Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spy Eyes und blauer Bildschirm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.10.2013, 14:56   #1
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Hallo,

gestern fiel mir auch, dass mein USB Stick, nachdem ich ihm vom Copyshop zurückbekommen hatte, alle Dateien nur noch als Verknüpfungen angab. Daraufhin ließ ich mehrere Virusprogramme durchlaufen und eins (Malware) gab mir dann an, dass mehrere Viren auf meinem PC sind, unter anderem auch Spyeyes. Daraufhin löschte ich diese...

Heute wollte ich alles nochmal kontrollieren mit einer anderen Virus-Software (Malwarebytes Anti Malware) und daraufhin kam das während des Scans:

eine Fehlermeldung (blauer Bildschirm) A problem has been detected and windows has been shut down to prevent damage to your computer.


If this is the first time you see this stop error screen, restart your computer., etc. angezeigt wird und sich mein Laptop ausschaltet und wieder einschaltet.

Jetzt habe ich noch ein paar Mal probiert den Scan durchzuführen, aber er wird immer wieder abgebrochen.

Was kann/ muss ich tun???

Vielen Dank schon einmal für die Hilfe!
Brauche meinen Laptop wirklich dringend und habe keinerlei Ahnung von so etwas :/

Vera

Alt 26.10.2013, 15:07   #2
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Hallo Vera,

Zitat:
und eins (Malware) gab mir dann an, dass mehrere Viren auf meinem PC sind, unter anderem auch Spyeyes. Daraufhin löschte ich diese...
Poste bitte das Log dazu. Siehe hier: http://www.trojaner-board.de/125889-...en-posten.html


Zusätzlich:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.
__________________

__________________

Alt 26.10.2013, 15:36   #3
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



wie poste ich den Logfile?Einfach kopieren?

[Spoiler]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-26 16:28:58
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 14.0.0.383)
Bonanza Deals (remove only) (Version: 5.0.1.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-165C (Version: 1.0.1.0)
CDBurnerXP (Version: 4.4.1.3184)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.46.1.0327)
DivX-Setup (Version: 1.0.0.450)
Dropbox (HKCU Version: 2.0.22)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foto-Mosaik-Edda Standard V5.8.0
Google Update Helper (Version: 1.3.23.0)
HitmanPro 3.7 (Version: 3.7.8.207)
iPhone Backup Extractor (HKCU Version: 4.6.6.0)
iTunes (Version: 11.0.0.163)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Kreuzworträtsel Freeware
MAGIX Music Maker MX Premium Download-Version (Einführungsvideos) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Version: 18.0.0.42)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mediscript-CD GK1
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Skype™ 6.9 (Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Text-To-Speech-Runtime (Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VirtualCloneDrive
VLC media player 2.0.3 (Version: 2.0.3)
Winamp (Version: 5.572 )
Winamp Anwendungserkennung (HKCU Version: 1.0.0.1)
WinRAR

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2C392EBA-5683-404D-A16D-1C846075EFE8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {549BE28E-3410-45CF-8EF5-499C41DD628D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5FF1AA53-F159-4149-B782-E887C0FFBC86} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {9B360EC4-303D-42CD-B166-348140940616} - System32\Tasks\DigitalSite => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: {C7D4C442-B4BB-44EF-9FDB-B72320D8C478} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D1AD3161-06D7-4F36-9D48-99C3B295D239} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {FDF8DD9B-3B6F-45AF-A96D-E072EA5E0190} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-10-15 20:27 - 2013-10-15 20:27 - 34604032 _____ () C:\Users\Vera\AppData\Roaming\Spotify\Data\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vera\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-11 16:24 - 2013-05-24 16:40 - 00740352 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-03-11 16:24 - 2013-05-24 17:58 - 00130048 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-06-30 23:33 - 2013-04-10 01:39 - 00970240 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2010-01-27 03:07 - 2012-02-15 15:23 - 08527008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 419175

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 419175

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 418161

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 418161

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 417162

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 417162

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 416164


System errors:
=============
Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/26/2013 03:36:47 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000030, 0x00000002, 0x00000000, 0x952f28a5)C:\Windows\MEMORY.DMP102613-43056-01

Error: (10/26/2013 03:36:14 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎10.‎2013 um 15:34:44 unerwartet heruntergefahren.

Error: (10/26/2013 03:25:23 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (10/26/2013 03:21:54 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (02/17/2012 10:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/17/2012 10:58:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1543 seconds with 480 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3036.61 MB
Available physical RAM: 1356.52 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3888.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:1.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:92.09 GB) (Free:26.5 GB) NTFS
Drive e: () (Fixed) (Total:143 GB) (Free:122.04 GB) NTFS
Drive k: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7407B56E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 956 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=956 MB) - (Type=06)

==================== End Of Log ============================[/Spoiler]


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01
Ran by Vera (administrator) on VERA-PC on 26-10-2013 16:25:01
Running from E:\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Roof] - C:\Users\Vera\AppData\Local\Temp\Roof.vbs [60040 2013-09-29] () <===== ATTENTION
HKCU\...\Run: [Iexplorerprog1] - C:\Users\Vera\AppData\Local\Temp\Iexplorerprog1.vbs [60040 2013-09-29] () <===== ATTENTION
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
MountPoints2: {25d2fadd-904d-11e0-b80c-00265e9f4dce} - M:\LaunchU3.exe -a
MountPoints2: {9a5967c7-70a5-11e0-a6ab-00265e9f4dce} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {9a596853-70a5-11e0-a6ab-00265e9f4dce} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {e7182a56-926a-11e0-9241-00265e9f4dce} - G:\LaunchU3.exe -a
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673&type=default&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-02] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-02] (BonanzaDeals)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-25] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-26] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-05] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-26 16:24 - 2013-10-26 16:24 - 00000000 ____D C:\FRST
2013-10-26 16:17 - 2013-10-26 16:18 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 15:36 - 2013-10-26 15:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 15:25 - 2013-10-26 16:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-26 15:22 - 2013-10-26 15:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 14:06 - 2013-10-26 14:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 10:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 17:42 - 2013-10-25 17:43 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-25 14:52 - 2013-10-25 17:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 14:52 - 2013-10-25 16:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 14:52 - 2013-10-25 14:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 12:55 - 2013-10-25 12:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 20:25 - 2013-10-22 20:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 16:05 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 16:05 - 2013-10-21 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 16:05 - 2013-10-21 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 16:05 - 2013-10-21 16:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 16:05 - 2013-10-21 16:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 16:04 - 2013-10-21 16:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 10:38 - 2013-09-23 13:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi
2013-10-19 02:24 - 2013-10-19 02:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 02:15 - 2013-10-19 02:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 02:14 - 2013-10-19 02:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 01:34 - 2013-10-19 02:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 01:28 - 2013-10-19 01:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 14:02 - 2013-10-18 14:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 18:20 - 2013-10-17 18:23 - 00000000 ____D C:\Windows\rescache
2013-10-15 20:27 - 2013-10-25 20:13 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-15 20:27 - 2013-10-15 20:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 20:27 - 2013-10-15 20:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 20:25 - 2013-10-26 16:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-10 02:06 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:06 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:06 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 02:06 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:06 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 02:06 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:06 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 01:00 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 01:00 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 01:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 01:00 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 01:00 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 01:00 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 01:00 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 01:00 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 01:00 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 01:00 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 01:00 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 01:00 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 01:00 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 01:00 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 01:00 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 01:00 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 01:00 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 01:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 01:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 01:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 01:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 00:59 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 00:59 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 00:59 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 00:59 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 00:59 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 00:59 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 19:49 - 2013-10-07 19:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-02 01:14 - 2013-10-03 00:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 01:14 - 2013-10-03 00:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-02 00:15 - 2013-10-26 16:20 - 00000906 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-02 00:15 - 2013-10-26 15:20 - 00000910 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-02 00:14 - 2013-10-03 08:14 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\DigitalSite
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-09-30 09:02 - 2013-09-30 09:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög

==================== One Month Modified Files and Folders =======

2013-10-26 16:25 - 2013-10-26 15:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-26 16:25 - 2013-10-15 20:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-26 16:25 - 2010-03-01 20:43 - 01279772 _____ C:\Windows\WindowsUpdate.log
2013-10-26 16:24 - 2013-10-26 16:24 - 00000000 ____D C:\FRST
2013-10-26 16:21 - 2011-11-14 22:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox
2013-10-26 16:20 - 2013-10-02 00:15 - 00000906 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-26 16:20 - 2011-11-14 22:44 - 00000000 ___RD C:\Users\Vera\Dropbox
2013-10-26 16:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 16:20 - 2009-07-14 06:39 - 00214134 _____ C:\Windows\setupact.log
2013-10-26 16:18 - 2013-10-26 16:17 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 16:17 - 2010-03-01 20:56 - 00000000 ____D C:\Users\Vera
2013-10-26 15:45 - 2009-07-14 06:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 15:45 - 2009-07-14 06:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 15:36 - 2013-10-26 15:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 15:36 - 2013-03-15 09:26 - 00000000 ____D C:\Windows\Minidump
2013-10-26 15:27 - 2010-03-01 22:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype
2013-10-26 15:22 - 2013-10-26 15:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 15:20 - 2013-10-02 00:15 - 00000910 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-26 14:06 - 2013-10-26 14:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 13:41 - 2012-01-09 20:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 10:35 - 2013-10-26 10:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 20:13 - 2013-10-15 20:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-25 17:43 - 2013-10-25 17:42 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-25 17:30 - 2013-10-25 14:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 16:58 - 2013-10-25 14:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 16:38 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-25 16:36 - 2013-03-09 20:40 - 00000000 ____D C:\Program Files\7-Zip
2013-10-25 16:36 - 2010-03-01 23:04 - 00096052 _____ C:\Windows\PFRO.log
2013-10-25 14:52 - 2013-10-25 14:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 12:55 - 2013-10-25 12:55 - 00000000 ____D C:\PPF_Scan1
2013-10-24 20:15 - 2012-01-09 20:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
2013-10-22 20:27 - 2013-10-22 20:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 16:09 - 2010-04-02 12:52 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-21 16:05 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 16:04 - 2013-10-21 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 16:04 - 2013-10-21 16:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 16:04 - 2013-10-21 16:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 16:04 - 2013-10-21 16:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 16:04 - 2013-10-21 16:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 09:39 - 2009-07-14 06:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 02:24 - 2013-10-19 02:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 02:15 - 2013-10-19 02:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 02:14 - 2013-10-19 02:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 02:07 - 2013-10-19 01:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 01:29 - 2010-03-01 22:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 01:28 - 2013-10-19 01:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 01:28 - 2013-10-19 01:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 16:36 - 2010-03-11 20:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc
2013-10-18 14:41 - 2013-10-18 14:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 14:15 - 2013-10-18 14:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 18:23 - 2013-10-17 18:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 17:39 - 2013-01-31 18:26 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 17:39 - 2012-02-15 15:23 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 10:22 - 2010-03-01 21:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 20:27 - 2013-10-15 20:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 20:27 - 2013-10-15 20:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-11 08:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 07:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 02:11 - 2013-08-15 00:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 02:09 - 2010-03-28 19:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 02:08 - 2012-05-23 21:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-07 19:49 - 2013-10-07 19:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-07 13:00 - 2013-08-15 12:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 13:00 - 2013-08-15 12:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 13:00 - 2013-08-15 12:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 13:00 - 2013-08-15 12:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-03 08:14 - 2013-10-02 00:14 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-03 00:16 - 2013-10-02 01:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-03 00:16 - 2013-10-02 01:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Roaming\DigitalSite
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Users\Vera\AppData\Local\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-02 00:14 - 2013-10-02 00:14 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-02 00:14 - 2009-10-05 18:01 - 00001721 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 09:02 - 2013-09-30 09:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög

Files to move or delete:
====================
C:\Users\Vera\AppData\Local\Temp\Roof.vbs
C:\Users\Vera\AppData\Local\Temp\Iexplorerprog1.vbs
C:\Users\Vera\Opera_1101_int_Setup.exe


Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\Temp\20130514090632366jniverify.dll
C:\Users\Vera\AppData\Local\Temp\5d6843831c37d47abbbd4bebfcad6ef6.exe
C:\Users\Vera\AppData\Local\Temp\AskSLib.dll
C:\Users\Vera\AppData\Local\Temp\avgnt.exe
C:\Users\Vera\AppData\Local\Temp\contentDATs.exe
C:\Users\Vera\AppData\Local\Temp\FileSystemView.dll
C:\Users\Vera\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Vera\AppData\Local\Temp\iPodVoiceOverSetup.exe
C:\Users\Vera\AppData\Local\Temp\ose00000.exe
C:\Users\Vera\AppData\Local\Temp\ose00002.exe
C:\Users\Vera\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Vera\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Vera\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-23 17:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-26 16:28:58
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 14.0.0.383)
Bonanza Deals (remove only) (Version: 5.0.1.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-165C (Version: 1.0.1.0)
CDBurnerXP (Version: 4.4.1.3184)
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.00495)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495)
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
DAEMON Tools Lite (Version: 4.46.1.0327)
DivX-Setup (Version: 1.0.0.450)
Dropbox (HKCU Version: 2.0.22)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foto-Mosaik-Edda Standard V5.8.0
Google Update Helper (Version: 1.3.23.0)
HitmanPro 3.7 (Version: 3.7.8.207)
iPhone Backup Extractor (HKCU Version: 4.6.6.0)
iTunes (Version: 11.0.0.163)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Kreuzworträtsel Freeware
MAGIX Music Maker MX Premium Download-Version (Einführungsvideos) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) (Version: 1.0.0.0)
MAGIX Music Maker MX Premium Download-Version (Version: 18.0.0.42)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mediscript-CD GK1
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Skype™ 6.9 (Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
SRWare Iron Version SRWare Iron 27.0.1500.0 (Version: SRWare Iron 27.0.1500.0)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Text-To-Speech-Runtime (Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VirtualCloneDrive
VLC media player 2.0.3 (Version: 2.0.3)
Winamp (Version: 5.572 )
Winamp Anwendungserkennung (HKCU Version: 1.0.0.1)
WinRAR

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2C392EBA-5683-404D-A16D-1C846075EFE8} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {549BE28E-3410-45CF-8EF5-499C41DD628D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5FF1AA53-F159-4149-B782-E887C0FFBC86} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {9B360EC4-303D-42CD-B166-348140940616} - System32\Tasks\DigitalSite => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: {C7D4C442-B4BB-44EF-9FDB-B72320D8C478} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D1AD3161-06D7-4F36-9D48-99C3B295D239} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-02] (BonanzaDeals)
Task: {FDF8DD9B-3B6F-45AF-A96D-E072EA5E0190} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Vera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job => C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-10-15 20:27 - 2013-10-15 20:27 - 34604032 _____ () C:\Users\Vera\AppData\Roaming\Spotify\Data\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Vera\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-11 16:24 - 2013-05-24 16:40 - 00740352 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-03-11 16:24 - 2013-05-24 17:58 - 00130048 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-06-30 23:33 - 2013-04-10 01:39 - 00970240 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2010-01-27 03:07 - 2012-02-15 15:23 - 08527008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 419175

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 419175

Error: (10/26/2013 02:03:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 418161

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 418161

Error: (10/26/2013 02:03:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 417162

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 417162

Error: (10/26/2013 02:03:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2013 02:03:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 416164


System errors:
=============
Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (10/26/2013 04:20:16 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (10/26/2013 03:36:13 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/26/2013 03:36:47 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000030, 0x00000002, 0x00000000, 0x952f28a5)C:\Windows\MEMORY.DMP102613-43056-01

Error: (10/26/2013 03:36:14 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎10.‎2013 um 15:34:44 unerwartet heruntergefahren.

Error: (10/26/2013 03:25:23 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/26/2013 03:25:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (10/26/2013 03:21:54 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (02/17/2012 10:59:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/17/2012 10:58:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1543 seconds with 480 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3036.61 MB
Available physical RAM: 1356.52 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3888.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:1.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:92.09 GB) (Free:26.5 GB) NTFS
Drive e: () (Fixed) (Total:143 GB) (Free:122.04 GB) NTFS
Drive k: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7407B56E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 956 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=956 MB) - (Type=06)

==================== End Of Log ============================
         
die Ergebnisse von Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.26.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Vera :: VERA-PC [Administrator]

Schutz: Aktiviert

26.10.2013 10:40:49
mbam-log-2013-10-26 (10-40-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 421565
Laufzeit: 3 Stunde(n), 13 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 74
HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealslive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BONANZADEALSLIVE.EXE (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3COMClassService (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3WebSvc (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.ProcessLauncher (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3WebMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLive.OneClickCtrl.9 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLive.OneClickProcessLauncherMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{6802463D-636F-41FE-9924-4CAD56906590} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CoreMachineClass.1 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CoreMachineClass (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CoreClass.1 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CoreClass (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLive.Update3WebControl.3 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CoCreateAsync (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.CredentialDialogMachine (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\BonanzaDealsLiveUpdate.Update3WebMachineFallback (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0041858.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0041858.BHO.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0041858.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0041858.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\AppID\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealslivem (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0B2O1B1F1H2Y0G -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Daten: C:\Program Files\BonanzaDeals\BonanzaDeals.crx -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 19
C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0 (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\Download (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\Install (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\Offline (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\Offline\{DD3AB20C-15B1-486E-B8F9-A7DDBBC759CF} (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 95
C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Temp\eIntaller\9104687149004e359984111BE6629508\eXQ.exe (PUP.Optional.Wilsys.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Temp\is1590112554\33237332_stp.EXE (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Temp\is1590112554\33237285_stp\cor_ar_201392319852_qvo6.exe (PUP.Optional.Elex) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Temp\is1590112554\33237425_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Windows\Temp\41858_updater.exe (PUP.Optional.Lyrics.A) -> Keine Aktion durchgeführt.
E:\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\BonanzaDeals.crx (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\BonanzaDeals.xpi (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\BonanzaDealsIE64.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\BonanzaDealsUpdate.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\BonanzaDealsUpdateRun.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\icon.ico (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDeals\uninst.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals Help.url (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals.url (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Uninstall Bonanza Deals.lnk (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\background.js (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\manifest.json (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon128.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon16.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon48.png (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHelper.msi (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
2013/10/26 10:36:31 +0200	VERA-PC	Vera	MESSAGE	Starting protection
2013/10/26 10:36:31 +0200	VERA-PC	Vera	MESSAGE	Protection started successfully
2013/10/26 10:36:31 +0200	VERA-PC	Vera	MESSAGE	Starting IP protection
2013/10/26 10:37:01 +0200	VERA-PC	Vera	MESSAGE	IP Protection started successfully
2013/10/26 10:37:26 +0200	VERA-PC	Vera	MESSAGE	Starting database refresh
2013/10/26 10:37:26 +0200	VERA-PC	Vera	MESSAGE	Stopping IP protection
2013/10/26 10:37:34 +0200	VERA-PC	Vera	MESSAGE	IP Protection stopped successfully
2013/10/26 10:37:38 +0200	VERA-PC	Vera	MESSAGE	Database refreshed successfully
2013/10/26 10:37:38 +0200	VERA-PC	Vera	MESSAGE	Starting IP protection
2013/10/26 10:37:42 +0200	VERA-PC	Vera	MESSAGE	IP Protection started successfully
2013/10/26 11:48:30 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50531, Process: iron.exe)
2013/10/26 11:48:30 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50537, Process: iron.exe)
2013/10/26 11:48:54 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50540, Process: iron.exe)
2013/10/26 11:48:54 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50546, Process: iron.exe)
2013/10/26 11:49:03 +0200	VERA-PC	Vera	IP-BLOCK	37.221.167.121 (Type: outgoing, Port: 50573, Process: iron.exe)
2013/10/26 11:49:03 +0200	VERA-PC	Vera	IP-BLOCK	37.221.167.121 (Type: outgoing, Port: 50575, Process: iron.exe)
2013/10/26 11:49:11 +0200	VERA-PC	Vera	IP-BLOCK	37.221.167.121 (Type: outgoing, Port: 50576, Process: iron.exe)
2013/10/26 11:51:52 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50689, Process: iron.exe)
2013/10/26 11:51:52 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50694, Process: iron.exe)
2013/10/26 11:52:01 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50699, Process: iron.exe)
2013/10/26 11:52:01 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50703, Process: iron.exe)
2013/10/26 11:52:09 +0200	VERA-PC	Vera	IP-BLOCK	37.221.167.126 (Type: outgoing, Port: 50714, Process: iron.exe)
2013/10/26 11:52:09 +0200	VERA-PC	Vera	IP-BLOCK	37.221.167.126 (Type: outgoing, Port: 50715, Process: iron.exe)
2013/10/26 11:52:09 +0200	VERA-PC	Vera	IP-BLOCK	37.221.161.131 (Type: outgoing, Port: 50720, Process: iron.exe)
2013/10/26 11:52:09 +0200	VERA-PC	Vera	IP-BLOCK	37.221.161.131 (Type: outgoing, Port: 50721, Process: iron.exe)
2013/10/26 11:52:17 +0200	VERA-PC	Vera	IP-BLOCK	37.221.161.131 (Type: outgoing, Port: 50739, Process: iron.exe)
2013/10/26 11:52:17 +0200	VERA-PC	Vera	IP-BLOCK	37.221.161.131 (Type: outgoing, Port: 50740, Process: iron.exe)
2013/10/26 11:53:06 +0200	VERA-PC	Vera	IP-BLOCK	78.140.143.6 (Type: outgoing, Port: 50775, Process: iron.exe)
2013/10/26 12:43:19 +0200	VERA-PC	Vera	MESSAGE	Executing scheduled update:  Daily
2013/10/26 12:43:23 +0200	VERA-PC	Vera	MESSAGE	Database already up-to-date
2013/10/26 15:22:51 +0200	VERA-PC	Vera	MESSAGE	Starting protection
2013/10/26 15:22:51 +0200	VERA-PC	Vera	MESSAGE	Protection started successfully
2013/10/26 15:22:51 +0200	VERA-PC	Vera	MESSAGE	Starting IP protection
2013/10/26 15:22:57 +0200	VERA-PC	Vera	MESSAGE	IP Protection started successfully
2013/10/26 15:37:02 +0200	VERA-PC	Vera	MESSAGE	Starting protection
2013/10/26 15:37:02 +0200	VERA-PC	Vera	MESSAGE	Protection started successfully
2013/10/26 15:37:02 +0200	VERA-PC	Vera	MESSAGE	Starting IP protection
2013/10/26 15:37:06 +0200	VERA-PC	Vera	MESSAGE	IP Protection started successfully
2013/10/26 16:20:29 +0200	VERA-PC	Vera	MESSAGE	Starting protection
2013/10/26 16:20:29 +0200	VERA-PC	Vera	MESSAGE	Protection started successfully
2013/10/26 16:20:29 +0200	VERA-PC	Vera	MESSAGE	Starting IP protection
2013/10/26 16:20:36 +0200	VERA-PC	Vera	MESSAGE	IP Protection started successfully
         
__________________

Alt 26.10.2013, 17:20   #4
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Hallo,

ja da läuft unschöne Malware.


Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.



Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von FRST
__________________
cheers,
Leo

Alt 27.10.2013, 20:26   #5
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Code:
ATTFilter
ComboFix 13-10-26.01 - Vera 27.10.2013  19:43:25.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1885 [GMT 1:00]
ausgeführt von:: c:\users\Vera\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-27 bis 2013-10-27  ))))))))))))))))))))))))))))))
.
.
2013-10-26 18:17 . 2013-10-27 18:32	--------	d-----w-	C:\AdwCleaner
2013-10-26 14:24 . 2013-10-26 14:24	--------	d-----w-	C:\FRST
2013-10-26 08:35 . 2013-10-26 08:35	--------	d-----w-	c:\users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 08:35 . 2013-10-26 08:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-10-26 08:35 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-10-25 15:42 . 2013-10-25 15:50	--------	d-----w-	c:\programdata\HitmanPro
2013-10-25 12:53 . 2013-10-25 12:53	--------	d-----w-	c:\programdata\Malwarebytes
2013-10-25 12:53 . 2013-10-25 15:30	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-25 12:52 . 2013-10-25 14:58	75992	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-10-25 10:55 . 2013-10-25 10:55	--------	d-----w-	C:\PPF_Scan1
2013-10-21 14:09 . 2013-10-21 14:09	--------	d-----w-	c:\program files\Microsoft
2013-10-21 14:05 . 2013-10-21 14:05	--------	d-----w-	c:\program files\Common Files\Java
2013-10-21 14:05 . 2013-10-21 14:04	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-10-21 14:04 . 2013-10-21 14:04	--------	d-----w-	c:\program files\Java
2013-10-18 23:28 . 2013-10-18 23:28	--------	d-----w-	c:\users\Vera\AppData\Roaming\Reincubate
2013-10-17 16:20 . 2013-10-17 16:23	--------	d-----w-	c:\windows\rescache
2013-10-15 18:27 . 2013-10-27 10:06	--------	d-----w-	c:\users\Vera\AppData\Local\Spotify
2013-10-15 18:25 . 2013-10-27 18:35	--------	d-----w-	c:\users\Vera\AppData\Roaming\Spotify
2013-10-09 23:00 . 2013-07-04 11:50	530432	----a-w-	c:\windows\system32\comctl32.dll
2013-10-09 22:59 . 2013-07-12 10:08	146816	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2013-10-09 22:59 . 2013-07-12 10:07	86016	----a-w-	c:\windows\system32\drivers\usbcir.sys
2013-10-09 22:59 . 2013-07-04 11:57	205824	----a-w-	c:\windows\system32\WebClnt.dll
2013-10-09 22:59 . 2013-07-04 11:51	81920	----a-w-	c:\windows\system32\davclnt.dll
2013-10-09 22:59 . 2013-07-04 09:48	115712	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2013-10-09 22:59 . 2013-06-25 22:56	527064	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-10-07 17:49 . 2013-10-07 17:49	--------	d-----w-	c:\program files\Common Files\Skype
2013-10-01 22:14 . 2013-10-01 22:14	--------	d-----w-	c:\users\Vera\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 18:55 . 2013-10-26 18:24	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A2EB6B0-7CB4-41A2-ABB5-459C40083D70}\offreg.dll
2013-10-14 06:39 . 2013-10-25 07:32	7796464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A2EB6B0-7CB4-41A2-ABB5-459C40083D70}\mpengine.dll
2013-10-07 11:00 . 2013-08-15 10:36	67680	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-10-07 11:00 . 2013-08-15 10:24	89376	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-10-07 11:00 . 2013-08-15 10:24	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-10-07 11:00 . 2013-08-15 10:24	137208	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-03 12:35 . 2010-03-05 10:10	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-08-05 01:56 . 2013-09-11 22:44	133056	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-11 22:44	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-11 22:44	293376	----a-w-	c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 22:44	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-11 22:44	271360	----a-w-	c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-11 22:44	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:44	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:44	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cxlacuxatx.exe"="c:\cxlacuxatx.exe\cxlacuxatx.exe" [BU]
"Facebook Update"="c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Spotify"="c:\users\Vera\AppData\Roaming\Spotify\Spotify.exe" [2013-10-15 4752384]
"Spotify Web Helper"="c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-15 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-07 681032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Iexplorerprog1.vbs [2013-9-29 60040]
Roof.vbs [2013-9-29 60040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Vera^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 14:28	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 14:46	1159168	------w-	c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 08:26	114688	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46	3673728	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
c:\program files\ICQ7.0\ICQ.exe [BU]
.
R2 SkypeUpdate;Skype Updater;c:\windows.old\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-08-03 87976]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-02 1343400]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-10-07 1164360]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-10-07 440392]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
- c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 17:36]
.
2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
- c:\users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 17:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 62.81.16.148 62.81.16.213
TCP: Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: NameServer = 129.143.2.1,129.143.2.4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Kreuzworträtsel Freeware - c:\windows\unin0407.exe
AddRemove-{BF962E1B-D17A-4713-A100-6531A132D83D}_is1 - c:\program files\Foto-Mosaik-Edda\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5920)
c:\users\Vera\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\windows\system32\sppsvc.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
c:\users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-27  20:04:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-27 19:04
.
Vor Suchlauf: 2.884.231.168 Bytes frei
Nach Suchlauf: 2.736.218.112 Bytes frei
.
- - End Of File - - 4D6D6ACACE0370FC1D9251839A76F171
A36C5E4F47E84449FF07ED3517B43A31
         
Code:
ATTFilter
# AdwCleaner v3.010 - Bericht erstellt am 27/10/2013 um 19:32:58
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Vera - VERA-PC
# Gestartet von : E:\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


*************************

AdwCleaner[R0].txt - [4486 octets] - [26/10/2013 19:17:30]
AdwCleaner[R1].txt - [3754 octets] - [26/10/2013 19:51:22]
AdwCleaner[R2].txt - [833 octets] - [26/10/2013 19:55:51]
AdwCleaner[R3].txt - [892 octets] - [27/10/2013 19:32:13]
AdwCleaner[S0].txt - [3429 octets] - [26/10/2013 19:52:08]
AdwCleaner[S1].txt - [814 octets] - [27/10/2013 19:32:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v3.010 - Bericht erstellt am 26/10/2013 um 20:52:08
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Vera - VERA-PC
# Gestartet von : E:\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Vera\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Vera\AppData\Roaming\digitalsite
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Vera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\digitalsite
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B360EC4-303D-42CD-B166-348140940616}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B360EC4-303D-42CD-B166-348140940616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041858.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455185558}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466186658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444184458}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\Software\qvo6Software

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


*************************

AdwCleaner[R0].txt - [4486 octets] - [26/10/2013 20:17:30]
AdwCleaner[R1].txt - [3754 octets] - [26/10/2013 20:51:22]
AdwCleaner[S0].txt - [3289 octets] - [26/10/2013 20:52:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3349 octets] ##########
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013
Ran by Vera (administrator) on VERA-PC on 27-10-2013 20:21:50
Running from C:\Users\Vera\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox
2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt
2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:17 - 2013-10-26 15:18 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 13:52 - 2013-10-25 16:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-27 11:06 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 19:25 - 2013-10-27 20:08 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög

==================== One Month Modified Files and Folders =======

2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:08 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-27 20:05 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 20:05 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix
2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox
2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-10-27 20:02 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 20:00 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox
2013-10-27 19:59 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox
2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-10-27 19:56 - 2010-03-01 22:04 - 00097744 _____ C:\Windows\PFRO.log
2013-10-27 19:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 19:56 - 2009-07-14 05:39 - 00214694 _____ C:\Windows\setupact.log
2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt
2013-10-27 19:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
2013-10-27 19:39 - 2010-03-01 19:43 - 01353725 _____ C:\Windows\WindowsUpdate.log
2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner
2013-10-27 11:06 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:47 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump
2013-10-26 19:35 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera
2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:18 - 2013-10-26 15:17 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:27 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 16:30 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 06:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög

Files to move or delete:
====================
C:\Users\Vera\Opera_1101_int_Setup.exe


Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-23 16:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hey,

also ich habe alle Scans durchgeführt und alles hat soweit funktioniert. Es gibt zwei AdwCleaner Dateien, da ich erst noch nicht alle Programme geschlossen hatte. Hoffe ich habe alles richtig gemacht. Während ich das erste Mal CombaFix durchgeführt habe, ist mein Computer wieder abgestürzt ("blauer Bildschirm"), das zweite Mal hat es dann aber funktionert.
Ich habe während aller Scans meinen USB-Stick stecken gelassen, da ich vermute, dass dieser auch infiziert ist. Ist das richtig oder sollte ich den lieber entfernen?

Vielen Dank schon mal bisher, Vera


Alt 28.10.2013, 09:31   #6
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Hallo Vera,

du hast es richtig gemacht.
Aber noch ist nicht alle Malware erwischt worden.


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
C:\cxlacuxatx.exe
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Starte den Rechner neu auf und mach danach einen FRST-Scan:

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Spy Eyes und blauer Bildschirm

Alt 28.10.2013, 09:49   #7
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Guten Morgen,

hierFix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-28 09:38:41 Run:1
Running from E:\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
C:\cxlacuxatx.exe
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe => Value deleted successfully.
"C:\cxlacuxatx.exe" => File/Directory not found.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs => Moved successfully.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs => Moved successfully.

==== End of Fixlog ==== das erste Dokument...
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01
Ran by Vera at 2013-10-28 09:38:41 Run:1
Running from E:\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [cxlacuxatx.exe] - C:\cxlacuxatx.exe\cxlacuxatx.exe
C:\cxlacuxatx.exe
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs ()
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe => Value deleted successfully.
"C:\cxlacuxatx.exe" => File/Directory not found.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iexplorerprog1.vbs => Moved successfully.
C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roof.vbs => Moved successfully.

==== End of Fixlog ====
         
[C
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013 01
Ran by Vera (administrator) on VERA-PC on 28-10-2013 09:44:13
Running from E:\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Vera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Spotify] - C:\Users\Vera\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-15] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Vera\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-15] (Spotify Ltd)
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Vera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6F308064214CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{A97497F2-7B92-42E7-9E70-506C20620E93}: [NameServer]129.143.2.1,129.143.2.4

FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\4ym0zwfx.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Vera\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vera\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; C:\Windows.old\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-04] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp
2013-10-27 20:59 - 2013-10-27 20:59 - 00017772 _____ C:\Users\Vera\Desktop\Opera 12 Notes.html
2013-10-27 20:59 - 2013-10-27 20:59 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software
2013-10-27 20:57 - 2013-10-27 20:58 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe
2013-10-27 20:44 - 2013-10-27 23:38 - 316550734 _____ C:\Windows\MEMORY.DMP
2013-10-27 20:44 - 2013-10-27 20:45 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla
2013-10-27 20:23 - 2013-10-27 20:23 - 00028226 _____ C:\Users\Vera\Downloads\FRST.txt
2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 19:41 - 2013-10-27 20:04 - 00000000 ____D C:\ComboFix
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:19 - 2013-10-27 20:04 - 00000000 ____D C:\Qoobox
2013-10-26 19:19 - 2013-10-27 19:55 - 00000000 ____D C:\Windows\erdnt
2013-10-26 19:19 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-26 19:19 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-26 19:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-26 19:19 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-26 19:18 - 2013-10-26 19:19 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 19:17 - 2013-10-27 19:32 - 00000000 ____D C:\AdwCleaner
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:17 - 2013-10-26 15:18 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 09:35 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 13:52 - 2013-10-25 16:30 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 13:52 - 2013-10-25 15:58 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:25 - 2013-10-22 19:27 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:05 - 2013-10-21 15:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:05 - 2013-10-21 15:04 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 09:38 - 2013-09-23 12:13 - 00248650 _____ C:\Users\Vera\Desktop\sqlite_manager-0.8.1-fx+tb+sm.xpi
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 00:34 - 2013-10-19 01:07 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:02 - 2013-10-18 13:15 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:20 - 2013-10-17 17:23 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-27 11:06 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-15 19:25 - 2013-10-28 09:45 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-10 01:06 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 01:06 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 01:06 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 01:06 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 01:06 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 01:06 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:00 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 00:00 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 00:00 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 00:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 00:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 00:00 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 00:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 00:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 00:00 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 00:00 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 00:00 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 00:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:00 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 00:00 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 00:00 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 00:00 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 00:00 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 00:00 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 00:00 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 23:59 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 23:59 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:59 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:59 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:59 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:59 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-02 00:14 - 2013-10-02 23:16 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 00:14 - 2013-10-02 23:16 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög

==================== One Month Modified Files and Folders =======

2013-10-28 09:46 - 2011-11-14 21:41 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Dropbox
2013-10-28 09:45 - 2013-10-15 19:25 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Spotify
2013-10-28 09:42 - 2011-11-14 21:44 - 00000000 ___RD C:\Users\Vera\Dropbox
2013-10-28 09:41 - 2010-03-01 19:43 - 01391039 _____ C:\Windows\WindowsUpdate.log
2013-10-28 09:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 09:41 - 2009-07-14 05:39 - 00215030 _____ C:\Windows\setupact.log
2013-10-28 09:36 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 09:36 - 2009-07-14 05:34 - 00011168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 08:12 - 2010-03-01 20:08 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 23:38 - 2013-10-27 23:38 - 00143728 _____ C:\Windows\Minidump\102713-20919-01.dmp
2013-10-27 23:38 - 2013-10-27 20:44 - 316550734 _____ C:\Windows\MEMORY.DMP
2013-10-27 23:38 - 2013-03-15 08:26 - 00000000 ____D C:\Windows\Minidump
2013-10-27 22:41 - 2012-01-09 19:30 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000UA.job
2013-10-27 20:59 - 2013-10-27 20:59 - 00017772 _____ C:\Users\Vera\Desktop\Opera 12 Notes.html
2013-10-27 20:59 - 2013-10-27 20:59 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Opera Software
2013-10-27 20:59 - 2013-10-27 20:59 - 00000000 ____D C:\Users\Vera\AppData\Local\Opera Software
2013-10-27 20:59 - 2010-03-01 22:22 - 00000000 ____D C:\Program Files\Opera
2013-10-27 20:58 - 2013-10-27 20:57 - 33727472 _____ (Opera Software ASA) C:\Users\Vera\Downloads\Opera_17.0.1241.53_Setup.exe
2013-10-27 20:45 - 2013-10-27 20:44 - 00143728 _____ C:\Windows\Minidump\102713-26457-01.dmp
2013-10-27 20:44 - 2010-03-01 22:04 - 00098078 _____ C:\Windows\PFRO.log
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Mozilla
2013-10-27 20:34 - 2013-10-27 20:34 - 00000000 ____D C:\Users\Vera\AppData\Local\Mozilla
2013-10-27 20:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-27 20:23 - 2013-10-27 20:23 - 00028226 _____ C:\Users\Vera\Downloads\FRST.txt
2013-10-27 20:21 - 2013-10-27 20:21 - 01089097 _____ (Farbar) C:\Users\Vera\Downloads\FRST.exe
2013-10-27 20:04 - 2013-10-27 20:04 - 00016928 _____ C:\ComboFix.txt
2013-10-27 20:04 - 2013-10-27 19:41 - 00000000 ____D C:\ComboFix
2013-10-27 20:04 - 2013-10-26 19:19 - 00000000 ____D C:\Qoobox
2013-10-27 20:04 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-10-27 19:58 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-10-27 19:55 - 2013-10-26 19:19 - 00000000 ____D C:\Windows\erdnt
2013-10-27 19:41 - 2012-01-09 19:30 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250635606-3803310348-3835704836-1000Core.job
2013-10-27 19:32 - 2013-10-26 19:17 - 00000000 ____D C:\AdwCleaner
2013-10-27 11:06 - 2013-10-15 19:27 - 00000000 ____D C:\Users\Vera\AppData\Local\Spotify
2013-10-26 19:52 - 2009-10-05 17:01 - 00001150 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 19:47 - 2013-10-26 19:47 - 00143728 _____ C:\Windows\Minidump\102613-19234-01.dmp
2013-10-26 19:35 - 2010-03-01 19:56 - 00000000 ____D C:\Users\Vera
2013-10-26 19:19 - 2013-10-26 19:18 - 05136694 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2013-10-26 16:57 - 2013-10-26 16:57 - 00143728 _____ C:\Windows\Minidump\102613-17440-01.dmp
2013-10-26 15:24 - 2013-10-26 15:24 - 00000000 ____D C:\FRST
2013-10-26 15:18 - 2013-10-26 15:17 - 00000176 _____ C:\Users\Vera\defogger_reenable
2013-10-26 14:36 - 2013-10-26 14:36 - 00143776 _____ C:\Windows\Minidump\102613-43056-01.dmp
2013-10-26 14:27 - 2010-03-01 21:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Skype
2013-10-26 14:22 - 2013-10-26 14:22 - 00143776 _____ C:\Windows\Minidump\102613-53087-01.dmp
2013-10-26 13:06 - 2013-10-26 13:06 - 00000036 _____ C:\Users\Vera\AppData\Roaming\mbam.context.scan
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Malwarebytes
2013-10-26 09:35 - 2013-10-26 09:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 16:30 - 2013-10-25 13:52 - 00000000 ____D C:\Users\Vera\Desktop\mbar
2013-10-25 15:58 - 2013-10-25 13:52 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-25 15:38 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-25 15:36 - 2013-03-09 19:40 - 00000000 ____D C:\Program Files\7-Zip
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
2013-10-25 11:55 - 2013-10-25 11:55 - 00000000 ____D C:\PPF_Scan1
2013-10-22 19:27 - 2013-10-22 19:25 - 00000000 ____D C:\Users\Vera\Desktop\Bank
2013-10-21 15:09 - 2010-04-02 11:52 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-21 15:05 - 2013-10-21 15:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-21 15:04 - 2013-10-21 15:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-21 15:04 - 2013-10-21 15:05 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-21 15:04 - 2013-10-21 15:04 - 00000000 ____D C:\Program Files\Java
2013-10-19 08:39 - 2009-07-14 05:33 - 00492904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-19 01:24 - 2013-10-19 01:24 - 00000000 _____ C:\Users\Vera\Desktop\AddressBook.sqlitedb.vws1qqa.partial
2013-10-19 01:15 - 2013-10-19 01:15 - 00000000 ____D C:\Users\Vera\Desktop\Library
2013-10-19 01:14 - 2013-10-19 01:14 - 00000000 _____ C:\Users\Vera\Downloads\AddressBook.sqlitedb.jqbh8sr.partial
2013-10-19 01:07 - 2013-10-19 00:34 - 00000000 ____D C:\Users\Vera\Desktop\Neuer Ordner
2013-10-19 00:29 - 2010-03-01 21:28 - 00149776 _____ C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 00:28 - 2013-10-19 00:28 - 00001242 _____ C:\Users\Vera\Desktop\iPhone Backup Extractor.lnk
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Reincubate
2013-10-19 00:28 - 2013-10-19 00:28 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2013-10-18 15:36 - 2010-03-11 19:04 - 00000000 ____D C:\Users\Vera\AppData\Roaming\vlc
2013-10-18 13:41 - 2013-10-18 13:41 - 00000000 ____D C:\Users\Vera\Desktop\Portugal The Man - Evil Friends
2013-10-18 13:15 - 2013-10-18 13:02 - 00000000 ____D C:\Users\Vera\Desktop\Electric Guest - Mondo
2013-10-17 17:23 - 2013-10-17 17:20 - 00000000 ____D C:\Windows\rescache
2013-10-15 19:27 - 2013-10-15 19:27 - 00001799 _____ C:\Users\Vera\Desktop\Spotify.lnk
2013-10-15 19:27 - 2013-10-15 19:27 - 00001785 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-10-11 07:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 06:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 01:11 - 2013-08-14 23:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 01:09 - 2010-03-28 18:30 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 01:08 - 2012-05-23 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-07 18:49 - 2013-10-07 18:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-07 12:00 - 2013-08-15 11:36 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00089376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:00 - 2013-08-15 11:24 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-02 23:16 - 2013-10-02 00:14 - 00000093 _____ C:\Users\Vera\AppData\Roaming\WB.CFG
2013-10-02 23:16 - 2013-10-02 00:14 - 00000006 _____ C:\Users\Vera\AppData\Roaming\WBPU-TTL.DAT
2013-10-01 23:14 - 2013-10-01 23:14 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2013-09-30 08:02 - 2013-09-30 08:02 - 00000000 ____D C:\Users\Vera\Desktop\Bafög

Files to move or delete:
====================
C:\Users\Vera\Opera_1101_int_Setup.exe


Some content of TEMP:
====================
C:\Users\Vera\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-23 16:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---
ODE][/CODE]


Nach den ganzen Scans gestern ist auch noch zwei Mal dieser blaue Kasten erschienen. Also scheint mein PC wirklich noch nicht sauber zu sein. Außerdem spinnt mein Browser immer wieder, denn es kommt immer wieder die Meldung:
Kein Zugriff auf das Netzwerk
Die Verbindung zu 3c.gmx.net wurde durch eine Änderungen in der Netzwerkverbindung unterbrochen.

Hängt das auch mit dem Virus zusammen?

Alt 28.10.2013, 10:18   #8
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Zitat:
2013-10-25 13:52 - 2013-10-25 13:52 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Vera\Downloads\mbar-1.07.0.1007.exe
Hast du MBAR (Malwarebytes_Anti-Rootkit) nur heruntergeladen oder auch scannen lassen?
__________________
cheers,
Leo

Alt 28.10.2013, 10:20   #9
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



auch scannen lassen...habe ich in meinem zweiten Post geschickt.

Alt 28.10.2013, 10:24   #10
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Zitat:
habe ich in meinem zweiten Post geschickt.
Dort seh ich eben nur das Log von Malwarebytes_Anti-Malware (MBAM). Das ist nicht ganz das Gleiche wie Malwarebytes_Anti-Rootkit (MBAR).
Hast du das MBAR-Log auch noch? (Vielleicht im Ordner C:\Users\Vera\Desktop\mbar)
__________________
cheers,
Leo

Alt 28.10.2013, 10:27   #11
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Vera :: VERA-PC [administrator]

25.10.2013 14:53:41
mbar-log-2013-10-25 (14-53-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 208505
Time elapsed: 1 hour(s), 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS543232L9A300_090803FB8400CEH5A92AX&ts=1380665673) Good: (hxxp://www.google.com) -> Replace on reboot.

Folders Detected: 1
C:\cxlacuxatx.exe (Trojan.SpyEyes.Gen) -> Delete on reboot.

Files Detected: 1
C:\cxlacuxatx.exe\config.bin (Trojan.SpyEyes.Gen) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16721
Vera :: VERA-PC [administrator]

25.10.2013 16:58:39
mbar-log-2013-10-25 (16-58-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 203419
Time elapsed: 26 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 28.10.2013, 10:29   #12
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



ok.


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
cheers,
Leo

Alt 28.10.2013, 10:47   #13
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



[CODE][/---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3184119808, free: 798097408

Initializing...
======================
------------ Kernel report ------------
10/25/2013 14:53:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ast03e87.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Program Files\DAEMON Tools Lite\Engine.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff85ea5ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff85e792e8
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff85ea5ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xffffffff85e792e8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86490798
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff863a8908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86490798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864903d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86490798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863a8908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffbdbf94a8, 0xffffffff86490798, 0xffffffff87996ac8
Lower DeviceData: 0xffffffff88139de8, 0xffffffff863a8908, 0xffffffff861b6128
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7407B56E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 104857600
Partition is not bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 132122624 Numsec = 193120256

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 325242880 Numsec = 299896832

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff85ea5ac8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861e1580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85ea5ac8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e792e8, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffff96f9ce60, 0xffffffff85ea5ac8, 0xffffffff860b4818
Lower DeviceData: 0xffffffff88094b40, 0xffffffff85e792e8, 0xffffffff85934370
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 1957856

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1002438656 bytes
Sector size: 512 bytes

Done!
Infected: C:\cxlacuxatx.exe --> [Trojan.SpyEyes.Gen]
Infected: C:\cxlacuxatx.exe\config.bin --> [Trojan.SpyEyes.Gen]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL --> [Hijack.StartPage]
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL --> [Hijack.StartPage]
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [Hijack.StartPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_27265024_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3184119808, free: 1979482112

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3184119808, free: 2322128896

Initializing...
======================
------------ Kernel report ------------
10/25/2013 16:58:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8604b318
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff86053030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85868090
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85701908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85868090, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85869cc8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85868090, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85701908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7407B56E

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 104857600
Partition is not bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 132122624 Numsec = 193120256

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 325242880 Numsec = 299896832

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8604b318, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8604a568, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8604b318, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86053030, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 1957856

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1002438656 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_27265024_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
CODE]

Sorry für den langen Post...mein PC ist gerade wieder zwei Mal abgestürzt, das zweite Mal ging nichts mehr...
ok, werde mir das herunterladen.

