB) NTFS

Drive e: () (Fixed) (Total:143 GB) (Free:122.04 GB) NTFS

Drive k: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7407B56E)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 956 MB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=956 MB) - (Type=06)
 

==================== End Of Log ============================

die Ergebnisse von Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.10.26.04
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16721

Vera :: VERA-PC [Administrator]
 

Schutz: Aktiviert
 

26.10.2013 10:40:49

mbam-log-2013-10-26 (10-40-49).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|K:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 421565

Laufzeit: 3 Stunde(n), 13 Minute(n), 49 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 74

HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealslive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BONANZADEALSLIVE.EXE (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3COMClassService (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3WebSvc (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.ProcessLauncher (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3WebMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLive.OneClickCtrl.9 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLive.OneClickProcessLauncherMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{6802463D-636F-41FE-9924-4CAD56906590} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CoreMachineClass.1 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CoreMachineClass (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CoreClass.1 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CoreClass (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLive.Update3WebControl.3 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CoCreateAsync (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.CredentialDialogMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\BonanzaDealsLiveUpdate.Update3WebMachineFallback (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0041858.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0041858.BHO.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0041858.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.

HKCR\CrossriderApp0041858.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.

HKCR\AppID\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealslivem (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 3

HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0B2O1B1F1H2Y0G -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 19

C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\Download (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\Install (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\Offline (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\Offline\{DD3AB20C-15B1-486E-B8F9-A7DDBBC759CF} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
 

Infizierte Dateien: 95

C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Temp\eIntaller\9104687149004e359984111BE6629508\eXQ.exe (PUP.Optional.Wilsys.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Temp\is1590112554\33237332_stp.EXE (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Temp\is1590112554\33237285_stp\cor_ar_201392319852_qvo6.exe (PUP.Optional.Elex) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Temp\is1590112554\33237425_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Windows\Temp\41858_updater.exe (PUP.Optional.Lyrics.A) -> Keine Aktion durchgeführt.

E:\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\BonanzaDeals.crx (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\BonanzaDeals.xpi (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\BonanzaDealsIE64.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\BonanzaDealsUpdate.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\BonanzaDealsUpdateRun.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\icon.ico (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDeals\uninst.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals Help.url (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals.url (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Uninstall Bonanza Deals.lnk (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\background.js (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\manifest.json (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon128.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon16.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon48.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHelper.msi (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
 

(Ende)

Code:

2013/10/26 10:36:31 +0200        VERA-PC        Vera        MESSAGE        Starting protection

2013/10/26 10:36:31 +0200        VERA-PC        Vera        MESSAGE        Protection started successfully

2013/10/26 10:36:31 +0200        VERA-PC        Vera        MESSAGE        Starting IP protection

2013/10/26 10:37:01 +0200        VERA-PC        Vera        MESSAGE        IP Protection started successfully

2013/10/26 10:37:26 +0200        VERA-PC        Vera        MESSAGE        Starting database refresh

2013/10/26 10:37:26 +0200        VERA-PC        Vera        MESSAGE        Stopping IP protection

2013/10/26 10:37:34 +0200        VERA-PC        Vera        MESSAGE        IP Protection stopped successfully

2013/10/26 10:37:38 +0200        VERA-PC        Vera        MESSAGE        Database refreshed successfully

2013/10/26 10:37:38 +0200        VERA-PC        Vera        MESSAGE        Starting IP protection

2013/10/26 10:37:42 +0200        VERA-PC        Vera        MESSAGE        IP Protection started successfully

2013/10/26 11:48:30 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50531, Process: iron.exe)

2013/10/26 11:48:30 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50537, Process: iron.exe)

2013/10/26 11:48:54 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50540, Process: iron.exe)

2013/10/26 11:48:54 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50546, Process: iron.exe)

2013/10/26 11:49:03 +0200        VERA-PC        Vera        IP-BLOCK        37.221.167.121 (Type: outgoing, Port: 50573, Process: iron.exe)

2013/10/26 11:49:03 +0200        VERA-PC        Vera        IP-BLOCK        37.221.167.121 (Type: outgoing, Port: 50575, Process: iron.exe)

2013/10/26 11:49:11 +0200        VERA-PC        Vera        IP-BLOCK        37.221.167.121 (Type: outgoing, Port: 50576, Process: iron.exe)

2013/10/26 11:51:52 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50689, Process: iron.exe)

2013/10/26 11:51:52 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50694, Process: iron.exe)

2013/10/26 11:52:01 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50699, Process: iron.exe)

2013/10/26 11:52:01 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50703, Process: iron.exe)

2013/10/26 11:52:09 +0200        VERA-PC        Vera        IP-BLOCK        37.221.167.126 (Type: outgoing, Port: 50714, Process: iron.exe)

2013/10/26 11:52:09 +0200        VERA-PC        Vera        IP-BLOCK        37.221.167.126 (Type: outgoing, Port: 50715, Process: iron.exe)

2013/10/26 11:52:09 +0200        VERA-PC        Vera        IP-BLOCK        37.221.161.131 (Type: outgoing, Port: 50720, Process: iron.exe)

2013/10/26 11:52:09 +0200        VERA-PC        Vera        IP-BLOCK        37.221.161.131 (Type: outgoing, Port: 50721, Process: iron.exe)

2013/10/26 11:52:17 +0200        VERA-PC        Vera        IP-BLOCK        37.221.161.131 (Type: outgoing, Port: 50739, Process: iron.exe)

2013/10/26 11:52:17 +0200        VERA-PC        Vera        IP-BLOCK        37.221.161.131 (Type: outgoing, Port: 50740, Process: iron.exe)

2013/10/26 11:53:06 +0200        VERA-PC        Vera        IP-BLOCK        78.140.143.6 (Type: outgoing, Port: 50775, Process: iron.exe)

2013/10/26 12:43:19 +0200        VERA-PC        Vera        MESSAGE        Executing scheduled update:  Daily

2013/10/26 12:43:23 +0200        VERA-PC        Vera        MESSAGE        Database already up-to-date

2013/10/26 15:22:51 +0200        VERA-PC        Vera        MESSAGE        Starting protection

2013/10/26 15:22:51 +0200        VERA-PC        Vera        MESSAGE        Protection started successfully

2013/10/26 15:22:51 +0200        VERA-PC        Vera        MESSAGE        Starting IP protection

2013/10/26 15:22:57 +0200        VERA-PC        Vera        MESSAGE        IP Protection started successfully

2013/10/26 15:37:02 +0200        VERA-PC        Vera        MESSAGE        Starting protection

2013/10/26 15:37:02 +0200        VERA-PC        Vera        MESSAGE        Protection started successfully

2013/10/26 15:37:02 +0200        VERA-PC        Vera        MESSAGE        Starting IP protection

2013/10/26 15:37:06 +0200        VERA-PC        Vera        MESSAGE        IP Protection started successfully

2013/10/26 16:20:29 +0200        VERA-PC        Vera        MESSAGE        Starting protection

2013/10/26 16:20:29 +0200        VERA-PC        Vera        MESSAGE        Protection started successfully

2013/10/26 16:20:29 +0200        VERA-PC        Vera        MESSAGE        Starting IP protection

2013/10/26 16:20:36 +0200        VERA-PC        Vera        MESSAGE        IP Protection started successfully

Hallo,

ja da läuft unschöne Malware.

Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von FRST

Code:

ComboFix 13-10-26.01 - Vera 27.10.2013  19:43:25.2.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1885 [GMT 1:00]

ausgeführt von:: c:\users\Vera\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Vorheriger Suchlauf -------

.

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_vpnagent

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-09-27 bis 2013-10-27  ))))))))))))))))))))))))))))))

.

.

2013-10-26 18:17 . 2013-10-27 18:32        --------        d-----w-        C:\AdwCleaner

2013-10-26 14:24 . 2013-10-26 14:24        --------        d-----w-        C:\FRST

2013-10-26 08:35 . 2013-10-26 08:35        --------        d-----w-        c:\users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 08:35 . 2013-10-26 08:35        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2013-10-26 08:35 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-10-25 15:42 . 2013-10-25 15:50        --------        d-----w-        c:\programdata\HitmanPro

2013-10-25 12:53 . 2013-10-25 12:53        --------        d-----w-        c:\programdata\Malwarebytes

2013-10-25 12:53 . 2013-10-25 15:30        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-25 12:52 . 2013-10-25 14:58        75992        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2013-10-25 10:55 . 2013-10-25 10:55        --------        d-----w-        C:\PPF_Scan1

2013-10-21 14:09 . 2013-10-21 14:09        --------        d-----w-        c:\program files\Microsoft

2013-10-21 14:05 . 2013-10-21 14:05        --------        d-----w-        c:\program files\Common Files\Java

2013-10-21 14:05 . 2013-10-21 14:04        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2013-10-21 14:04 . 2013-10-21 14:04        --------        d-----w-        c:\program files\Java

2013-10-18 23:28 . 2013-10-18 23:28        --------        d-----w-        c:\users\Vera\AppData\Roaming\Reincubate

2013-10-17 16:20 . 2013-10-17 16:23        --------        d-----w-        c:\windows\rescache

2013-10-15 18:27 . 2013-10-27 10:06        --------        d-----w-        c:\users\Vera\AppData\Local\Spotify

2013-10-15 18:25 . 2013-10-27 18:35        --------        d-----w-        c:\users\Vera\AppData\Roaming\Spotify

2013-10-09 23:00 . 2013-07-04 11:50        530432        ----a-w-        c:\windows\system32\comctl32.dll

2013-10-09 22:59 . 2013-07-12 10:08        146816        ----a-w-        c:\windows\system32\drivers\usbvideo.sys

2013-10-09 22:59 . 2013-07-12 10:07        86016        ----a-w-        c:\windows\system32\drivers\usbcir.sys

2013-10-09 22:59 . 2013-07-04 11:57        205824        ----a-w-        c:\windows\system32\WebClnt.dll

2013-10-09 22:59 . 2013-07-04 11:51        81920        ----a-w-        c:\windows\system32\davclnt.dll

2013-10-09 22:59 . 2013-07-04 09:48        115712        ----a-w-        c:\windows\system32\drivers\mrxdav.sys

2013-10-09 22:59 . 2013-06-25 22:56        527064        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2013-10-07 17:49 . 2013-10-07 17:49        --------        d-----w-        c:\program files\Common Files\Skype

2013-10-01 22:14 . 2013-10-01 22:14        --------        d-----w-        c:\users\Vera\AppData\Local\Google

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-27 18:55 . 2013-10-26 18:24        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A2EB6B0-7CB4-41A2-ABB5-459C40083D70}\offreg.dll

2013-10-14 06:39 . 2013-10-25 07:32        7796464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A2EB6B0-7CB4-41A2-ABB5-459C40083D70}\mpengine.dll

2013-10-07 11:00 . 2013-08-15 10:36        67680        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2013-10-07 11:00 . 2013-08-15 10:24        89376        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-10-07 11:00 . 2013-08-15 10:24        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-10-07 11:00 . 2013-08-15 10:24        137208        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-09-03 12:35 . 2010-03-05 10:10        238872        ------w-        c:\windows\system32\MpSigStub.exe

2013-08-05 01:56 . 2013-09-11 22:44        133056        ----a-w-        c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50 . 2013-09-11 22:44        169984        ----a-w-        c:\windows\system32\winsrv.dll

2013-08-02 01:49 . 2013-09-11 22:44        293376        ----a-w-        c:\windows\system32\KernelBase.dll

2013-08-02 01:48 . 2013-09-11 22:44        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 00:52 . 2013-09-11 22:44        271360        ----a-w-        c:\windows\system32\conhost.exe

2013-08-02 00:43 . 2013-09-11 22:44        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-11 22:44        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-11 22:44        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-11 22:44        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36        130736        ----a-w-        c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cxlacuxatx.exe"="c:\cxlacuxatx.exe\cxlacuxatx.exe" [BU]

"Facebook Update"="c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Spotify"="c:\users\Vera\AppData\Roaming\Spotify\Spotify.exe" [2013-10-15 4752384]

"Spotify Web Helper"="c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-15 1140736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-07 681032]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

Iexplorerprog1.vbs [2013-9-29 60040]

Roof.vbs [2013-9-29 60040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Vera^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-18 14:28        946352        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2009-05-26 14:46        1159168        ------w-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2008-12-24 08:26        114688        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-11-06 10:46        3673728        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32        1135912        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

c:\program files\ICQ7.0\ICQ.exe [BU]

.

R2 SkypeUpdate;Skype Updater;c:\windows.old\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-08-03 87976]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-02 1343400]

R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-10-07 1164360]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-07 440392]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

.

Inhalt des "geplante Tasks" Ordners

.

2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job

- c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 17:36]

.

2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job

- c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 17:36]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 62.81.16.148 62.81.16.213

TCP: Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: NameServer = 129.143.2.1,129.143.2.4

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Kreuzworträtsel Freeware - c:\windows\unin0407.exe

AddRemove-{BF962E1B-D17A-4713-A100-6531A132D83D}_is1 - c:\program files\Foto-Mosaik-Edda\unins000.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5920)

c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\windows\system32\sppsvc.exe

c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-10-27  20:04:38 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-10-27 19:04

.

Vor Suchlauf: 2.884.231.168 Bytes frei

Nach Suchlauf: 2.736.218.112 Bytes frei

.

- - End Of File - - 4D6D6ACACE0370FC1D9251839A76F171

A36C5E4F47E84449FF07ED3517B43A31

Code:

# AdwCleaner v3.010 - Bericht erstellt am 27/10/2013 um 19:32:58

# Updated 20/10/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzername : Vera - VERA-PC

# Gestartet von : E:\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16720
 
 

*************************
 

AdwCleaner[R0].txt - [4486 octets] - [26/10/2013 19:17:30]

AdwCleaner[R1].txt - [3754 octets] - [26/10/2013 19:51:22]

AdwCleaner[R2].txt - [833 octets] - [26/10/2013 19:55:51]

AdwCleaner[R3].txt - [892 octets] - [27/10/2013 19:32:13]

AdwCleaner[S0].txt - [3429 octets] - [26/10/2013 19:52:08]

AdwCleaner[S1].txt - [814 octets] - [27/10/2013 19:32:58]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 octets] ##########

Code:

# AdwCleaner v3.010 - Bericht erstellt am 26/10/2013 um 20:52:08

# Updated 20/10/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzername : Vera - VERA-PC

# Gestartet von : E:\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive

Ordner Gelöscht : C:\Program Files\BonanzaDeals

Ordner Gelöscht : C:\Program Files\BonanzaDealsLive

Ordner Gelöscht : C:\Users\Vera\AppData\Local\BonanzaDealsLive

Ordner Gelöscht : C:\Users\Vera\AppData\Roaming\digitalsite

Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 

***** [ Registrierungsdatenbank ] *****
 

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\digitalsite

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B360EC4-303D-42CD-B166-348140940616}

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B360EC4-303D-42CD-B166-348140940616}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.BHO

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.BHO.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.Sandbox

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.Sandbox.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455185558}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186658}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444184458}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKCU\Software\dsiteproducts

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms

Schlüssel Gelöscht : HKLM\Software\qvo6Software
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16720
 
 

*************************
 

AdwCleaner[R0].txt - [4486 octets] - [26/10/2013 20:17:30]

AdwCleaner[R1].txt - [3754 octets] - [26/10/2013 20:51:22]

AdwCleaner[S0].txt - [3289 octets] - [26/10/2013 20:52:08]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3349 octets] ##########

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013

Ran by Vera (administrator) on VERA-PC on 27-10-2013 20:21:50

Running from C:\Users\Vera\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(SRWare) C:\Program Files\SRWare Iron\iron.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)

HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe

HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)

HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-15] (Spotify Ltd)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213

Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
 

==================== Drivers (Whitelisted) ====================
 

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe

2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt

2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix

2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp

2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox

2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt

2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe

2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner

2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp

2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST

2013-10-26 15:17 - 2013-10-26 15:18 - 00000176 _____ C:\Users\Vera\defogger_reenable

2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-25 13:52 - 2013-10-25 16:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi

2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache

2013-10-15 19:27 - 2013-10-27 11:06 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-15 19:25 - 2013-10-27 20:08 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

==================== One Month Modified Files and Folders =======
 

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe

2013-10-27 20:08 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-27 20:05 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-27 20:05 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt

2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix

2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox

2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2013-10-27 20:02 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-27 20:00 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox

2013-10-27 19:59 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox

2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2013-10-27 19:56 - 2010-03-01 22:04 - 00097744 _____ C:\Windows\PFRO.log

2013-10-27 19:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-27 19:56 - 2009-07-14 05:39 - 00214694 _____ C:\Windows\setupact.log

2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt

2013-10-27 19:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job

2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job

2013-10-27 19:39 - 2010-03-01 19:43 - 01353725 _____ C:\Windows\WindowsUpdate.log

2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner

2013-10-27 11:06 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp

2013-10-26 19:47 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump

2013-10-26 19:35 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera

2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe

2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp

2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST

2013-10-26 15:18 - 2013-10-26 15:17 - 00000176 _____ C:\Users\Vera\defogger_reenable

2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 14:27 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype

2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 16:30 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office

2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc

2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache

2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-10 06:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

Files to move or delete:

====================

C:\Users\Vera\Opera_1101_int_Setup.exe
 
 

Some content of TEMP:

====================

C:\Users\Vera\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-23 16:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hey,

also ich habe alle Scans durchgeführt und alles hat soweit funktioniert. Es gibt zwei AdwCleaner Dateien, da ich erst noch nicht alle Programme geschlossen hatte. Hoffe ich habe alles richtig gemacht. Während ich das erste Mal CombaFix durchgeführt habe, ist mein Computer wieder abgestürzt ("blauer Bildschirm"), das zweite Mal hat es dann aber funktionert.
Ich habe während aller Scans meinen USB-Stick stecken gelassen, da ich vermute, dass dieser auch infiziert ist. Ist das richtig oder sollte ich den lieber entfernen?

Vielen Dank schon mal bisher, Vera

Hallo Vera,

du hast es richtig gemacht.
Aber noch ist nicht alle Malware erwischt worden.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe

C:\cxlacuxatx.exe

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte den Rechner neu auf und mach danach einen FRST-Scan:

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Guten Morgen,

hierFix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-28 09:38:41 Run:1
Running from E:\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
C:\cxlacuxatx.exe
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe => Value deleted successfully.
"C:\cxlacuxatx.exe" => File/Directory not found.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs => Moved successfully.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs => Moved successfully.

==== End of Fixlog ==== das erste Dokument...

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01

Ran by Vera at 2013-10-28 09:38:41 Run:1

Running from E:\Downloads

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe

C:\cxlacuxatx.exe

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()

*****************
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe => Value deleted successfully.

"C:\cxlacuxatx.exe" => File/Directory not found.

C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs => Moved successfully.

C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs => Moved successfully.
 

==== End of Fixlog ====

[C
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01

Ran by Vera (administrator) on VERA-PC on 28-10-2013 09:44:13

Running from E:\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)

HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)

HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213

Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
 

FireFox:

========

FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\4ym0zwfx.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Vera\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vera\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
 

==================== Drivers (Whitelisted) ====================
 

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp

2013-10-27 20:59 - 2013-10-27 20:59 - 00017772 _____ C:\Users\Vera\Desktop\Opera 12 Notes.html

2013-10-27 20:59 - 2013-10-27 20:59 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software

2013-10-27 20:57 - 2013-10-27 20:58 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe

2013-10-27 20:44 - 2013-10-27 23:38 - 316550734 _____ C:\Windows\MEMORY.DMP

2013-10-27 20:44 - 2013-10-27 20:45 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla

2013-10-27 20:23 - 2013-10-27 20:23 - 00028226 _____ C:\Users\Vera\Downloads\FRST.txt

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe

2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt

2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix

2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp

2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox

2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt

2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe

2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner

2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp

2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST

2013-10-26 15:17 - 2013-10-26 15:18 - 00000176 _____ C:\Users\Vera\defogger_reenable

2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-25 13:52 - 2013-10-25 16:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi

2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache

2013-10-15 19:27 - 2013-10-27 11:06 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-15 19:25 - 2013-10-28 09:45 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

==================== One Month Modified Files and Folders =======
 

2013-10-28 09:46 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox

2013-10-28 09:45 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-28 09:42 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox

2013-10-28 09:41 - 2010-03-01 19:43 - 01391039 _____ C:\Windows\WindowsUpdate.log

2013-10-28 09:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-28 09:41 - 2009-07-14 05:39 - 00215030 _____ C:\Windows\setupact.log

2013-10-28 09:36 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-28 09:36 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-28 08:12 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp

2013-10-27 23:38 - 2013-10-27 20:44 - 316550734 _____ C:\Windows\MEMORY.DMP

2013-10-27 23:38 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump

2013-10-27 22:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job

2013-10-27 20:59 - 2013-10-27 20:59 - 00017772 _____ C:\Users\Vera\Desktop\Opera 12 Notes.html

2013-10-27 20:59 - 2013-10-27 20:59 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software

2013-10-27 20:59 - 2010-03-01 22:22 - 00000000 ____D C:\Program Files\Opera

2013-10-27 20:58 - 2013-10-27 20:57 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe

2013-10-27 20:45 - 2013-10-27 20:44 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp

2013-10-27 20:44 - 2010-03-01 22:04 - 00098078 _____ C:\Windows\PFRO.log

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla

2013-10-27 20:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-27 20:23 - 2013-10-27 20:23 - 00028226 _____ C:\Users\Vera\Downloads\FRST.txt

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe

2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt

2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix

2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox

2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt

2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job

2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner

2013-10-27 11:06 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp

2013-10-26 19:35 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera

2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe

2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp

2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST

2013-10-26 15:18 - 2013-10-26 15:17 - 00000176 _____ C:\Users\Vera\defogger_reenable

2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 14:27 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype

2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 16:30 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office

2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc

2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache

2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-10 06:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

Files to move or delete:

====================

C:\Users\Vera\Opera_1101_int_Setup.exe
 
 

Some content of TEMP:

====================

C:\Users\Vera\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-23 16:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---
ODE][/CODE]

Nach den ganzen Scans gestern ist auch noch zwei Mal dieser blaue Kasten erschienen. Also scheint mein PC wirklich noch nicht sauber zu sein. Außerdem spinnt mein Browser immer wieder, denn es kommt immer wieder die Meldung:
Kein Zugriff auf das Netzwerk
Die Verbindung zu 3c.gmx.net wurde durch eine Änderungen in der Netzwerkverbindung unterbrochen.