Alt 28.10.2013, 10:55   #14
fiezbert
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Code:
ATTFilter
10:51:10.0789 0x19d4  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
10:51:24.0470 0x19d4  ============================================================
10:51:24.0470 0x19d4  Current date / time: 2013/10/28 10:51:24.0470
10:51:24.0470 0x19d4  SystemInfo:
10:51:24.0470 0x19d4  
10:51:24.0470 0x19d4  OS Version: 6.1.7601 ServicePack: 1.0
10:51:24.0470 0x19d4  Product type: Workstation
10:51:24.0470 0x19d4  ComputerName: VERA-PC
10:51:24.0470 0x19d4  UserName: Vera
10:51:24.0470 0x19d4  Windows directory: C:\Windows
10:51:24.0470 0x19d4  System windows directory: C:\Windows
10:51:24.0470 0x19d4  Processor architecture: Intel x86
10:51:24.0470 0x19d4  Number of processors: 2
10:51:24.0470 0x19d4  Page size: 0x1000
10:51:24.0470 0x19d4  Boot type: Normal boot
10:51:24.0470 0x19d4  ============================================================
10:51:30.0523 0x19d4  System UUID: {CF24AD63-2F1F-2C1A-7EED-0CF0D376C1BD}
10:51:31.0662 0x19d4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:51:31.0678 0x19d4  Drive \Device\Harddisk1\DR1 - Size: 0x3BC00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:51:31.0678 0x19d4  ============================================================
10:51:31.0678 0x19d4  \Device\Harddisk0\DR0:
10:51:31.0678 0x19d4  MBR partitions:
10:51:31.0678 0x19d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x6400000
10:51:31.0678 0x19d4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7E00800, BlocksNum 0xB82C800
10:51:31.0678 0x19d4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
10:51:31.0678 0x19d4  \Device\Harddisk1\DR1:
10:51:31.0678 0x19d4  MBR partitions:
10:51:31.0678 0x19d4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DDFE0
10:51:31.0678 0x19d4  ============================================================
10:51:31.0709 0x19d4  C: <-> \Device\Harddisk0\DR0\Partition1
10:51:31.0740 0x19d4  D: <-> \Device\Harddisk0\DR0\Partition2
10:51:31.0771 0x19d4  E: <-> \Device\Harddisk0\DR0\Partition3
10:51:31.0771 0x19d4  ============================================================
10:51:31.0771 0x19d4  Initialize success
10:51:31.0771 0x19d4  ============================================================
10:52:24.0963 0x18a4  ============================================================
10:52:24.0963 0x18a4  Scan started
10:52:24.0963 0x18a4  Mode: Manual; SigCheck; TDLFS; 
10:52:24.0963 0x18a4  ============================================================
10:52:24.0963 0x18a4  KSN ping started
10:52:28.0582 0x18a4  KSN ping finished: true
10:52:30.0220 0x18a4  ================ Scan system memory ========================
10:52:30.0220 0x18a4  System memory - ok
10:52:30.0220 0x18a4  ================ Scan services =============================
10:52:30.0407 0x18a4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:52:30.0563 0x18a4  1394ohci - ok
10:52:30.0610 0x18a4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:52:30.0641 0x18a4  ACPI - ok
10:52:30.0672 0x18a4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:52:30.0766 0x18a4  AcpiPmi - ok
10:52:30.0813 0x18a4  [ 45D8E2A2D8B9F33C32A7ADB6900C6E04, 45E4866FCA09C9C5B9C740ED99990F02E5838BE496A3EDDB66C60016BC6821E3 ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
10:52:30.0860 0x18a4  acsock - ok
10:52:30.0953 0x18a4  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:52:31.0016 0x18a4  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
10:52:34.0338 0x18a4  Detect skipped due to KSN trusted
10:52:34.0338 0x18a4  Adobe LM Service - ok
10:52:34.0510 0x18a4  [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:52:34.0541 0x18a4  AdobeARMservice - ok
10:52:34.0604 0x18a4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:34.0666 0x18a4  adp94xx - ok
10:52:34.0697 0x18a4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:52:34.0744 0x18a4  adpahci - ok
10:52:34.0775 0x18a4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:52:34.0806 0x18a4  adpu320 - ok
10:52:34.0853 0x18a4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:52:34.0916 0x18a4  AeLookupSvc - ok
10:52:34.0978 0x18a4  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
10:52:35.0072 0x18a4  AFD - ok
10:52:35.0103 0x18a4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:52:35.0134 0x18a4  agp440 - ok
10:52:35.0165 0x18a4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
10:52:35.0212 0x18a4  aic78xx - ok
10:52:35.0259 0x18a4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
10:52:35.0384 0x18a4  ALG - ok
10:52:35.0415 0x18a4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:52:35.0446 0x18a4  aliide - ok
10:52:35.0508 0x18a4  [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:52:35.0586 0x18a4  AMD External Events Utility - ok
10:52:35.0618 0x18a4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:52:35.0649 0x18a4  amdagp - ok
10:52:35.0696 0x18a4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:52:35.0727 0x18a4  amdide - ok
10:52:35.0774 0x18a4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:52:35.0836 0x18a4  AmdK8 - ok
10:52:35.0852 0x18a4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:52:35.0914 0x18a4  AmdPPM - ok
10:52:35.0961 0x18a4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:52:35.0992 0x18a4  amdsata - ok
10:52:36.0023 0x18a4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:36.0070 0x18a4  amdsbs - ok
10:52:36.0101 0x18a4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:52:36.0132 0x18a4  amdxata - ok
10:52:36.0257 0x18a4  [ 3478F48B23A0D9F6EADD4A2405BA70EF, 421BDDCEFEF491915EF8D9BFB756A56778437D98B136758A15AE5A0672738C9D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:52:36.0304 0x18a4  AntiVirSchedulerService - ok
10:52:36.0398 0x18a4  [ AFFE7C21A4FCA1963371F10066911D3A, DC7A94A784C9389792F3C9A1F435CD9B2D5F74AC9E56F35831B65820FA6A0EDE ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:52:36.0429 0x18a4  AntiVirService - ok
10:52:36.0538 0x18a4  [ 48543D304F54C8997462208555662BA4, ADA3B62E6D1513FF24D044B03EFCBBD4268DB32C213F575D8AD3867D3F82B340 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:52:36.0600 0x18a4  AntiVirWebService - ok
10:52:36.0756 0x18a4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
10:52:37.0146 0x18a4  AppID - ok
10:52:37.0178 0x18a4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:52:37.0271 0x18a4  AppIDSvc - ok
10:52:37.0302 0x18a4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
10:52:37.0365 0x18a4  Appinfo - ok
10:52:37.0458 0x18a4  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:52:37.0490 0x18a4  Apple Mobile Device - ok
10:52:37.0568 0x18a4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:52:37.0599 0x18a4  arc - ok
10:52:37.0614 0x18a4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:52:37.0661 0x18a4  arcsas - ok
10:52:37.0692 0x18a4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:37.0817 0x18a4  AsyncMac - ok
10:52:37.0848 0x18a4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:52:37.0880 0x18a4  atapi - ok
10:52:37.0973 0x18a4  [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr            C:\Windows\system32\DRIVERS\athr.sys
10:52:38.0129 0x18a4  athr - ok
10:52:38.0441 0x18a4  [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:52:38.0894 0x18a4  atikmdag - ok
10:52:38.0972 0x18a4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:52:39.0050 0x18a4  AudioEndpointBuilder - ok
10:52:39.0065 0x18a4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:52:39.0143 0x18a4  Audiosrv - ok
10:52:39.0206 0x18a4  [ 683A089D14B60CD58E06ECE079065235, AD6B637FF32C3249D17D0029E55ED1EA8D1B878C99066AF76D452408B009D311 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:52:39.0252 0x18a4  avgntflt - ok
10:52:39.0330 0x18a4  [ D62D0CFABA19B111067613101D43FA7E, 0A0B7886AA48A9E6716CADB52CE02EE1EF40002636EBF04AC02E0AF3FBC22970 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:52:39.0362 0x18a4  avipbb - ok
10:52:39.0377 0x18a4  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:52:39.0408 0x18a4  avkmgr - ok
10:52:39.0455 0x18a4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:52:39.0533 0x18a4  AxInstSV - ok
10:52:39.0611 0x18a4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
10:52:39.0720 0x18a4  b06bdrv - ok
10:52:39.0783 0x18a4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:52:39.0830 0x18a4  b57nd60x - ok
10:52:39.0892 0x18a4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
10:52:39.0954 0x18a4  BDESVC - ok
10:52:39.0970 0x18a4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:52:40.0032 0x18a4  Beep - ok
10:52:40.0110 0x18a4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
10:52:40.0204 0x18a4  BFE - ok
10:52:40.0266 0x18a4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
10:52:40.0344 0x18a4  BITS - ok
10:52:40.0454 0x18a4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:40.0500 0x18a4  blbdrive - ok
10:52:40.0625 0x18a4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:52:40.0672 0x18a4  Bonjour Service - ok
10:52:40.0719 0x18a4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:52:40.0797 0x18a4  bowser - ok
10:52:40.0844 0x18a4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:40.0906 0x18a4  BrFiltLo - ok
10:52:40.0906 0x18a4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:40.0953 0x18a4  BrFiltUp - ok
10:52:40.0984 0x18a4  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:52:41.0062 0x18a4  BridgeMP - ok
10:52:41.0109 0x18a4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
10:52:41.0171 0x18a4  Browser - ok
10:52:41.0202 0x18a4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:52:41.0280 0x18a4  Brserid - ok
10:52:41.0296 0x18a4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:41.0343 0x18a4  BrSerWdm - ok
10:52:41.0374 0x18a4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:41.0390 0x18a4  BrUsbMdm - ok
10:52:41.0405 0x18a4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:41.0452 0x18a4  BrUsbSer - ok
10:52:41.0483 0x18a4  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:52:41.0577 0x18a4  BthEnum - ok
10:52:41.0577 0x18a4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:41.0639 0x18a4  BTHMODEM - ok
10:52:41.0702 0x18a4  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:52:41.0748 0x18a4  BthPan - ok
10:52:41.0811 0x18a4  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:52:41.0904 0x18a4  BTHPORT - ok
10:52:41.0951 0x18a4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
10:52:42.0014 0x18a4  bthserv - ok
10:52:42.0060 0x18a4  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:52:42.0123 0x18a4  BTHUSB - ok
10:52:42.0466 0x18a4  catchme - ok
10:52:42.0513 0x18a4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:52:42.0575 0x18a4  cdfs - ok
10:52:42.0638 0x18a4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:52:42.0700 0x18a4  cdrom - ok
10:52:42.0747 0x18a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:52:42.0794 0x18a4  CertPropSvc - ok
10:52:42.0840 0x18a4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:52:42.0887 0x18a4  circlass - ok
10:52:42.0934 0x18a4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
10:52:42.0965 0x18a4  CLFS - ok
10:52:43.0059 0x18a4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:52:43.0106 0x18a4  clr_optimization_v2.0.50727_32 - ok
10:52:43.0184 0x18a4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:52:43.0230 0x18a4  clr_optimization_v4.0.30319_32 - ok
10:52:43.0262 0x18a4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:43.0308 0x18a4  CmBatt - ok
10:52:43.0340 0x18a4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:52:43.0371 0x18a4  cmdide - ok
10:52:43.0433 0x18a4  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
10:52:43.0496 0x18a4  CNG - ok
10:52:43.0527 0x18a4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:52:43.0558 0x18a4  Compbatt - ok
10:52:43.0605 0x18a4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:52:43.0652 0x18a4  CompositeBus - ok
10:52:43.0667 0x18a4  COMSysApp - ok
10:52:43.0714 0x18a4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:43.0745 0x18a4  crcdisk - ok
10:52:43.0792 0x18a4  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:52:43.0854 0x18a4  CryptSvc - ok
10:52:43.0901 0x18a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:52:43.0964 0x18a4  DcomLaunch - ok
10:52:44.0010 0x18a4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
10:52:44.0104 0x18a4  defragsvc - ok
10:52:44.0151 0x18a4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:52:44.0213 0x18a4  DfsC - ok
10:52:44.0260 0x18a4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:52:44.0338 0x18a4  Dhcp - ok
10:52:44.0354 0x18a4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
10:52:44.0432 0x18a4  discache - ok
10:52:44.0494 0x18a4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:52:44.0525 0x18a4  Disk - ok
10:52:44.0572 0x18a4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:52:44.0619 0x18a4  Dnscache - ok
10:52:44.0666 0x18a4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:52:44.0744 0x18a4  dot3svc - ok
10:52:44.0822 0x18a4  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:52:44.0868 0x18a4  dot4 - ok
10:52:44.0931 0x18a4  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
10:52:44.0978 0x18a4  Dot4Print - ok
10:52:45.0024 0x18a4  [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:52:45.0071 0x18a4  Dot4Scan - ok
10:52:45.0118 0x18a4  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:52:45.0165 0x18a4  dot4usb - ok
10:52:45.0227 0x18a4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
10:52:45.0305 0x18a4  DPS - ok
10:52:45.0352 0x18a4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:52:45.0399 0x18a4  drmkaud - ok
10:52:45.0555 0x18a4  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:52:45.0633 0x18a4  DXGKrnl - ok
10:52:45.0711 0x18a4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
10:52:45.0773 0x18a4  EapHost - ok
10:52:45.0992 0x18a4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
10:52:46.0350 0x18a4  ebdrv - ok
10:52:46.0397 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
10:52:46.0428 0x18a4  EFS - ok
10:52:46.0522 0x18a4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:52:46.0631 0x18a4  ehRecvr - ok
10:52:46.0662 0x18a4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
10:52:46.0709 0x18a4  ehSched - ok
10:52:46.0850 0x18a4  [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
10:52:46.0912 0x18a4  ElbyCDIO - ok
10:52:47.0099 0x18a4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:52:47.0208 0x18a4  elxstor - ok
10:52:47.0255 0x18a4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:52:47.0286 0x18a4  ErrDev - ok
10:52:47.0349 0x18a4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
10:52:47.0442 0x18a4  EventSystem - ok
10:52:47.0458 0x18a4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:52:47.0552 0x18a4  exfat - ok
10:52:47.0614 0x18a4  Fabs - ok
10:52:47.0645 0x18a4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:52:47.0723 0x18a4  fastfat - ok
10:52:47.0786 0x18a4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
10:52:47.0879 0x18a4  Fax - ok
10:52:47.0910 0x18a4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:52:47.0957 0x18a4  fdc - ok
10:52:47.0988 0x18a4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
10:52:48.0051 0x18a4  fdPHost - ok
10:52:48.0098 0x18a4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:52:48.0207 0x18a4  FDResPub - ok
10:52:48.0238 0x18a4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:52:48.0300 0x18a4  FileInfo - ok
10:52:48.0347 0x18a4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:52:48.0503 0x18a4  Filetrace - ok
10:52:49.0018 0x18a4  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:52:49.0626 0x18a4  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
10:52:52.0746 0x18a4  Detect skipped due to KSN trusted
10:52:52.0746 0x18a4  FirebirdServerMAGIXInstance - ok
10:52:52.0902 0x18a4  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:52:52.0980 0x18a4  FLEXnet Licensing Service - ok
10:52:52.0996 0x18a4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:53.0027 0x18a4  flpydisk - ok
10:52:53.0058 0x18a4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:52:53.0121 0x18a4  FltMgr - ok
10:52:53.0183 0x18a4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
10:52:53.0308 0x18a4  FontCache - ok
10:52:53.0402 0x18a4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:52:53.0417 0x18a4  FontCache3.0.0.0 - ok
10:52:53.0448 0x18a4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:52:53.0480 0x18a4  FsDepends - ok
10:52:53.0526 0x18a4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:52:53.0558 0x18a4  Fs_Rec - ok
10:52:53.0604 0x18a4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:52:53.0667 0x18a4  fvevol - ok
10:52:53.0698 0x18a4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:53.0729 0x18a4  gagp30kx - ok
10:52:53.0760 0x18a4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:52:53.0792 0x18a4  GEARAspiWDM - ok