Hängt das auch mit dem Virus zusammen?

Zitat:

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

Hast du MBAR (Malwarebytes_Anti-Rootkit) nur heruntergeladen oder auch scannen lassen?

auch scannen lassen...habe ich in meinem zweiten Post geschickt.

Zitat:

habe ich in meinem zweiten Post geschickt.

Dort seh ich eben nur das Log von Malwarebytes_Anti-Malware (MBAM). Das ist nicht ganz das Gleiche wie Malwarebytes_Anti-Rootkit (MBAR).
Hast du das MBAR-Log auch noch? (Vielleicht im Ordner C:\Users\Vera\Desktop\mbar)

Code:

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org
 

Database version: v2013.10.02.12
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16721

Vera :: VERA-PC [administrator]
 

25.10.2013 14:53:41

mbar-log-2013-10-25 (14-53-41).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.

Objects scanned: 208505

Time elapsed: 1 hour(s), 4 minute(s), 52 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 4

HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.

HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.

HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.

HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
 

Folders Detected: 1

C:\cxlacuxatx.exe (Trojan.SpyEyes.Gen) -> Delete on reboot.
 

Files Detected: 1

C:\cxlacuxatx.exe\config.bin (Trojan.SpyEyes.Gen) -> Delete on reboot.
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

Code:

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org
 

Database version: v2013.10.02.12
 

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)

Internet Explorer 10.0.9200.16721

Vera :: VERA-PC [administrator]
 

25.10.2013 16:58:39

mbar-log-2013-10-25 (16-58-39).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 203419

Time elapsed: 26 minute(s), 10 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

ok.

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

[CODE][/---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3184119808, free: 798097408

Initializing...
======================
------------ Kernel report ------------
10/25/2013 14:53:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ast03e87.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Program Files\DAEMON Tools Lite\Engine.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff85ea5ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff85e792e8
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff85ea5ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff85e792e8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86490798
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff863a8908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86490798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864903d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86490798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863a8908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffbdbf94a8, 0xffffffff86490798, 0xffffffff87996ac8
Lower DeviceData: 0xffffffff88139de8, 0xffffffff863a8908, 0xffffffff861b6128
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7407B56E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 104857600
Partition is not bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 132122624 Numsec = 193120256

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 325242880 Numsec = 299896832

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff85ea5ac8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861e1580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85ea5ac8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e792e8, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffff96f9ce60, 0xffffffff85ea5ac8, 0xffffffff860b4818
Lower DeviceData: 0xffffffff88094b40, 0xffffffff85e792e8, 0xffffffff85934370
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 1957856

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1002438656 bytes
Sector size: 512 bytes

Done!
Infected: C:\cxlacuxatx.exe --> [Trojan.SpyEyes.Gen]
Infected: C:\cxlacuxatx.exe\config.bin --> [Trojan.SpyEyes.Gen]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL --> [Hijack.StartPage]
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL --> [Hijack.StartPage]
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_27265024_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3184119808, free: 1979482112

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3184119808, free: 2322128896

Initializing...
======================
------------ Kernel report ------------
10/25/2013 16:58:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8604b318
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff86053030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85868090
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85701908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85868090, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85869cc8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85868090, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85701908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7407B56E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 104857600
Partition is not bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 132122624 Numsec = 193120256

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 325242880 Numsec = 299896832

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8604b318, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8604a568, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8604b318, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86053030, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 1957856

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1002438656 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_27265024_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
CODE]

Sorry für den langen Post...mein PC ist gerade wieder zwei Mal abgestürzt, das zweite Mal ging nichts mehr...
ok, werde mir das herunterladen.

Code:

10:51:10.0789 0x19d4  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38

10:51:24.0470 0x19d4  ============================================================

10:51:24.0470 0x19d4  Current date / time: 2013/10/28 10:51:24.0470

10:51:24.0470 0x19d4  SystemInfo:

10:51:24.0470 0x19d4  

10:51:24.0470 0x19d4  OS Version: 6.1.7601 ServicePack: 1.0

10:51:24.0470 0x19d4  Product type: Workstation

10:51:24.0470 0x19d4  ComputerName: VERA-PC

10:51:24.0470 0x19d4  UserName: Vera

10:51:24.0470 0x19d4  Windows directory: C:\Windows

10:51:24.0470 0x19d4  System windows directory: C:\Windows

10:51:24.0470 0x19d4  Processor architecture: Intel x86

10:51:24.0470 0x19d4  Number of processors: 2

10:51:24.0470 0x19d4  Page size: 0x1000

10:51:24.0470 0x19d4  Boot type: Normal boot

10:51:24.0470 0x19d4  ============================================================

10:51:30.0523 0x19d4  System UUID: {CF24AD63-2F1F-2C1A-7EED-0CF0D376C1BD}

10:51:31.0662 0x19d4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:51:31.0678 0x19d4  Drive \Device\Harddisk1\DR1 - Size: 0x3BC00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:51:31.0678 0x19d4  ============================================================

10:51:31.0678 0x19d4  \Device\Harddisk0\DR0:

10:51:31.0678 0x19d4  MBR partitions:

10:51:31.0678 0x19d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x6400000

10:51:31.0678 0x19d4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7E00800, BlocksNum 0xB82C800

10:51:31.0678 0x19d4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000

10:51:31.0678 0x19d4  \Device\Harddisk1\DR1:

10:51:31.0678 0x19d4  MBR partitions:

10:51:31.0678 0x19d4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DDFE0

10:51:31.0678 0x19d4  ============================================================

10:51:31.0709 0x19d4  C: <-> \Device\Harddisk0\DR0\Partition1

10:51:31.0740 0x19d4  D: <-> \Device\Harddisk0\DR0\Partition2

10:51:31.0771 0x19d4  E: <-> \Device\Harddisk0\DR0\Partition3

10:51:31.0771 0x19d4  ============================================================

10:51:31.0771 0x19d4  Initialize success

10:51:31.0771 0x19d4  ============================================================

10:52:24.0963 0x18a4  ============================================================

10:52:24.0963 0x18a4  Scan started

10:52:24.0963 0x18a4  Mode: Manual; SigCheck; TDLFS; 

10:52:24.0963 0x18a4  ============================================================

10:52:24.0963 0x18a4  KSN ping started

10:52:28.0582 0x18a4  KSN ping finished: true

10:52:30.0220 0x18a4  ================ Scan system memory ========================

10:52:30.0220 0x18a4  System memory - ok

10:52:30.0220 0x18a4  ================ Scan services =============================

10:52:30.0407 0x18a4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

10:52:30.0563 0x18a4  1394ohci - ok

10:52:30.0610 0x18a4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys

10:52:30.0641 0x18a4  ACPI - ok

10:52:30.0672 0x18a4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

10:52:30.0766 0x18a4  AcpiPmi - ok

10:52:30.0813 0x18a4  [ 45D8E2A2D8B9F33C32A7ADB6900C6E04, 45E4866FCA09C9C5B9C740ED99990F02E5838BE496A3EDDB66C60016BC6821E3 ] acsock          C:\Windows\system32\DRIVERS\acsock.sys

10:52:30.0860 0x18a4  acsock - ok

10:52:30.0953 0x18a4  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

10:52:31.0016 0x18a4  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )

10:52:34.0338 0x18a4  Detect skipped due to KSN trusted

10:52:34.0338 0x18a4  Adobe LM Service - ok

10:52:34.0510 0x18a4  [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

10:52:34.0541 0x18a4  AdobeARMservice - ok

10:52:34.0604 0x18a4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

10:52:34.0666 0x18a4  adp94xx - ok

10:52:34.0697 0x18a4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

10:52:34.0744 0x18a4  adpahci - ok

10:52:34.0775 0x18a4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

10:52:34.0806 0x18a4  adpu320 - ok

10:52:34.0853 0x18a4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

10:52:34.0916 0x18a4  AeLookupSvc - ok

10:52:34.0978 0x18a4  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys

10:52:35.0072 0x18a4  AFD - ok

10:52:35.0103 0x18a4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys

10:52:35.0134 0x18a4  agp440 - ok

10:52:35.0165 0x18a4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

10:52:35.0212 0x18a4  aic78xx - ok

10:52:35.0259 0x18a4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe

10:52:35.0384 0x18a4  ALG - ok

10:52:35.0415 0x18a4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys

10:52:35.0446 0x18a4  aliide - ok

10:52:35.0508 0x18a4  [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

10:52:35.0586 0x18a4  AMD External Events Utility - ok

10:52:35.0618 0x18a4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

10:52:35.0649 0x18a4  amdagp - ok

10:52:35.0696 0x18a4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys

10:52:35.0727 0x18a4  amdide - ok

10:52:35.0774 0x18a4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

10:52:35.0836 0x18a4  AmdK8 - ok

10:52:35.0852 0x18a4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

10:52:35.0914 0x18a4  AmdPPM - ok

10:52:35.0961 0x18a4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

10:52:35.0992 0x18a4  amdsata - ok

10:52:36.0023 0x18a4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

10:52:36.0070 0x18a4  amdsbs - ok

10:52:36.0101 0x18a4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

10:52:36.0132 0x18a4  amdxata - ok

10:52:36.0257 0x18a4  [ 3478F48B23A0D9F6EADD4A2405BA70EF, 421BDDCEFEF491915EF8D9BFB756A56778437D98B136758A15AE5A0672738C9D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

10:52:36.0304 0x18a4  AntiVirSchedulerService - ok

10:52:36.0398 0x18a4  [ AFFE7C21A4FCA1963371F10066911D3A, DC7A94A784C9389792F3C9A1F435CD9B2D5F74AC9E56F35831B65820FA6A0EDE ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

10:52:36.0429 0x18a4  AntiVirService - ok

10:52:36.0538 0x18a4  [ 48543D304F54C8997462208555662BA4, ADA3B62E6D1513FF24D044B03EFCBBD4268DB32C213F575D8AD3867D3F82B340 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

10:52:36.0600 0x18a4  AntiVirWebService - ok

10:52:36.0756 0x18a4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys

10:52:37.0146 0x18a4  AppID - ok

10:52:37.0178 0x18a4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll

10:52:37.0271 0x18a4  AppIDSvc - ok

10:52:37.0302 0x18a4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll

10:52:37.0365 0x18a4  Appinfo - ok

10:52:37.0458 0x18a4  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:52:37.0490 0x18a4  Apple Mobile Device - ok