10:52:53.0854 0x18a4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:52:53.0932 0x18a4  gpsvc - ok
10:52:53.0963 0x18a4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:52:54.0010 0x18a4  hcw85cir - ok
10:52:54.0088 0x18a4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:52:54.0150 0x18a4  HdAudAddService - ok
10:52:54.0213 0x18a4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:52:54.0260 0x18a4  HDAudBus - ok
10:52:54.0306 0x18a4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:54.0353 0x18a4  HidBatt - ok
10:52:54.0369 0x18a4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:52:54.0431 0x18a4  HidBth - ok
10:52:54.0447 0x18a4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:52:54.0509 0x18a4  HidIr - ok
10:52:54.0540 0x18a4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
10:52:54.0603 0x18a4  hidserv - ok
10:52:54.0634 0x18a4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
10:52:54.0696 0x18a4  HidUsb - ok
10:52:54.0728 0x18a4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:52:54.0774 0x18a4  hkmsvc - ok
10:52:54.0821 0x18a4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:52:54.0899 0x18a4  HomeGroupListener - ok
10:52:54.0930 0x18a4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:52:54.0993 0x18a4  HomeGroupProvider - ok
10:52:55.0055 0x18a4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:52:55.0086 0x18a4  HpSAMD - ok
10:52:55.0164 0x18a4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:52:55.0258 0x18a4  HTTP - ok
10:52:55.0305 0x18a4  [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:52:55.0367 0x18a4  hwdatacard - ok
10:52:55.0414 0x18a4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:52:55.0445 0x18a4  hwpolicy - ok
10:52:55.0492 0x18a4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:52:55.0539 0x18a4  i8042prt - ok
10:52:55.0586 0x18a4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:52:55.0632 0x18a4  iaStorV - ok
10:52:55.0742 0x18a4  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:52:55.0882 0x18a4  idsvc - ok
10:52:55.0944 0x18a4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:52:55.0976 0x18a4  iirsp - ok
10:52:56.0054 0x18a4  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:52:56.0147 0x18a4  IKEEXT - ok
10:52:56.0194 0x18a4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:52:56.0225 0x18a4  intelide - ok
10:52:56.0272 0x18a4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:52:56.0303 0x18a4  intelppm - ok
10:52:56.0334 0x18a4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:52:56.0412 0x18a4  IPBusEnum - ok
10:52:56.0444 0x18a4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:56.0506 0x18a4  IpFilterDriver - ok
10:52:56.0584 0x18a4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:52:56.0646 0x18a4  iphlpsvc - ok
10:52:56.0693 0x18a4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:52:56.0740 0x18a4  IPMIDRV - ok
10:52:56.0787 0x18a4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:52:56.0865 0x18a4  IPNAT - ok
10:52:56.0943 0x18a4  [ EF1C51222117B37AFBFF8F4642EA8C62, 7AC322295B33E9BF1548AB42773421609E11332E7E9B42EE58908EF6A298A8F3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:52:56.0974 0x18a4  iPod Service - ok
10:52:57.0005 0x18a4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:52:57.0099 0x18a4  IRENUM - ok
10:52:57.0130 0x18a4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:52:57.0161 0x18a4  isapnp - ok
10:52:57.0192 0x18a4  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:52:57.0239 0x18a4  iScsiPrt - ok
10:52:57.0270 0x18a4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:57.0302 0x18a4  kbdclass - ok
10:52:57.0348 0x18a4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:57.0380 0x18a4  kbdhid - ok
10:52:57.0411 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
10:52:57.0426 0x18a4  KeyIso - ok
10:52:57.0458 0x18a4  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:52:57.0489 0x18a4  KSecDD - ok
10:52:57.0520 0x18a4  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:52:57.0551 0x18a4  KSecPkg - ok
10:52:57.0614 0x18a4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:52:57.0707 0x18a4  KtmRm - ok
10:52:57.0770 0x18a4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:52:57.0879 0x18a4  LanmanServer - ok
10:52:57.0910 0x18a4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:52:57.0957 0x18a4  LanmanWorkstation - ok
10:52:58.0019 0x18a4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:52:58.0097 0x18a4  lltdio - ok
10:52:58.0144 0x18a4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:52:58.0206 0x18a4  lltdsvc - ok
10:52:58.0238 0x18a4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:52:58.0300 0x18a4  lmhosts - ok
10:52:58.0362 0x18a4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:58.0409 0x18a4  LSI_FC - ok
10:52:58.0425 0x18a4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:58.0456 0x18a4  LSI_SAS - ok
10:52:58.0472 0x18a4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:58.0503 0x18a4  LSI_SAS2 - ok
10:52:58.0518 0x18a4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:58.0565 0x18a4  LSI_SCSI - ok
10:52:58.0581 0x18a4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:52:58.0643 0x18a4  luafv - ok
10:52:58.0674 0x18a4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:52:58.0706 0x18a4  MBAMProtector - ok
10:52:58.0784 0x18a4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:52:58.0830 0x18a4  MBAMScheduler - ok
10:52:58.0877 0x18a4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:52:58.0940 0x18a4  MBAMService - ok
10:52:58.0971 0x18a4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:52:59.0018 0x18a4  Mcx2Svc - ok
10:52:59.0049 0x18a4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:52:59.0080 0x18a4  megasas - ok
10:52:59.0127 0x18a4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:59.0174 0x18a4  MegaSR - ok
10:52:59.0205 0x18a4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
10:52:59.0267 0x18a4  MMCSS - ok
10:52:59.0283 0x18a4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
10:52:59.0361 0x18a4  Modem - ok
10:52:59.0392 0x18a4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:52:59.0439 0x18a4  monitor - ok
10:52:59.0470 0x18a4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:52:59.0501 0x18a4  mouclass - ok
10:52:59.0532 0x18a4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:52:59.0579 0x18a4  mouhid - ok
10:52:59.0610 0x18a4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:52:59.0657 0x18a4  mountmgr - ok
10:52:59.0688 0x18a4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:52:59.0751 0x18a4  mpio - ok
10:52:59.0798 0x18a4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:52:59.0891 0x18a4  mpsdrv - ok
10:52:59.0938 0x18a4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:53:00.0016 0x18a4  MpsSvc - ok
10:53:00.0063 0x18a4  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:53:00.0141 0x18a4  MRxDAV - ok
10:53:00.0188 0x18a4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:53:00.0250 0x18a4  mrxsmb - ok
10:53:00.0297 0x18a4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:53:00.0344 0x18a4  mrxsmb10 - ok
10:53:00.0359 0x18a4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:53:00.0406 0x18a4  mrxsmb20 - ok
10:53:00.0437 0x18a4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:53:00.0468 0x18a4  msahci - ok
10:53:00.0500 0x18a4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:53:00.0546 0x18a4  msdsm - ok
10:53:00.0578 0x18a4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
10:53:00.0640 0x18a4  MSDTC - ok
10:53:00.0687 0x18a4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:53:00.0765 0x18a4  Msfs - ok
10:53:00.0780 0x18a4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:53:00.0858 0x18a4  mshidkmdf - ok
10:53:00.0890 0x18a4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:53:00.0905 0x18a4  msisadrv - ok
10:53:00.0968 0x18a4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:53:01.0030 0x18a4  MSiSCSI - ok
10:53:01.0030 0x18a4  msiserver - ok
10:53:01.0077 0x18a4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:53:01.0155 0x18a4  MSKSSRV - ok
10:53:01.0170 0x18a4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:01.0233 0x18a4  MSPCLOCK - ok
10:53:01.0264 0x18a4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:53:01.0311 0x18a4  MSPQM - ok
10:53:01.0342 0x18a4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:53:01.0373 0x18a4  MsRPC - ok
10:53:01.0420 0x18a4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:53:01.0451 0x18a4  mssmbios - ok
10:53:01.0482 0x18a4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:53:01.0545 0x18a4  MSTEE - ok
10:53:01.0545 0x18a4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:53:01.0592 0x18a4  MTConfig - ok
10:53:01.0623 0x18a4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:53:01.0654 0x18a4  Mup - ok
10:53:01.0701 0x18a4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
10:53:01.0763 0x18a4  napagent - ok
10:53:01.0810 0x18a4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:53:01.0872 0x18a4  NativeWifiP - ok
10:53:01.0935 0x18a4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:53:01.0997 0x18a4  NDIS - ok
10:53:02.0028 0x18a4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:53:02.0106 0x18a4  NdisCap - ok
10:53:02.0138 0x18a4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:02.0216 0x18a4  NdisTapi - ok
10:53:02.0262 0x18a4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:02.0325 0x18a4  Ndisuio - ok
10:53:02.0372 0x18a4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:02.0450 0x18a4  NdisWan - ok
10:53:02.0481 0x18a4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:53:02.0543 0x18a4  NDProxy - ok
10:53:02.0590 0x18a4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:53:02.0668 0x18a4  NetBIOS - ok
10:53:02.0715 0x18a4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:53:02.0793 0x18a4  NetBT - ok
10:53:02.0808 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
10:53:02.0840 0x18a4  Netlogon - ok
10:53:02.0886 0x18a4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
10:53:02.0964 0x18a4  Netman - ok
10:53:02.0996 0x18a4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
10:53:03.0089 0x18a4  netprofm - ok
10:53:03.0120 0x18a4  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:53:03.0167 0x18a4  NetTcpPortSharing - ok
10:53:03.0214 0x18a4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:53:03.0245 0x18a4  nfrd960 - ok
10:53:03.0292 0x18a4  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:53:03.0339 0x18a4  NlaSvc - ok
10:53:03.0386 0x18a4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:53:03.0432 0x18a4  Npfs - ok
10:53:03.0479 0x18a4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
10:53:03.0526 0x18a4  nsi - ok
10:53:03.0573 0x18a4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:53:03.0635 0x18a4  nsiproxy - ok
10:53:03.0729 0x18a4  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:53:03.0838 0x18a4  Ntfs - ok
10:53:03.0885 0x18a4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
10:53:03.0963 0x18a4  Null - ok
10:53:04.0010 0x18a4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:53:04.0041 0x18a4  nvraid - ok
10:53:04.0072 0x18a4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:53:04.0103 0x18a4  nvstor - ok
10:53:04.0134 0x18a4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:53:04.0166 0x18a4  nv_agp - ok
10:53:04.0290 0x18a4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:53:04.0353 0x18a4  odserv - ok
10:53:04.0400 0x18a4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:53:04.0446 0x18a4  ohci1394 - ok
10:53:04.0509 0x18a4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:53:04.0556 0x18a4  ose - ok
10:53:04.0602 0x18a4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:53:04.0680 0x18a4  p2pimsvc - ok
10:53:04.0712 0x18a4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:53:04.0774 0x18a4  p2psvc - ok
10:53:04.0805 0x18a4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:53:04.0852 0x18a4  Parport - ok
10:53:04.0868 0x18a4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:53:04.0914 0x18a4  partmgr - ok
10:53:04.0930 0x18a4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:53:04.0961 0x18a4  Parvdm - ok
10:53:05.0008 0x18a4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:53:05.0039 0x18a4  PcaSvc - ok
10:53:05.0086 0x18a4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
10:53:05.0117 0x18a4  pci - ok
10:53:05.0195 0x18a4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:53:05.0242 0x18a4  pciide - ok
10:53:05.0320 0x18a4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:53:05.0538 0x18a4  pcmcia - ok
10:53:05.0554 0x18a4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:53:05.0585 0x18a4  pcw - ok
10:53:05.0632 0x18a4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:53:05.0757 0x18a4  PEAUTH - ok
10:53:05.0897 0x18a4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
10:53:06.0069 0x18a4  pla - ok
10:53:06.0147 0x18a4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:53:06.0194 0x18a4  PlugPlay - ok
10:53:06.0225 0x18a4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:53:06.0272 0x18a4  PNRPAutoReg - ok
10:53:06.0303 0x18a4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:53:06.0350 0x18a4  PNRPsvc - ok
10:53:06.0428 0x18a4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:53:06.0506 0x18a4  PolicyAgent - ok
10:53:06.0552 0x18a4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
10:53:06.0615 0x18a4  Power - ok
10:53:06.0662 0x18a4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:53:06.0724 0x18a4  PptpMiniport - ok
10:53:06.0755 0x18a4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:53:06.0786 0x18a4  Processor - ok
10:53:06.0833 0x18a4  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:53:06.0911 0x18a4  ProfSvc - ok
10:53:06.0927 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
10:53:06.0958 0x18a4  ProtectedStorage - ok
10:53:06.0989 0x18a4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:53:07.0052 0x18a4  Psched - ok
10:53:07.0145 0x18a4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:53:07.0254 0x18a4  ql2300 - ok
10:53:07.0286 0x18a4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:53:07.0332 0x18a4  ql40xx - ok
10:53:07.0364 0x18a4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
10:53:07.0442 0x18a4  QWAVE - ok
10:53:07.0473 0x18a4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:53:07.0504 0x18a4  QWAVEdrv - ok
10:53:07.0535 0x18a4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:53:07.0598 0x18a4  RasAcd - ok
10:53:07.0644 0x18a4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:53:07.0707 0x18a4  RasAgileVpn - ok
10:53:07.0754 0x18a4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
10:53:07.0816 0x18a4  RasAuto - ok
10:53:07.0847 0x18a4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:07.0925 0x18a4  Rasl2tp - ok
10:53:07.0988 0x18a4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
10:53:08.0066 0x18a4  RasMan - ok
10:53:08.0112 0x18a4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:08.0190 0x18a4  RasPppoe - ok
10:53:08.0206 0x18a4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:53:08.0284 0x18a4  RasSstp - ok
10:53:08.0331 0x18a4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:53:08.0424 0x18a4  rdbss - ok
10:53:08.0456 0x18a4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:53:08.0502 0x18a4  rdpbus - ok
10:53:08.0534 0x18a4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:08.0596 0x18a4  RDPCDD - ok
10:53:08.0643 0x18a4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:53:08.0705 0x18a4  RDPENCDD - ok
10:53:08.0736 0x18a4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:53:08.0799 0x18a4  RDPREFMP - ok
10:53:08.0830 0x18a4  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:53:08.0892 0x18a4  RDPWD - ok
10:53:08.0955 0x18a4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:53:09.0002 0x18a4  rdyboost - ok
10:53:09.0048 0x18a4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:53:09.0111 0x18a4  RemoteAccess - ok
10:53:09.0158 0x18a4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:53:09.0267 0x18a4  RemoteRegistry - ok
10:53:09.0314 0x18a4  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:53:09.0407 0x18a4  RFCOMM - ok
10:53:09.0438 0x18a4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:53:09.0516 0x18a4  RpcEptMapper - ok
10:53:09.0548 0x18a4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
10:53:09.0594 0x18a4  RpcLocator - ok
10:53:09.0641 0x18a4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
10:53:09.0719 0x18a4  RpcSs - ok
10:53:09.0766 0x18a4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:53:09.0844 0x18a4  rspndr - ok
10:53:09.0860 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
10:53:09.0891 0x18a4  SamSs - ok
10:53:09.0938 0x18a4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:53:09.0984 0x18a4  sbp2port - ok