10:52:37.0568 0x18a4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys

10:52:37.0599 0x18a4  arc - ok

10:52:37.0614 0x18a4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

10:52:37.0661 0x18a4  arcsas - ok

10:52:37.0692 0x18a4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

10:52:37.0817 0x18a4  AsyncMac - ok

10:52:37.0848 0x18a4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys

10:52:37.0880 0x18a4  atapi - ok

10:52:37.0973 0x18a4  [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr            C:\Windows\system32\DRIVERS\athr.sys

10:52:38.0129 0x18a4  athr - ok

10:52:38.0441 0x18a4  [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys

10:52:38.0894 0x18a4  atikmdag - ok

10:52:38.0972 0x18a4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:52:39.0050 0x18a4  AudioEndpointBuilder - ok

10:52:39.0065 0x18a4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll

10:52:39.0143 0x18a4  Audiosrv - ok

10:52:39.0206 0x18a4  [ 683A089D14B60CD58E06ECE079065235, AD6B637FF32C3249D17D0029E55ED1EA8D1B878C99066AF76D452408B009D311 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

10:52:39.0252 0x18a4  avgntflt - ok

10:52:39.0330 0x18a4  [ D62D0CFABA19B111067613101D43FA7E, 0A0B7886AA48A9E6716CADB52CE02EE1EF40002636EBF04AC02E0AF3FBC22970 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

10:52:39.0362 0x18a4  avipbb - ok

10:52:39.0377 0x18a4  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

10:52:39.0408 0x18a4  avkmgr - ok

10:52:39.0455 0x18a4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll

10:52:39.0533 0x18a4  AxInstSV - ok

10:52:39.0611 0x18a4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

10:52:39.0720 0x18a4  b06bdrv - ok

10:52:39.0783 0x18a4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

10:52:39.0830 0x18a4  b57nd60x - ok

10:52:39.0892 0x18a4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll

10:52:39.0954 0x18a4  BDESVC - ok

10:52:39.0970 0x18a4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys

10:52:40.0032 0x18a4  Beep - ok

10:52:40.0110 0x18a4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll

10:52:40.0204 0x18a4  BFE - ok

10:52:40.0266 0x18a4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll

10:52:40.0344 0x18a4  BITS - ok

10:52:40.0454 0x18a4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

10:52:40.0500 0x18a4  blbdrive - ok

10:52:40.0625 0x18a4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

10:52:40.0672 0x18a4  Bonjour Service - ok

10:52:40.0719 0x18a4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

10:52:40.0797 0x18a4  bowser - ok

10:52:40.0844 0x18a4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:52:40.0906 0x18a4  BrFiltLo - ok

10:52:40.0906 0x18a4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:52:40.0953 0x18a4  BrFiltUp - ok

10:52:40.0984 0x18a4  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys

10:52:41.0062 0x18a4  BridgeMP - ok

10:52:41.0109 0x18a4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll

10:52:41.0171 0x18a4  Browser - ok

10:52:41.0202 0x18a4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

10:52:41.0280 0x18a4  Brserid - ok

10:52:41.0296 0x18a4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

10:52:41.0343 0x18a4  BrSerWdm - ok

10:52:41.0374 0x18a4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

10:52:41.0390 0x18a4  BrUsbMdm - ok

10:52:41.0405 0x18a4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

10:52:41.0452 0x18a4  BrUsbSer - ok

10:52:41.0483 0x18a4  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

10:52:41.0577 0x18a4  BthEnum - ok

10:52:41.0577 0x18a4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

10:52:41.0639 0x18a4  BTHMODEM - ok

10:52:41.0702 0x18a4  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

10:52:41.0748 0x18a4  BthPan - ok

10:52:41.0811 0x18a4  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

10:52:41.0904 0x18a4  BTHPORT - ok

10:52:41.0951 0x18a4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll

10:52:42.0014 0x18a4  bthserv - ok

10:52:42.0060 0x18a4  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

10:52:42.0123 0x18a4  BTHUSB - ok

10:52:42.0466 0x18a4  catchme - ok

10:52:42.0513 0x18a4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

10:52:42.0575 0x18a4  cdfs - ok

10:52:42.0638 0x18a4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

10:52:42.0700 0x18a4  cdrom - ok

10:52:42.0747 0x18a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll

10:52:42.0794 0x18a4  CertPropSvc - ok

10:52:42.0840 0x18a4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

10:52:42.0887 0x18a4  circlass - ok

10:52:42.0934 0x18a4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys

10:52:42.0965 0x18a4  CLFS - ok

10:52:43.0059 0x18a4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:52:43.0106 0x18a4  clr_optimization_v2.0.50727_32 - ok

10:52:43.0184 0x18a4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:52:43.0230 0x18a4  clr_optimization_v4.0.30319_32 - ok

10:52:43.0262 0x18a4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

10:52:43.0308 0x18a4  CmBatt - ok

10:52:43.0340 0x18a4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys

10:52:43.0371 0x18a4  cmdide - ok

10:52:43.0433 0x18a4  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys

10:52:43.0496 0x18a4  CNG - ok

10:52:43.0527 0x18a4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

10:52:43.0558 0x18a4  Compbatt - ok

10:52:43.0605 0x18a4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

10:52:43.0652 0x18a4  CompositeBus - ok

10:52:43.0667 0x18a4  COMSysApp - ok

10:52:43.0714 0x18a4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

10:52:43.0745 0x18a4  crcdisk - ok

10:52:43.0792 0x18a4  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

10:52:43.0854 0x18a4  CryptSvc - ok

10:52:43.0901 0x18a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll

10:52:43.0964 0x18a4  DcomLaunch - ok

10:52:44.0010 0x18a4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll

10:52:44.0104 0x18a4  defragsvc - ok

10:52:44.0151 0x18a4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

10:52:44.0213 0x18a4  DfsC - ok

10:52:44.0260 0x18a4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll

10:52:44.0338 0x18a4  Dhcp - ok

10:52:44.0354 0x18a4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys

10:52:44.0432 0x18a4  discache - ok

10:52:44.0494 0x18a4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys

10:52:44.0525 0x18a4  Disk - ok

10:52:44.0572 0x18a4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll

10:52:44.0619 0x18a4  Dnscache - ok

10:52:44.0666 0x18a4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll

10:52:44.0744 0x18a4  dot3svc - ok

10:52:44.0822 0x18a4  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys

10:52:44.0868 0x18a4  dot4 - ok

10:52:44.0931 0x18a4  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys

10:52:44.0978 0x18a4  Dot4Print - ok

10:52:45.0024 0x18a4  [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys

10:52:45.0071 0x18a4  Dot4Scan - ok

10:52:45.0118 0x18a4  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

10:52:45.0165 0x18a4  dot4usb - ok

10:52:45.0227 0x18a4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll

10:52:45.0305 0x18a4  DPS - ok

10:52:45.0352 0x18a4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

10:52:45.0399 0x18a4  drmkaud - ok

10:52:45.0555 0x18a4  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

10:52:45.0633 0x18a4  DXGKrnl - ok

10:52:45.0711 0x18a4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll

10:52:45.0773 0x18a4  EapHost - ok

10:52:45.0992 0x18a4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

10:52:46.0350 0x18a4  ebdrv - ok

10:52:46.0397 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe

10:52:46.0428 0x18a4  EFS - ok

10:52:46.0522 0x18a4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

10:52:46.0631 0x18a4  ehRecvr - ok

10:52:46.0662 0x18a4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe

10:52:46.0709 0x18a4  ehSched - ok

10:52:46.0850 0x18a4  [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys

10:52:46.0912 0x18a4  ElbyCDIO - ok

10:52:47.0099 0x18a4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

10:52:47.0208 0x18a4  elxstor - ok

10:52:47.0255 0x18a4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

10:52:47.0286 0x18a4  ErrDev - ok

10:52:47.0349 0x18a4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll

10:52:47.0442 0x18a4  EventSystem - ok

10:52:47.0458 0x18a4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys

10:52:47.0552 0x18a4  exfat - ok

10:52:47.0614 0x18a4  Fabs - ok

10:52:47.0645 0x18a4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

10:52:47.0723 0x18a4  fastfat - ok

10:52:47.0786 0x18a4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe

10:52:47.0879 0x18a4  Fax - ok

10:52:47.0910 0x18a4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

10:52:47.0957 0x18a4  fdc - ok

10:52:47.0988 0x18a4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll

10:52:48.0051 0x18a4  fdPHost - ok

10:52:48.0098 0x18a4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll

10:52:48.0207 0x18a4  FDResPub - ok

10:52:48.0238 0x18a4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

10:52:48.0300 0x18a4  FileInfo - ok

10:52:48.0347 0x18a4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

10:52:48.0503 0x18a4  Filetrace - ok

10:52:49.0018 0x18a4  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

10:52:49.0626 0x18a4  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )

10:52:52.0746 0x18a4  Detect skipped due to KSN trusted

10:52:52.0746 0x18a4  FirebirdServerMAGIXInstance - ok

10:52:52.0902 0x18a4  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

10:52:52.0980 0x18a4  FLEXnet Licensing Service - ok

10:52:52.0996 0x18a4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

10:52:53.0027 0x18a4  flpydisk - ok

10:52:53.0058 0x18a4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

10:52:53.0121 0x18a4  FltMgr - ok

10:52:53.0183 0x18a4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll

10:52:53.0308 0x18a4  FontCache - ok

10:52:53.0402 0x18a4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

10:52:53.0417 0x18a4  FontCache3.0.0.0 - ok

10:52:53.0448 0x18a4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

10:52:53.0480 0x18a4  FsDepends - ok

10:52:53.0526 0x18a4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

10:52:53.0558 0x18a4  Fs_Rec - ok

10:52:53.0604 0x18a4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

10:52:53.0667 0x18a4  fvevol - ok

10:52:53.0698 0x18a4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

10:52:53.0729 0x18a4  gagp30kx - ok

10:52:53.0760 0x18a4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:52:53.0792 0x18a4  GEARAspiWDM - ok

10:52:53.0854 0x18a4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll

10:52:53.0932 0x18a4  gpsvc - ok

10:52:53.0963 0x18a4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

10:52:54.0010 0x18a4  hcw85cir - ok

10:52:54.0088 0x18a4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

10:52:54.0150 0x18a4  HdAudAddService - ok

10:52:54.0213 0x18a4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

10:52:54.0260 0x18a4  HDAudBus - ok

10:52:54.0306 0x18a4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

10:52:54.0353 0x18a4  HidBatt - ok

10:52:54.0369 0x18a4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

10:52:54.0431 0x18a4  HidBth - ok

10:52:54.0447 0x18a4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

10:52:54.0509 0x18a4  HidIr - ok

10:52:54.0540 0x18a4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll

10:52:54.0603 0x18a4  hidserv - ok

10:52:54.0634 0x18a4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

10:52:54.0696 0x18a4  HidUsb - ok

10:52:54.0728 0x18a4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll

10:52:54.0774 0x18a4  hkmsvc - ok

10:52:54.0821 0x18a4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll

10:52:54.0899 0x18a4  HomeGroupListener - ok

10:52:54.0930 0x18a4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

10:52:54.0993 0x18a4  HomeGroupProvider - ok

10:52:55.0055 0x18a4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

10:52:55.0086 0x18a4  HpSAMD - ok

10:52:55.0164 0x18a4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

10:52:55.0258 0x18a4  HTTP - ok

10:52:55.0305 0x18a4  [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys

10:52:55.0367 0x18a4  hwdatacard - ok

10:52:55.0414 0x18a4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

10:52:55.0445 0x18a4  hwpolicy - ok

10:52:55.0492 0x18a4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

10:52:55.0539 0x18a4  i8042prt - ok

10:52:55.0586 0x18a4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

10:52:55.0632 0x18a4  iaStorV - ok

10:52:55.0742 0x18a4  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:52:55.0882 0x18a4  idsvc - ok

10:52:55.0944 0x18a4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

10:52:55.0976 0x18a4  iirsp - ok

10:52:56.0054 0x18a4  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll

10:52:56.0147 0x18a4  IKEEXT - ok

10:52:56.0194 0x18a4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys

10:52:56.0225 0x18a4  intelide - ok

10:52:56.0272 0x18a4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

10:52:56.0303 0x18a4  intelppm - ok

10:52:56.0334 0x18a4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

10:52:56.0412 0x18a4  IPBusEnum - ok

10:52:56.0444 0x18a4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:52:56.0506 0x18a4  IpFilterDriver - ok

10:52:56.0584 0x18a4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

10:52:56.0646 0x18a4  iphlpsvc - ok

10:52:56.0693 0x18a4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

10:52:56.0740 0x18a4  IPMIDRV - ok

10:52:56.0787 0x18a4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

10:52:56.0865 0x18a4  IPNAT - ok

10:52:56.0943 0x18a4  [ EF1C51222117B37AFBFF8F4642EA8C62, 7AC322295B33E9BF1548AB42773421609E11332E7E9B42EE58908EF6A298A8F3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

10:52:56.0974 0x18a4  iPod Service - ok

10:52:57.0005 0x18a4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys

10:52:57.0099 0x18a4  IRENUM - ok

10:52:57.0130 0x18a4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys

10:52:57.0161 0x18a4  isapnp - ok

10:52:57.0192 0x18a4  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

10:52:57.0239 0x18a4  iScsiPrt - ok

10:52:57.0270 0x18a4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

10:52:57.0302 0x18a4  kbdclass - ok

10:52:57.0348 0x18a4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

10:52:57.0380 0x18a4  kbdhid - ok

10:52:57.0411 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe

10:52:57.0426 0x18a4  KeyIso - ok

10:52:57.0458 0x18a4  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

10:52:57.0489 0x18a4  KSecDD - ok

10:52:57.0520 0x18a4  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

10:52:57.0551 0x18a4  KSecPkg - ok

10:52:57.0614 0x18a4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll

10:52:57.0707 0x18a4  KtmRm - ok

10:52:57.0770 0x18a4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll

10:52:57.0879 0x18a4  LanmanServer - ok

10:52:57.0910 0x18a4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

10:52:57.0957 0x18a4  LanmanWorkstation - ok

10:52:58.0019 0x18a4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

10:52:58.0097 0x18a4  lltdio - ok

10:52:58.0144 0x18a4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

10:52:58.0206 0x18a4  lltdsvc - ok

10:52:58.0238 0x18a4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll

10:52:58.0300 0x18a4  lmhosts - ok

10:52:58.0362 0x18a4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

10:52:58.0409 0x18a4  LSI_FC - ok

10:52:58.0425 0x18a4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

10:52:58.0456 0x18a4  LSI_SAS - ok

10:52:58.0472 0x18a4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:52:58.0503 0x18a4  LSI_SAS2 - ok

10:52:58.0518 0x18a4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:52:58.0565 0x18a4  LSI_SCSI - ok

10:52:58.0581 0x18a4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys

10:52:58.0643 0x18a4  luafv - ok

10:52:58.0674 0x18a4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

10:52:58.0706 0x18a4  MBAMProtector - ok

10:52:58.0784 0x18a4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

10:52:58.0830 0x18a4  MBAMScheduler - ok

10:52:58.0877 0x18a4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:52:58.0940 0x18a4  MBAMService - ok

10:52:58.0971 0x18a4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

10:52:59.0018 0x18a4  Mcx2Svc - ok

10:52:59.0049 0x18a4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

10:52:59.0080 0x18a4  megasas - ok

10:52:59.0127 0x18a4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

10:52:59.0174 0x18a4  MegaSR - ok

10:52:59.0205 0x18a4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll

10:52:59.0267 0x18a4  MMCSS - ok

10:52:59.0283 0x18a4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys

10:52:59.0361 0x18a4  Modem - ok

10:52:59.0392 0x18a4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

10:52:59.0439 0x18a4  monitor - ok

10:52:59.0470 0x18a4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

10:52:59.0501 0x18a4  mouclass - ok

10:52:59.0532 0x18a4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

10:52:59.0579 0x18a4  mouhid - ok

10:52:59.0610 0x18a4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

10:52:59.0657 0x18a4  mountmgr - ok

10:52:59.0688 0x18a4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys

10:52:59.0751 0x18a4  mpio - ok

10:52:59.0798 0x18a4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

10:52:59.0891 0x18a4  mpsdrv - ok

10:52:59.0938 0x18a4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll

10:53:00.0016 0x18a4  MpsSvc - ok

10:53:00.0063 0x18a4  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

10:53:00.0141 0x18a4  MRxDAV - ok

10:53:00.0188 0x18a4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

10:53:00.0250 0x18a4  mrxsmb - ok

10:53:00.0297 0x18a4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:53:00.0344 0x18a4  mrxsmb10 - ok

10:53:00.0359 0x18a4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:53:00.0406 0x18a4  mrxsmb20 - ok

10:53:00.0437 0x18a4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys

10:53:00.0468 0x18a4  msahci - ok

10:53:00.0500 0x18a4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

10:53:00.0546 0x18a4  msdsm - ok

10:53:00.0578 0x18a4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe

10:53:00.0640 0x18a4  MSDTC - ok

10:53:00.0687 0x18a4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys

10:53:00.0765 0x18a4  Msfs - ok

10:53:00.0780 0x18a4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

10:53:00.0858 0x18a4  mshidkmdf - ok

10:53:00.0890 0x18a4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

10:53:00.0905 0x18a4  msisadrv - ok

10:53:00.0968 0x18a4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

10:53:01.0030 0x18a4  MSiSCSI - ok

10:53:01.0030 0x18a4  msiserver - ok

10:53:01.0077 0x18a4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

10:53:01.0155 0x18a4  MSKSSRV - ok

10:53:01.0170 0x18a4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

10:53:01.0233 0x18a4  MSPCLOCK - ok

10:53:01.0264 0x18a4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

10:53:01.0311 0x18a4  MSPQM - ok

10:53:01.0342 0x18a4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

10:53:01.0373 0x18a4  MsRPC - ok

10:53:01.0420 0x18a4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

10:53:01.0451 0x18a4  mssmbios - ok

10:53:01.0482 0x18a4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

10:53:01.0545 0x18a4  MSTEE - ok

10:53:01.0545 0x18a4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

10:53:01.0592 0x18a4  MTConfig - ok

10:53:01.0623 0x18a4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys

10:53:01.0654 0x18a4  Mup - ok

10:53:01.0701 0x18a4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll

10:53:01.0763 0x18a4  napagent - ok

10:53:01.0810 0x18a4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

10:53:01.0872 0x18a4  NativeWifiP - ok

10:53:01.0935 0x18a4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys

10:53:01.0997 0x18a4  NDIS - ok

10:53:02.0028 0x18a4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

10:53:02.0106 0x18a4  NdisCap - ok

10:53:02.0138 0x18a4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

10:53:02.0216 0x18a4  NdisTapi - ok

10:53:02.0262 0x18a4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

10:53:02.0325 0x18a4  Ndisuio - ok

10:53:02.0372 0x18a4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

10:53:02.0450 0x18a4  NdisWan - ok

10:53:02.0481 0x18a4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

10:53:02.0543 0x18a4  NDProxy - ok

10:53:02.0590 0x18a4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

10:53:02.0668 0x18a4  NetBIOS - ok

10:53:02.0715 0x18a4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

10:53:02.0793 0x18a4  NetBT - ok

10:53:02.0808 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe

10:53:02.0840 0x18a4  Netlogon - ok

10:53:02.0886 0x18a4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll

10:53:02.0964 0x18a4  Netman - ok

10:53:02.0996 0x18a4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll

10:53:03.0089 0x18a4  netprofm - ok

10:53:03.0120 0x18a4  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:53:03.0167 0x18a4  NetTcpPortSharing - ok

10:53:03.0214 0x18a4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

10:53:03.0245 0x18a4  nfrd960 - ok

10:53:03.0292 0x18a4  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll

10:53:03.0339 0x18a4  NlaSvc - ok

10:53:03.0386 0x18a4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

10:53:03.0432 0x18a4  Npfs - ok

10:53:03.0479 0x18a4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll

10:53:03.0526 0x18a4  nsi - ok

10:53:03.0573 0x18a4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

10:53:03.0635 0x18a4  nsiproxy - ok

10:53:03.0729 0x18a4  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

10:53:03.0838 0x18a4  Ntfs - ok

10:53:03.0885 0x18a4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys

10:53:03.0963 0x18a4  Null - ok

10:53:04.0010 0x18a4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys

10:53:04.0041 0x18a4  nvraid - ok

10:53:04.0072 0x18a4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

10:53:04.0103 0x18a4  nvstor - ok

10:53:04.0134 0x18a4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

10:53:04.0166 0x18a4  nv_agp - ok

10:53:04.0290 0x18a4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:53:04.0353 0x18a4  odserv - ok

10:53:04.0400 0x18a4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

10:53:04.0446 0x18a4  ohci1394 - ok

10:53:04.0509 0x18a4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:53:04.0556 0x18a4  ose - ok