10:53:10.0031 0x18a4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:53:10.0109 0x18a4  SCardSvr - ok
10:53:10.0125 0x18a4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:53:10.0203 0x18a4  scfilter - ok
10:53:10.0281 0x18a4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
10:53:10.0406 0x18a4  Schedule - ok
10:53:10.0437 0x18a4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:53:10.0484 0x18a4  SCPolicySvc - ok
10:53:10.0530 0x18a4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:53:10.0655 0x18a4  SDRSVC - ok
10:53:10.0702 0x18a4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:53:10.0764 0x18a4  secdrv - ok
10:53:10.0796 0x18a4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
10:53:10.0858 0x18a4  seclogon - ok
10:53:10.0889 0x18a4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
10:53:10.0952 0x18a4  SENS - ok
10:53:10.0983 0x18a4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:53:11.0045 0x18a4  SensrSvc - ok
10:53:11.0061 0x18a4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:53:11.0108 0x18a4  Serenum - ok
10:53:11.0170 0x18a4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:53:11.0217 0x18a4  Serial - ok
10:53:11.0248 0x18a4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:53:11.0279 0x18a4  sermouse - ok
10:53:11.0326 0x18a4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:53:11.0404 0x18a4  SessionEnv - ok
10:53:11.0451 0x18a4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:53:11.0482 0x18a4  sffdisk - ok
10:53:11.0482 0x18a4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:53:11.0513 0x18a4  sffp_mmc - ok
10:53:11.0544 0x18a4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:53:11.0576 0x18a4  sffp_sd - ok
10:53:11.0607 0x18a4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:53:11.0654 0x18a4  sfloppy - ok
10:53:11.0700 0x18a4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:53:11.0794 0x18a4  SharedAccess - ok
10:53:11.0856 0x18a4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:53:11.0919 0x18a4  ShellHWDetection - ok
10:53:11.0950 0x18a4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:53:11.0997 0x18a4  sisagp - ok
10:53:12.0028 0x18a4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:53:12.0059 0x18a4  SiSRaid2 - ok
10:53:12.0075 0x18a4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:53:12.0122 0x18a4  SiSRaid4 - ok
10:53:12.0215 0x18a4  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Windows.old\Program Files\Skype\Updater\Updater.exe
10:53:12.0324 0x18a4  SkypeUpdate - ok
10:53:12.0356 0x18a4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:53:12.0418 0x18a4  Smb - ok
10:53:12.0496 0x18a4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:53:12.0543 0x18a4  SNMPTRAP - ok
10:53:12.0574 0x18a4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:53:12.0605 0x18a4  spldr - ok
10:53:12.0652 0x18a4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
10:53:12.0777 0x18a4  Spooler - ok
10:53:12.0948 0x18a4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
10:53:13.0151 0x18a4  sppsvc - ok
10:53:13.0214 0x18a4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:53:13.0307 0x18a4  sppuinotify - ok
10:53:13.0370 0x18a4  sptd - ok
10:53:13.0448 0x18a4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:53:13.0572 0x18a4  srv - ok
10:53:13.0666 0x18a4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:53:13.0744 0x18a4  srv2 - ok
10:53:13.0775 0x18a4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:53:13.0838 0x18a4  srvnet - ok
10:53:13.0884 0x18a4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:53:13.0931 0x18a4  SSDPSRV - ok
10:53:13.0994 0x18a4  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
10:53:14.0009 0x18a4  ssmdrv - ok
10:53:14.0040 0x18a4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:53:14.0087 0x18a4  SstpSvc - ok
10:53:14.0118 0x18a4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:53:14.0150 0x18a4  stexstor - ok
10:53:14.0212 0x18a4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:53:14.0306 0x18a4  StiSvc - ok
10:53:14.0352 0x18a4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:53:14.0368 0x18a4  swenum - ok
10:53:14.0430 0x18a4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
10:53:14.0493 0x18a4  swprv - ok
10:53:14.0555 0x18a4  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:53:14.0586 0x18a4  SynTP - ok
10:53:14.0680 0x18a4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
10:53:14.0789 0x18a4  SysMain - ok
10:53:14.0820 0x18a4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:53:14.0883 0x18a4  TabletInputService - ok
10:53:14.0930 0x18a4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:53:15.0023 0x18a4  TapiSrv - ok
10:53:15.0070 0x18a4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
10:53:15.0132 0x18a4  TBS - ok
10:53:15.0242 0x18a4  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:53:15.0351 0x18a4  Tcpip - ok
10:53:15.0429 0x18a4  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:53:15.0507 0x18a4  TCPIP6 - ok
10:53:15.0554 0x18a4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:53:15.0600 0x18a4  tcpipreg - ok
10:53:15.0663 0x18a4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:53:15.0819 0x18a4  TDPIPE - ok
10:53:15.0990 0x18a4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:53:16.0022 0x18a4  TDTCP - ok
10:53:16.0068 0x18a4  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:53:16.0131 0x18a4  tdx - ok
10:53:16.0162 0x18a4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:53:16.0271 0x18a4  TermDD - ok
10:53:16.0334 0x18a4  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
10:53:16.0443 0x18a4  TermService - ok
10:53:16.0490 0x18a4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
10:53:16.0536 0x18a4  Themes - ok
10:53:16.0568 0x18a4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:53:16.0614 0x18a4  THREADORDER - ok
10:53:16.0646 0x18a4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
10:53:16.0708 0x18a4  TrkWks - ok
10:53:16.0786 0x18a4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:53:16.0833 0x18a4  TrustedInstaller - ok
10:53:16.0864 0x18a4  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:16.0911 0x18a4  tssecsrv - ok
10:53:16.0958 0x18a4  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:53:17.0020 0x18a4  TsUsbFlt - ok
10:53:17.0082 0x18a4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:53:17.0145 0x18a4  tunnel - ok
10:53:17.0176 0x18a4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:53:17.0223 0x18a4  uagp35 - ok
10:53:17.0238 0x18a4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:53:17.0332 0x18a4  udfs - ok
10:53:17.0379 0x18a4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:53:17.0426 0x18a4  UI0Detect - ok
10:53:17.0535 0x18a4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:53:17.0628 0x18a4  uliagpkx - ok
10:53:17.0769 0x18a4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:53:17.0862 0x18a4  umbus - ok
10:53:17.0894 0x18a4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:53:17.0925 0x18a4  UmPass - ok
10:53:17.0972 0x18a4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
10:53:18.0034 0x18a4  upnphost - ok
10:53:18.0096 0x18a4  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
10:53:18.0159 0x18a4  USBAAPL - ok
10:53:18.0206 0x18a4  [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:18.0252 0x18a4  usbccgp - ok
10:53:18.0299 0x18a4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:53:18.0362 0x18a4  usbcir - ok
10:53:18.0393 0x18a4  [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:53:18.0424 0x18a4  usbehci - ok
10:53:18.0486 0x18a4  [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:53:18.0533 0x18a4  usbhub - ok
10:53:18.0564 0x18a4  [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:53:18.0611 0x18a4  usbohci - ok
10:53:18.0658 0x18a4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:53:18.0705 0x18a4  usbprint - ok
10:53:18.0752 0x18a4  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:53:18.0939 0x18a4  usbscan - ok
10:53:18.0970 0x18a4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:53:19.0079 0x18a4  USBSTOR - ok
10:53:19.0126 0x18a4  [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:53:19.0266 0x18a4  usbuhci - ok
10:53:19.0500 0x18a4  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:53:19.0578 0x18a4  usbvideo - ok
10:53:19.0610 0x18a4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
10:53:19.0719 0x18a4  UxSms - ok
10:53:19.0812 0x18a4  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
10:53:19.0859 0x18a4  VaultSvc - ok
10:53:19.0968 0x18a4  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
10:53:20.0218 0x18a4  VClone - ok
10:53:20.0327 0x18a4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:53:20.0358 0x18a4  vdrvroot - ok
10:53:20.0514 0x18a4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
10:53:20.0702 0x18a4  vds - ok
10:53:20.0733 0x18a4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:20.0780 0x18a4  vga - ok
10:53:20.0795 0x18a4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:53:20.0858 0x18a4  VgaSave - ok
10:53:20.0889 0x18a4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:53:20.0936 0x18a4  vhdmp - ok
10:53:20.0967 0x18a4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:53:20.0998 0x18a4  viaagp - ok
10:53:21.0014 0x18a4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
10:53:21.0076 0x18a4  ViaC7 - ok
10:53:21.0107 0x18a4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:53:21.0138 0x18a4  viaide - ok
10:53:21.0154 0x18a4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:53:21.0185 0x18a4  volmgr - ok
10:53:21.0248 0x18a4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:53:21.0294 0x18a4  volmgrx - ok
10:53:21.0326 0x18a4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:53:21.0372 0x18a4  volsnap - ok
10:53:21.0419 0x18a4  [ EA39F36302DACBCDCDB113313718E768, BE26A4DA68D5A15047941215CFC6D687FEE3F56573DDABE21AD7176C1C79CC5F ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
10:53:21.0450 0x18a4  vpnva - ok
10:53:21.0497 0x18a4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:53:21.0528 0x18a4  vsmraid - ok
10:53:21.0622 0x18a4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
10:53:21.0731 0x18a4  VSS - ok
10:53:21.0778 0x18a4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:53:21.0825 0x18a4  vwifibus - ok
10:53:21.0840 0x18a4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:53:21.0887 0x18a4  vwififlt - ok
10:53:21.0950 0x18a4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
10:53:22.0028 0x18a4  W32Time - ok
10:53:22.0059 0x18a4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:53:22.0090 0x18a4  WacomPen - ok
10:53:22.0137 0x18a4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:53:22.0230 0x18a4  WANARP - ok
10:53:22.0230 0x18a4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:53:22.0293 0x18a4  Wanarpv6 - ok
10:53:22.0418 0x18a4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:53:22.0558 0x18a4  WatAdminSvc - ok
10:53:22.0636 0x18a4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
10:53:22.0761 0x18a4  wbengine - ok
10:53:22.0808 0x18a4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:53:22.0854 0x18a4  WbioSrvc - ok
10:53:22.0902 0x18a4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:53:22.0965 0x18a4  wcncsvc - ok
10:53:22.0996 0x18a4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:53:23.0058 0x18a4  WcsPlugInService - ok
10:53:23.0089 0x18a4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:53:23.0121 0x18a4  Wd - ok
10:53:23.0183 0x18a4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:53:23.0245 0x18a4  Wdf01000 - ok
10:53:23.0292 0x18a4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:53:23.0370 0x18a4  WdiServiceHost - ok
10:53:23.0370 0x18a4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:53:23.0417 0x18a4  WdiSystemHost - ok
10:53:23.0448 0x18a4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
10:53:23.0526 0x18a4  WebClient - ok
10:53:23.0557 0x18a4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:53:23.0635 0x18a4  Wecsvc - ok
10:53:23.0651 0x18a4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:53:23.0713 0x18a4  wercplsupport - ok
10:53:23.0745 0x18a4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
10:53:23.0838 0x18a4  WerSvc - ok
10:53:23.0916 0x18a4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:53:23.0963 0x18a4  WfpLwf - ok
10:53:23.0994 0x18a4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:53:24.0025 0x18a4  WIMMount - ok
10:53:24.0150 0x18a4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:53:24.0244 0x18a4  WinDefend - ok
10:53:24.0259 0x18a4  WinHttpAutoProxySvc - ok
10:53:24.0337 0x18a4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:53:24.0462 0x18a4  Winmgmt - ok
10:53:24.0556 0x18a4  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
10:53:24.0681 0x18a4  WinRM - ok
10:53:24.0821 0x18a4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:53:24.0852 0x18a4  WinUsb - ok
10:53:24.0930 0x18a4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:53:25.0024 0x18a4  Wlansvc - ok
10:53:25.0055 0x18a4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:53:25.0102 0x18a4  WmiAcpi - ok
10:53:25.0149 0x18a4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:53:25.0211 0x18a4  wmiApSrv - ok
10:53:25.0336 0x18a4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:53:25.0429 0x18a4  WMPNetworkSvc - ok
10:53:25.0461 0x18a4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:53:25.0539 0x18a4  WPCSvc - ok
10:53:25.0570 0x18a4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:53:25.0632 0x18a4  WPDBusEnum - ok
10:53:25.0663 0x18a4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:53:25.0726 0x18a4  ws2ifsl - ok
10:53:25.0773 0x18a4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
10:53:25.0819 0x18a4  wscsvc - ok
10:53:25.0819 0x18a4  WSearch - ok
10:53:25.0975 0x18a4  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:53:26.0085 0x18a4  wuauserv - ok
10:53:26.0116 0x18a4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:53:26.0225 0x18a4  WudfPf - ok
10:53:26.0553 0x18a4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:53:26.0584 0x18a4  WUDFRd - ok
10:53:26.0631 0x18a4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:53:26.0662 0x18a4  wudfsvc - ok
10:53:26.0709 0x18a4  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:53:26.0771 0x18a4  WwanSvc - ok
10:53:26.0833 0x18a4  [ B07C5B7EFDF936FF93D4F540938725BE, A9D559B0A99937CC4E7F065566054DAFCCD0C6C3AA98B47ADF7CB2ABD30B0182 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
10:53:26.0896 0x18a4  yukonw7 - ok
10:53:26.0911 0x18a4  ================ Scan global ===============================
10:53:26.0943 0x18a4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:53:26.0974 0x18a4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:53:27.0005 0x18a4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:53:27.0036 0x18a4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:53:27.0083 0x18a4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:53:27.0099 0x18a4  [ Global ] - ok
10:53:27.0099 0x18a4  ================ Scan MBR ==================================
10:53:27.0114 0x18a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:53:27.0645 0x18a4  \Device\Harddisk0\DR0 - ok
10:53:27.0645 0x18a4  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
10:53:28.0206 0x18a4  \Device\Harddisk1\DR1 - ok
10:53:28.0206 0x18a4  ================ Scan VBR ==================================
10:53:28.0237 0x18a4  [ 8711CA7F59A1632F2C3718A6C754C6A1 ] \Device\Harddisk0\DR0\Partition1
10:53:28.0237 0x18a4  \Device\Harddisk0\DR0\Partition1 - ok
10:53:28.0269 0x18a4  [ 04406359A6A7B56EA287811D1AA8BBE6 ] \Device\Harddisk0\DR0\Partition2
10:53:28.0269 0x18a4  \Device\Harddisk0\DR0\Partition2 - ok
10:53:28.0300 0x18a4  [ 3E35994EA0541FC9BF4DC949849ED776 ] \Device\Harddisk0\DR0\Partition3
10:53:28.0300 0x18a4  \Device\Harddisk0\DR0\Partition3 - ok
10:53:28.0315 0x18a4  [ 9F7728192F0B2567B4BE28A9181E4892 ] \Device\Harddisk1\DR1\Partition1
10:53:28.0315 0x18a4  \Device\Harddisk1\DR1\Partition1 - ok
10:53:28.0315 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:29.0329 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:30.0343 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:31.0357 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:32.0371 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:33.0385 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:34.0399 0x18a4  Waiting for KSN requests completion. In queue: 294
10:53:35.0413 0x18a4  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.0.307 ), 0x40000 ( disabled : updated )
10:53:35.0429 0x18a4  Win FW state via NFP2: enabled
10:53:38.0299 0x18a4  ============================================================
10:53:38.0299 0x18a4  Scan finished
10:53:38.0299 0x18a4  ============================================================
10:53:38.0299 0x18dc  Detected object count: 0
10:53:38.0299 0x18dc  Actual detected object count: 0
         