10:53:04.0602 0x18a4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

10:53:04.0680 0x18a4  p2pimsvc - ok

10:53:04.0712 0x18a4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll

10:53:04.0774 0x18a4  p2psvc - ok

10:53:04.0805 0x18a4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys

10:53:04.0852 0x18a4  Parport - ok

10:53:04.0868 0x18a4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

10:53:04.0914 0x18a4  partmgr - ok

10:53:04.0930 0x18a4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

10:53:04.0961 0x18a4  Parvdm - ok

10:53:05.0008 0x18a4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll

10:53:05.0039 0x18a4  PcaSvc - ok

10:53:05.0086 0x18a4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys

10:53:05.0117 0x18a4  pci - ok

10:53:05.0195 0x18a4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys

10:53:05.0242 0x18a4  pciide - ok

10:53:05.0320 0x18a4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

10:53:05.0538 0x18a4  pcmcia - ok

10:53:05.0554 0x18a4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys

10:53:05.0585 0x18a4  pcw - ok

10:53:05.0632 0x18a4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

10:53:05.0757 0x18a4  PEAUTH - ok

10:53:05.0897 0x18a4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll

10:53:06.0069 0x18a4  pla - ok

10:53:06.0147 0x18a4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

10:53:06.0194 0x18a4  PlugPlay - ok

10:53:06.0225 0x18a4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

10:53:06.0272 0x18a4  PNRPAutoReg - ok

10:53:06.0303 0x18a4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

10:53:06.0350 0x18a4  PNRPsvc - ok

10:53:06.0428 0x18a4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

10:53:06.0506 0x18a4  PolicyAgent - ok

10:53:06.0552 0x18a4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll

10:53:06.0615 0x18a4  Power - ok

10:53:06.0662 0x18a4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

10:53:06.0724 0x18a4  PptpMiniport - ok

10:53:06.0755 0x18a4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

10:53:06.0786 0x18a4  Processor - ok

10:53:06.0833 0x18a4  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll

10:53:06.0911 0x18a4  ProfSvc - ok

10:53:06.0927 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe

10:53:06.0958 0x18a4  ProtectedStorage - ok

10:53:06.0989 0x18a4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

10:53:07.0052 0x18a4  Psched - ok

10:53:07.0145 0x18a4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

10:53:07.0254 0x18a4  ql2300 - ok

10:53:07.0286 0x18a4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

10:53:07.0332 0x18a4  ql40xx - ok

10:53:07.0364 0x18a4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll

10:53:07.0442 0x18a4  QWAVE - ok

10:53:07.0473 0x18a4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

10:53:07.0504 0x18a4  QWAVEdrv - ok

10:53:07.0535 0x18a4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

10:53:07.0598 0x18a4  RasAcd - ok

10:53:07.0644 0x18a4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

10:53:07.0707 0x18a4  RasAgileVpn - ok

10:53:07.0754 0x18a4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll

10:53:07.0816 0x18a4  RasAuto - ok

10:53:07.0847 0x18a4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

10:53:07.0925 0x18a4  Rasl2tp - ok

10:53:07.0988 0x18a4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll

10:53:08.0066 0x18a4  RasMan - ok

10:53:08.0112 0x18a4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

10:53:08.0190 0x18a4  RasPppoe - ok

10:53:08.0206 0x18a4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

10:53:08.0284 0x18a4  RasSstp - ok

10:53:08.0331 0x18a4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

10:53:08.0424 0x18a4  rdbss - ok

10:53:08.0456 0x18a4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

10:53:08.0502 0x18a4  rdpbus - ok

10:53:08.0534 0x18a4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

10:53:08.0596 0x18a4  RDPCDD - ok

10:53:08.0643 0x18a4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

10:53:08.0705 0x18a4  RDPENCDD - ok

10:53:08.0736 0x18a4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

10:53:08.0799 0x18a4  RDPREFMP - ok

10:53:08.0830 0x18a4  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

10:53:08.0892 0x18a4  RDPWD - ok

10:53:08.0955 0x18a4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

10:53:09.0002 0x18a4  rdyboost - ok

10:53:09.0048 0x18a4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll

10:53:09.0111 0x18a4  RemoteAccess - ok

10:53:09.0158 0x18a4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll

10:53:09.0267 0x18a4  RemoteRegistry - ok

10:53:09.0314 0x18a4  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

10:53:09.0407 0x18a4  RFCOMM - ok

10:53:09.0438 0x18a4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

10:53:09.0516 0x18a4  RpcEptMapper - ok

10:53:09.0548 0x18a4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe

10:53:09.0594 0x18a4  RpcLocator - ok

10:53:09.0641 0x18a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll

10:53:09.0719 0x18a4  RpcSs - ok

10:53:09.0766 0x18a4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

10:53:09.0844 0x18a4  rspndr - ok

10:53:09.0860 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe

10:53:09.0891 0x18a4  SamSs - ok

10:53:09.0938 0x18a4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

10:53:09.0984 0x18a4  sbp2port - ok

10:53:10.0031 0x18a4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

10:53:10.0109 0x18a4  SCardSvr - ok

10:53:10.0125 0x18a4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

10:53:10.0203 0x18a4  scfilter - ok

10:53:10.0281 0x18a4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll

10:53:10.0406 0x18a4  Schedule - ok

10:53:10.0437 0x18a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll

10:53:10.0484 0x18a4  SCPolicySvc - ok

10:53:10.0530 0x18a4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

10:53:10.0655 0x18a4  SDRSVC - ok

10:53:10.0702 0x18a4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

10:53:10.0764 0x18a4  secdrv - ok

10:53:10.0796 0x18a4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll

10:53:10.0858 0x18a4  seclogon - ok

10:53:10.0889 0x18a4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll

10:53:10.0952 0x18a4  SENS - ok

10:53:10.0983 0x18a4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

10:53:11.0045 0x18a4  SensrSvc - ok

10:53:11.0061 0x18a4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

10:53:11.0108 0x18a4  Serenum - ok

10:53:11.0170 0x18a4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys

10:53:11.0217 0x18a4  Serial - ok

10:53:11.0248 0x18a4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

10:53:11.0279 0x18a4  sermouse - ok

10:53:11.0326 0x18a4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll

10:53:11.0404 0x18a4  SessionEnv - ok

10:53:11.0451 0x18a4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

10:53:11.0482 0x18a4  sffdisk - ok

10:53:11.0482 0x18a4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

10:53:11.0513 0x18a4  sffp_mmc - ok

10:53:11.0544 0x18a4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

10:53:11.0576 0x18a4  sffp_sd - ok

10:53:11.0607 0x18a4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

10:53:11.0654 0x18a4  sfloppy - ok

10:53:11.0700 0x18a4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll

10:53:11.0794 0x18a4  SharedAccess - ok

10:53:11.0856 0x18a4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

10:53:11.0919 0x18a4  ShellHWDetection - ok

10:53:11.0950 0x18a4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys

10:53:11.0997 0x18a4  sisagp - ok

10:53:12.0028 0x18a4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:53:12.0059 0x18a4  SiSRaid2 - ok

10:53:12.0075 0x18a4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

10:53:12.0122 0x18a4  SiSRaid4 - ok

10:53:12.0215 0x18a4  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Windows.old\Program Files\Skype\Updater\Updater.exe

10:53:12.0324 0x18a4  SkypeUpdate - ok

10:53:12.0356 0x18a4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

10:53:12.0418 0x18a4  Smb - ok

10:53:12.0496 0x18a4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

10:53:12.0543 0x18a4  SNMPTRAP - ok

10:53:12.0574 0x18a4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys

10:53:12.0605 0x18a4  spldr - ok

10:53:12.0652 0x18a4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe

10:53:12.0777 0x18a4  Spooler - ok

10:53:12.0948 0x18a4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe

10:53:13.0151 0x18a4  sppsvc - ok

10:53:13.0214 0x18a4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll

10:53:13.0307 0x18a4  sppuinotify - ok

10:53:13.0370 0x18a4  sptd - ok

10:53:13.0448 0x18a4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys

10:53:13.0572 0x18a4  srv - ok

10:53:13.0666 0x18a4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

10:53:13.0744 0x18a4  srv2 - ok

10:53:13.0775 0x18a4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

10:53:13.0838 0x18a4  srvnet - ok

10:53:13.0884 0x18a4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

10:53:13.0931 0x18a4  SSDPSRV - ok

10:53:13.0994 0x18a4  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

10:53:14.0009 0x18a4  ssmdrv - ok

10:53:14.0040 0x18a4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

10:53:14.0087 0x18a4  SstpSvc - ok

10:53:14.0118 0x18a4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

10:53:14.0150 0x18a4  stexstor - ok

10:53:14.0212 0x18a4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll

10:53:14.0306 0x18a4  StiSvc - ok

10:53:14.0352 0x18a4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys

10:53:14.0368 0x18a4  swenum - ok

10:53:14.0430 0x18a4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll

10:53:14.0493 0x18a4  swprv - ok

10:53:14.0555 0x18a4  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys

10:53:14.0586 0x18a4  SynTP - ok

10:53:14.0680 0x18a4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll

10:53:14.0789 0x18a4  SysMain - ok

10:53:14.0820 0x18a4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll

10:53:14.0883 0x18a4  TabletInputService - ok

10:53:14.0930 0x18a4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll

10:53:15.0023 0x18a4  TapiSrv - ok

10:53:15.0070 0x18a4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll

10:53:15.0132 0x18a4  TBS - ok

10:53:15.0242 0x18a4  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

10:53:15.0351 0x18a4  Tcpip - ok

10:53:15.0429 0x18a4  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

10:53:15.0507 0x18a4  TCPIP6 - ok

10:53:15.0554 0x18a4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

10:53:15.0600 0x18a4  tcpipreg - ok

10:53:15.0663 0x18a4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

10:53:15.0819 0x18a4  TDPIPE - ok

10:53:15.0990 0x18a4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

10:53:16.0022 0x18a4  TDTCP - ok

10:53:16.0068 0x18a4  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

10:53:16.0131 0x18a4  tdx - ok

10:53:16.0162 0x18a4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys

10:53:16.0271 0x18a4  TermDD - ok

10:53:16.0334 0x18a4  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll

10:53:16.0443 0x18a4  TermService - ok

10:53:16.0490 0x18a4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll

10:53:16.0536 0x18a4  Themes - ok

10:53:16.0568 0x18a4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll

10:53:16.0614 0x18a4  THREADORDER - ok

10:53:16.0646 0x18a4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll

10:53:16.0708 0x18a4  TrkWks - ok

10:53:16.0786 0x18a4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

10:53:16.0833 0x18a4  TrustedInstaller - ok

10:53:16.0864 0x18a4  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

10:53:16.0911 0x18a4  tssecsrv - ok

10:53:16.0958 0x18a4  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

10:53:17.0020 0x18a4  TsUsbFlt - ok

10:53:17.0082 0x18a4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

10:53:17.0145 0x18a4  tunnel - ok

10:53:17.0176 0x18a4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

10:53:17.0223 0x18a4  uagp35 - ok

10:53:17.0238 0x18a4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

10:53:17.0332 0x18a4  udfs - ok

10:53:17.0379 0x18a4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe

10:53:17.0426 0x18a4  UI0Detect - ok

10:53:17.0535 0x18a4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

10:53:17.0628 0x18a4  uliagpkx - ok

10:53:17.0769 0x18a4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys

10:53:17.0862 0x18a4  umbus - ok

10:53:17.0894 0x18a4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

10:53:17.0925 0x18a4  UmPass - ok

10:53:17.0972 0x18a4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll

10:53:18.0034 0x18a4  upnphost - ok

10:53:18.0096 0x18a4  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys

10:53:18.0159 0x18a4  USBAAPL - ok

10:53:18.0206 0x18a4  [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

10:53:18.0252 0x18a4  usbccgp - ok

10:53:18.0299 0x18a4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys

10:53:18.0362 0x18a4  usbcir - ok

10:53:18.0393 0x18a4  [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

10:53:18.0424 0x18a4  usbehci - ok

10:53:18.0486 0x18a4  [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

10:53:18.0533 0x18a4  usbhub - ok

10:53:18.0564 0x18a4  [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

10:53:18.0611 0x18a4  usbohci - ok

10:53:18.0658 0x18a4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

10:53:18.0705 0x18a4  usbprint - ok

10:53:18.0752 0x18a4  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

10:53:18.0939 0x18a4  usbscan - ok

10:53:18.0970 0x18a4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:53:19.0079 0x18a4  USBSTOR - ok

10:53:19.0126 0x18a4  [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

10:53:19.0266 0x18a4  usbuhci - ok

10:53:19.0500 0x18a4  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

10:53:19.0578 0x18a4  usbvideo - ok

10:53:19.0610 0x18a4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll

10:53:19.0719 0x18a4  UxSms - ok

10:53:19.0812 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe

10:53:19.0859 0x18a4  VaultSvc - ok

10:53:19.0968 0x18a4  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone          C:\Windows\system32\DRIVERS\VClone.sys

10:53:20.0218 0x18a4  VClone - ok

10:53:20.0327 0x18a4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

10:53:20.0358 0x18a4  vdrvroot - ok

10:53:20.0514 0x18a4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe

10:53:20.0702 0x18a4  vds - ok

10:53:20.0733 0x18a4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

10:53:20.0780 0x18a4  vga - ok

10:53:20.0795 0x18a4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys

10:53:20.0858 0x18a4  VgaSave - ok

10:53:20.0889 0x18a4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

10:53:20.0936 0x18a4  vhdmp - ok

10:53:20.0967 0x18a4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

10:53:20.0998 0x18a4  viaagp - ok

10:53:21.0014 0x18a4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

10:53:21.0076 0x18a4  ViaC7 - ok

10:53:21.0107 0x18a4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys

10:53:21.0138 0x18a4  viaide - ok

10:53:21.0154 0x18a4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

10:53:21.0185 0x18a4  volmgr - ok

10:53:21.0248 0x18a4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

10:53:21.0294 0x18a4  volmgrx - ok

10:53:21.0326 0x18a4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

10:53:21.0372 0x18a4  volsnap - ok

10:53:21.0419 0x18a4  [ EA39F36302DACBCDCDB113313718E768, BE26A4DA68D5A15047941215CFC6D687FEE3F56573DDABE21AD7176C1C79CC5F ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys

10:53:21.0450 0x18a4  vpnva - ok

10:53:21.0497 0x18a4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

10:53:21.0528 0x18a4  vsmraid - ok

10:53:21.0622 0x18a4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe

10:53:21.0731 0x18a4  VSS - ok

10:53:21.0778 0x18a4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

10:53:21.0825 0x18a4  vwifibus - ok

10:53:21.0840 0x18a4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

10:53:21.0887 0x18a4  vwififlt - ok

10:53:21.0950 0x18a4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll

10:53:22.0028 0x18a4  W32Time - ok

10:53:22.0059 0x18a4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

10:53:22.0090 0x18a4  WacomPen - ok

10:53:22.0137 0x18a4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

10:53:22.0230 0x18a4  WANARP - ok

10:53:22.0230 0x18a4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

10:53:22.0293 0x18a4  Wanarpv6 - ok

10:53:22.0418 0x18a4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

10:53:22.0558 0x18a4  WatAdminSvc - ok

10:53:22.0636 0x18a4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe

10:53:22.0761 0x18a4  wbengine - ok

10:53:22.0808 0x18a4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

10:53:22.0854 0x18a4  WbioSrvc - ok

10:53:22.0902 0x18a4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll

10:53:22.0965 0x18a4  wcncsvc - ok

10:53:22.0996 0x18a4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

10:53:23.0058 0x18a4  WcsPlugInService - ok

10:53:23.0089 0x18a4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys

10:53:23.0121 0x18a4  Wd - ok

10:53:23.0183 0x18a4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

10:53:23.0245 0x18a4  Wdf01000 - ok

10:53:23.0292 0x18a4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll

10:53:23.0370 0x18a4  WdiServiceHost - ok

10:53:23.0370 0x18a4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll

10:53:23.0417 0x18a4  WdiSystemHost - ok

10:53:23.0448 0x18a4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll

10:53:23.0526 0x18a4  WebClient - ok

10:53:23.0557 0x18a4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll

10:53:23.0635 0x18a4  Wecsvc - ok

10:53:23.0651 0x18a4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

10:53:23.0713 0x18a4  wercplsupport - ok

10:53:23.0745 0x18a4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll

10:53:23.0838 0x18a4  WerSvc - ok

10:53:23.0916 0x18a4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

10:53:23.0963 0x18a4  WfpLwf - ok

10:53:23.0994 0x18a4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

10:53:24.0025 0x18a4  WIMMount - ok

10:53:24.0150 0x18a4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

10:53:24.0244 0x18a4  WinDefend - ok

10:53:24.0259 0x18a4  WinHttpAutoProxySvc - ok

10:53:24.0337 0x18a4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

10:53:24.0462 0x18a4  Winmgmt - ok

10:53:24.0556 0x18a4  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll

10:53:24.0681 0x18a4  WinRM - ok

10:53:24.0821 0x18a4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

10:53:24.0852 0x18a4  WinUsb - ok

10:53:24.0930 0x18a4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll

10:53:25.0024 0x18a4  Wlansvc - ok

10:53:25.0055 0x18a4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

10:53:25.0102 0x18a4  WmiAcpi - ok

10:53:25.0149 0x18a4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

10:53:25.0211 0x18a4  wmiApSrv - ok

10:53:25.0336 0x18a4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

10:53:25.0429 0x18a4  WMPNetworkSvc - ok

10:53:25.0461 0x18a4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

10:53:25.0539 0x18a4  WPCSvc - ok

10:53:25.0570 0x18a4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

10:53:25.0632 0x18a4  WPDBusEnum - ok

10:53:25.0663 0x18a4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

10:53:25.0726 0x18a4  ws2ifsl - ok

10:53:25.0773 0x18a4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll

10:53:25.0819 0x18a4  wscsvc - ok

10:53:25.0819 0x18a4  WSearch - ok

10:53:25.0975 0x18a4  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll

10:53:26.0085 0x18a4  wuauserv - ok

10:53:26.0116 0x18a4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

10:53:26.0225 0x18a4  WudfPf - ok

10:53:26.0553 0x18a4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

10:53:26.0584 0x18a4  WUDFRd - ok

10:53:26.0631 0x18a4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

10:53:26.0662 0x18a4  wudfsvc - ok

10:53:26.0709 0x18a4  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll

10:53:26.0771 0x18a4  WwanSvc - ok

10:53:26.0833 0x18a4  [ B07C5B7EFDF936FF93D4F540938725BE, A9D559B0A99937CC4E7F065566054DAFCCD0C6C3AA98B47ADF7CB2ABD30B0182 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys

10:53:26.0896 0x18a4  yukonw7 - ok

10:53:26.0911 0x18a4  ================ Scan global ===============================

10:53:26.0943 0x18a4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll

10:53:26.0974 0x18a4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll

10:53:27.0005 0x18a4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll

10:53:27.0036 0x18a4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll

10:53:27.0083 0x18a4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe

10:53:27.0099 0x18a4  [ Global ] - ok

10:53:27.0099 0x18a4  ================ Scan MBR ==================================

10:53:27.0114 0x18a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

10:53:27.0645 0x18a4  \Device\Harddisk0\DR0 - ok

10:53:27.0645 0x18a4  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1

10:53:28.0206 0x18a4  \Device\Harddisk1\DR1 - ok

10:53:28.0206 0x18a4  ================ Scan VBR ==================================

10:53:28.0237 0x18a4  [ 8711CA7F59A1632F2C3718A6C754C6A1 ] \Device\Harddisk0\DR0\Partition1

10:53:28.0237 0x18a4  \Device\Harddisk0\DR0\Partition1 - ok

10:53:28.0269 0x18a4  [ 04406359A6A7B56EA287811D1AA8BBE6 ] \Device\Harddisk0\DR0\Partition2

10:53:28.0269 0x18a4  \Device\Harddisk0\DR0\Partition2 - ok

10:53:28.0300 0x18a4  [ 3E35994EA0541FC9BF4DC949849ED776 ] \Device\Harddisk0\DR0\Partition3

10:53:28.0300 0x18a4  \Device\Harddisk0\DR0\Partition3 - ok

10:53:28.0315 0x18a4  [ 9F7728192F0B2567B4BE28A9181E4892 ] \Device\Harddisk1\DR1\Partition1

10:53:28.0315 0x18a4  \Device\Harddisk1\DR1\Partition1 - ok

10:53:28.0315 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:29.0329 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:30.0343 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:31.0357 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:32.0371 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:33.0385 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:34.0399 0x18a4  Waiting for KSN requests completion. In queue: 294

10:53:35.0413 0x18a4  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.0.307 ), 0x40000 ( disabled : updated )

10:53:35.0429 0x18a4  Win FW state via NFP2: enabled

10:53:38.0299 0x18a4  ============================================================

10:53:38.0299 0x18a4  Scan finished

10:53:38.0299 0x18a4  ============================================================

10:53:38.0299 0x18dc  Detected object count: 0

10:53:38.0299 0x18dc  Actual detected object count: 0

Nichts zu sehen.
Kannst du bitte beim nächsten Bluescreen dir die genauen Angaben des Bluescreens (Stop-code etc.) notierend und hier posten. (Vorgängig: Systemsteuerung -> System -> Erweitert -> Starten und Wiederherstellen -> Einstellungen -> Systemfehler: Haken bei "Automatischer Neustart durchführen" entfernen)

ok, dann werde ich jetzt wohl warten müssen oder kann ich sonst noch etwas tun?
Der USB-Stick zeigt zumindest schon mal keine Verknüpfungen mehr und wenn ich Daten reinschiebe, werden sie nicht mehr in Verknüpfungen umgewandelt...also ein wenig hat sich schon getan ;)

So, kam wieder...
also der Text ist denk ich mal immer der gleiche, den habe ich jetzt nicht abgeschrieben.
Ansonsten:
DRIVER_IRQL_NOT_LESS_OR_EQUAL

Stop: 0x000000D1 (0x00000030, 0x00000002, 0x00000000, 0x942F28A5)
athr. sys-Adress 942F28A5 base at 942B0000, Datestamp 4a2ea444

kannst du damit was anfangen?

und gleich nochmal...

Stop: 0x000000D1 (0x00000030, 0x00000002, 0x00000000, 0x94EF98A5)
athr. sys-Adress 94EF98A5 base at 94EB7000, Datestamp 4a2ea444

uuuund nochmal:

Stop: 0x000000D1 (0x00000030, 0x00000002, 0x00000000, 0x942F18A5)
athr. sys-Adress 942F18A5 base at 942AF000, Datestamp 4a2ea444

Da scheint etwas etwas mit einem Atheros Treiber nicht zu passen.
Schau mal, ob du so ein Update des Treibers findest und diese Bluescreens wegkriegst: Aktualisieren eines Treibers für Hardware, die nicht ordnungsgemäß funktioniert - Hilfe zu Microsoft*Windows

Und schliesse bitte den befallenen USB-Stick an (wenn er das nicht schon ist) und teile mir mit, welchen Laufwerksbuchstaben er hat (z.B. e:\ oder f:\ oder so).

ja, der USB-Stick ist die ganze Zeit angeschlossen. Das Laufwerk ist K:.