Alt 28.10.2013, 11:03   #15
aharonov
/// TB-Ausbilder
 
Spy Eyes und blauer Bildschirm - Standard

Spy Eyes und blauer Bildschirm



Nichts zu sehen.
Kannst du bitte beim nächsten Bluescreen dir die genauen Angaben des Bluescreens (Stop-code etc.) notierend und hier posten. (Vorgängig: Systemsteuerung -> System -> Erweitert -> Starten und Wiederherstellen -> Einstellungen -> Systemfehler: Haken bei "Automatischer Neustart durchführen" entfernen)
__________________
cheers,
Leo

Antwort

Themen zu Spy Eyes und blauer Bildschirm
ahnung, bildschirm, blauer, blauer bildschirm, detected, down, fehlermeldung, laptop, malware, malwarebytes, problem, pup.optional.adlyrics, pup.optional.bonanzadeals.a, pup.optional.crossrider.a, pup.optional.digitalsite.a, pup.optional.elex, pup.optional.installcore, pup.optional.installcore.a, pup.optional.lyrics.a, pup.optional.qvo6.a, pup.optional.wilsys.a, screen, spy, usb stick, windows




Ähnliche Themen: Spy Eyes und blauer Bildschirm


  1. windows vista blauer bildschirm
    Log-Analyse und Auswertung - 17.02.2015 (5)
  2. Blauer Bildschirm, Bluescreen !
    Log-Analyse und Auswertung - 29.12.2014 (7)
  3. Blauer Bildschirm mit Fehlermeldung
    Log-Analyse und Auswertung - 31.10.2014 (9)
  4. notebook blauer bildschirm
    Plagegeister aller Art und deren Bekämpfung - 11.05.2014 (24)
  5. Blauer Bildschirm
    Alles rund um Windows - 21.12.2013 (2)
  6. Komischer Blauer Bildschirm ?Virus
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (2)
  7. Blauer Bildschirm beim booten von USB (Bekämpfung d."Weißer Bildschirm-please wait")
    Log-Analyse und Auswertung - 08.07.2012 (6)
  8. Blauer Bildschirm von Windows
    Alles rund um Windows - 14.02.2012 (17)
  9. Computer stürzt ab blauer bildschirm
    Alles rund um Windows - 09.10.2011 (4)
  10. Blauer Bildschirm beim booten von cd
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (4)
  11. PC stürzt ab - Blauer Bildschirm
    Netzwerk und Hardware - 11.10.2010 (4)
  12. Nach absturz blauer bildschirm.
    Log-Analyse und Auswertung - 05.03.2010 (0)
  13. Blauer Bildschirm, dann stürzt PC ab!
    Plagegeister aller Art und deren Bekämpfung - 19.11.2009 (0)
  14. PC stürzt ab. Blauer Bildschirm.
    Netzwerk und Hardware - 11.07.2009 (5)
  15. Blauer Bildschirm / TR/Dldr.FraudLoa.NC
    Plagegeister aller Art und deren Bekämpfung - 24.08.2008 (14)
  16. TR/Dldr.FraudLoa.NC / Blauer Bildschirm
    Mülltonne - 19.08.2008 (0)
  17. Blauer Bildschirm(Hardwarefehler)
    Netzwerk und Hardware - 17.12.2007 (4)

Zum Thema Spy Eyes und blauer Bildschirm - Hallo, gestern fiel mir auch, dass mein USB Stick, nachdem ich ihm vom Copyshop zurückbekommen hatte, alle Dateien nur noch als Verknüpfungen angab. Daraufhin ließ ich mehrere Virusprogramme durchlaufen und - Spy Eyes und blauer Bildschirm...
Archiv
Du betrachtest: Spy Eyes und blauer Bildschirm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.