Guten Morgen,

habe mir ein Update dafür besorgt und bisher scheint es keine Bluescreens mehr zu geben.
Was muss ich denn nun noch machen?Irgendwelche Suchscanns wiederholen?
Habe Sorge, dass ich wieder Online-Banking und sowas von diesem Laptop mache, er aber eigentlich noch befallen ist...

Halte das mit den Bluescreens noch etwas unter Beobachtung.

Wir schauen uns noch den USB-Stick an, dass der auch sauber ist:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CMD: dir /a "K:\"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-10-2013

Ran by Vera at 2013-10-29 10:41:04 Run:2

Running from C:\Users\Vera\Downloads

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

CMD: dir /a "K:\"

*****************
 
 

=========  dir /a "K:\" =========
 

 Datentr�ger in Laufwerk K: ist KINGSTON

 Volumeseriennummer: 423A-11F0
 

 Verzeichnis von K:\
 

29.09.2013  16:10            60.040 Iexplorerprog1.vbs

29.09.2013  18:19            60.040 Roof.vbs

               2 Datei(en),        120.080 Bytes

               0 Verzeichnis(se),  1.002.029.056 Bytes frei
 

========= End of CMD: =========
 
 

==== End of Fixlog ====

Ist das korrekt, dass du derzeit keine Daten auf diesem USB-Stick gespeichert hast? Hast du noch weitere USB-Sticks (oder externe Festplatten), die du in letzter Zeit an diesen Rechner angeschlossen hast?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

K:\Iexplorerprog1.vbs

K:\Roof.vbs

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013

Ran by Vera (administrator) on VERA-PC on 29-10-2013 11:02:16

Running from C:\Users\Vera\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe

(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe

(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)

HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213

Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4
 

FireFox:

========

FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\4ym0zwfx.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Vera\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vera\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
 

==================== Drivers (Whitelisted) ====================
 

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)

U3 avek5a6f; C:\Windows\System32\Drivers\avek5a6f.sys [0 ] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-29 09:52 - 2013-10-29 09:52 - 00000384 _____ C:\Windows\system32\defogger_enable.log

2013-10-28 17:09 - 2013-10-28 17:11 - 77761996 _____ C:\Users\Vera\Downloads\QCA_WLAN_Driver_1.0.0.1.ZIP

2013-10-28 17:04 - 2013-10-28 17:04 - 00000000 ____D C:\Program Files\SystemRequirementsLab

2013-10-28 17:03 - 2013-10-28 17:03 - 00000000 ____D C:\Users\Vera\SystemRequirementsLab

2013-10-28 16:51 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2013-10-28 16:51 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2013-10-28 16:51 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2013-10-28 16:51 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2013-10-28 16:51 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2013-10-28 16:51 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2013-10-28 16:51 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2013-10-28 16:51 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2013-10-28 16:51 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2013-10-28 16:51 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2013-10-28 16:51 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2013-10-28 16:51 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2013-10-28 16:51 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2013-10-28 16:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2013-10-28 16:51 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2013-10-28 16:51 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2013-10-28 16:51 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2013-10-28 16:48 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-28 16:48 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-28 16:48 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-28 16:48 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-28 16:48 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-28 16:48 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-28 16:48 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-28 16:48 - 2012-08-24 18:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-10-28 16:48 - 2012-08-24 18:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-10-28 16:48 - 2012-08-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-10-28 16:48 - 2012-08-24 17:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-10-28 16:48 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2013-10-28 13:09 - 2013-10-28 13:09 - 00143728 _____ C:\Windows\Minidump\102813-48859-01.dmp

2013-10-28 12:46 - 2013-10-28 12:46 - 00143728 _____ C:\Windows\Minidump\102813-42541-01.dmp

2013-10-28 12:29 - 2013-10-28 12:29 - 00143728 _____ C:\Windows\Minidump\102813-45365-01.dmp

2013-10-28 10:50 - 2013-10-28 10:50 - 04101145 _____ C:\Users\Vera\Downloads\tdsskiller.zip

2013-10-28 10:50 - 2013-10-15 15:37 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Vera\Desktop\TDSSKiller.exe

2013-10-28 10:47 - 2013-10-28 10:48 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Vera\Downloads\tdsskiller.exe

2013-10-28 10:42 - 2013-10-28 10:43 - 00143728 _____ C:\Windows\Minidump\102813-39889-01.dmp

2013-10-28 10:30 - 2013-10-28 10:31 - 00143728 _____ C:\Windows\Minidump\102813-46004-01.dmp

2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software

2013-10-27 20:57 - 2013-10-27 20:58 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe

2013-10-27 20:44 - 2013-10-27 20:45 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe

2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt

2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix

2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp

2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox

2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt

2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe

2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner

2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp

2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST

2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-25 13:52 - 2013-10-28 11:10 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi

2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache

2013-10-15 19:27 - 2013-10-29 10:33 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-15 19:25 - 2013-10-29 10:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

==================== One Month Modified Files and Folders =======
 

2013-10-29 11:02 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype

2013-10-29 11:01 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox

2013-10-29 10:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job

2013-10-29 10:34 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify

2013-10-29 10:33 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify

2013-10-29 10:02 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-29 10:02 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-29 09:54 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox

2013-10-29 09:53 - 2010-03-01 19:43 - 01532441 _____ C:\Windows\WindowsUpdate.log

2013-10-29 09:53 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-29 09:53 - 2009-07-14 05:39 - 00215590 _____ C:\Windows\setupact.log

2013-10-29 09:52 - 2013-10-29 09:52 - 00000384 _____ C:\Windows\system32\defogger_enable.log

2013-10-29 09:52 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera

2013-10-28 17:11 - 2013-10-28 17:09 - 77761996 _____ C:\Users\Vera\Downloads\QCA_WLAN_Driver_1.0.0.1.ZIP

2013-10-28 17:04 - 2013-10-28 17:04 - 00000000 ____D C:\Program Files\SystemRequirementsLab

2013-10-28 17:03 - 2013-10-28 17:03 - 00000000 ____D C:\Users\Vera\SystemRequirementsLab

2013-10-28 16:59 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-28 16:52 - 2009-09-30 04:14 - 00000000 ____D C:\Windows\system32\Drivers\de-DE

2013-10-28 16:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-10-28 13:09 - 2013-10-28 13:09 - 00143728 _____ C:\Windows\Minidump\102813-48859-01.dmp

2013-10-28 13:09 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump

2013-10-28 12:46 - 2013-10-28 12:46 - 00143728 _____ C:\Windows\Minidump\102813-42541-01.dmp

2013-10-28 12:29 - 2013-10-28 12:29 - 00143728 _____ C:\Windows\Minidump\102813-45365-01.dmp

2013-10-28 11:10 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar

2013-10-28 10:50 - 2013-10-28 10:50 - 04101145 _____ C:\Users\Vera\Downloads\tdsskiller.zip

2013-10-28 10:48 - 2013-10-28 10:47 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Vera\Downloads\tdsskiller.exe

2013-10-28 10:43 - 2013-10-28 10:42 - 00143728 _____ C:\Windows\Minidump\102813-39889-01.dmp

2013-10-28 10:31 - 2013-10-28 10:30 - 00143728 _____ C:\Windows\Minidump\102813-46004-01.dmp

2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software

2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software

2013-10-27 20:59 - 2010-03-01 22:22 - 00000000 ____D C:\Program Files\Opera

2013-10-27 20:58 - 2013-10-27 20:57 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe

2013-10-27 20:45 - 2013-10-27 20:44 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp

2013-10-27 20:44 - 2010-03-01 22:04 - 00098078 _____ C:\Windows\PFRO.log

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla

2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla

2013-10-27 20:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe

2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt

2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix

2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox

2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public

2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini

2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt

2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job

2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner

2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp

2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe

2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp

2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST

2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp

2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp

2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes

2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip

2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe

2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1

2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank

2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office

2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java

2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java

2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial

2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library

2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial

2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner

2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate

2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc

2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends

2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo

2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache

2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk

2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2013-10-15 15:37 - 2013-10-28 10:50 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Vera\Desktop\TDSSKiller.exe

2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG

2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT

2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google

2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög
 

Files to move or delete:

====================

C:\Users\Vera\Opera_1101_int_Setup.exe
 
 

Some content of TEMP:

====================

C:\Users\Vera\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-23 16:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-10-2013

Ran by Vera at 2013-10-29 11:00:14 Run:3

Running from C:\Users\Vera\Downloads

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

K:\Iexplorerprog1.vbs

K:\Roof.vbs

*****************
 

K:\Iexplorerprog1.vbs => Moved successfully.

K:\Roof.vbs => Moved successfully.
 

==== End of Fixlog ====

ok.

Schritt 1

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.10.29.04
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16721

Vera :: VERA-PC [Administrator]
 

Schutz: Aktiviert
 

29.10.2013 11:26:50

mbam-log-2013-10-29 (11-26-50).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 204698

Laufzeit: 10 Minute(n), 17 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Ok, sieht schon mal gut aus. Dann zum Schluss noch die Kontrolle mit ESET - dieser Scan könnte dann etwas länger dauern.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=7e6c52378d88c9449f79baeb7461a3de

# engine=15679

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-10-29 04:28:32

# local_time=2013-10-29 05:28:32 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 95 31405 204968351 24162 0

# compatibility_mode=5893 16776573 100 94 27435 134695303 0 0

# scanned=232210

# found=2

# cleaned=0

# scan_time=15565

sh=1D1E5E0CA73BE17BC3074C501858F318D12BE32B ft=0 fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\FRST\Quarantine\Iexplorerprog1.vbs"

sh=1D1E5E0CA73BE17BC3074C501858F318D12BE32B ft=0 fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\FRST\Quarantine\Roof.vbs"

Prima, diese beiden Funde sind nur noch die Dinger, die mit FRST gelöscht und in Quarantäne verschoben wurden.

Schritt 1

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 2

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:

Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

Starte defogger und drücke den Button Re-enable.
Deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

Erstmal vielen vielen Dank!!!
Hätte ich allein auf jeden Fall nicht hingekriegt und ich bin sehr positiv von diesem Board überrascht - schnelle und kompetente Hilfe!

Kann ich denn nun sicher sein, dass der Spy-Virus von meinem Computer verschwunden ist und ich ohne Bedenken Online-Banking und ähnliches ausführen kann?

Ansonsten habe ich mir die Tips und Tricks sorgfältig durchgelesen und einiges davon befolgt ;).

Also wenn für mich hier nichts mehr zu tun ist, sage ich "Tschüss" und "Danke" :)

Zitat:

Kann ich denn nun sicher sein, dass der Spy-Virus von meinem Computer verschwunden ist

Sicher sein kann man sich da prinzipiell nicht nach Malwarebefall. Es sieht zwar gut aus, dass alles erwischt wurde, aber wenn du maximal mögliche Sicherheit willst, musst du die Festplatte formatieren und das Betriebssystem neu installieren.

Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.