Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.11.2013, 11:51   #1
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Hallo!

Seit einiger Zeit kommt es bei mir vermehrt zu Abstürzen von Firefox und IE. Mein Laptop ist auch immer bereits beim Start ausgelastet. Anfangs habe ich es ignoriert, doch nun ist mir aufgefallen, dass sich immer, wenn ich im Internet unterwegs bin, Fenster mit der Adresse "hxxp://rvzr-a.akamaihd.net" öffnen. Womit habe ich es genau zu tun und wie kann ich es loswerden? Können meine zwei externen Festplatten auch befallen sein? Ich habe sie vorsichtshalber mal abgesteckt. Es wäre super, wenn mir jemand helfen könnte. Das Programm "Malewarebytes" läuft gerade durch. Ich bin mir aber wie gesagt unsicher, wie das mit den externen Festplatten aussieht. Muss ich die beim Scan miteinbeziehen?

LG

Miriam

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
Malwarebytes : Free Anti-Malware download

Database version: v2013.11.17.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Miriam :: MIRIAM-PC [administrator]

17.11.2013 12:09:52
mbar-log-2013-11-17 (12-09-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 262195
Time elapsed: 29 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Alt 17.11.2013, 12:05   #2
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 17.11.2013, 17:52   #3
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Hallo!

Ich habe in der Zwischenzeit DIESEN Post hier gefunden ( http://www.trojaner-board.de/144426-...erscheint.html ) und die verschiedenen Schritte bereits ausgeführt. Jetzt bin ich beim letzten angekommen (ESET). Der hat jetzt auch nichts mehr gefunden.

Ich lasse aber FRST nochmal laufen und poste die .txt nochmal hier. Die externen Festplatten habe ich jetzt aber nicht dran.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by Miriam (administrator) on MIRIAM-PC on 17-11-2013 17:25:57
Running from C:\Users\Miriam\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Windows\system32\nlasvc32.exe
() C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2010-09-28] (Nero AG)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD4EC88D600D6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: info - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\info@sharkcube.com.xpi
FF Extension: youtube2mp3 - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: mediaconverter - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi
FF Extension: defaults - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

==================== Services (Whitelisted) =================

R2 dxdiag32; C:\Windows\system32\nlasvc32.exe [117760 2013-08-31] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SCElemente; C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe [270336 2013-05-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-08] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 17:24 - 2013-11-17 17:25 - 01958026 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-17 13:37 - 2013-11-17 13:37 - 02347384 _____ (ESET) C:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-17 13:29 - 2013-11-17 13:30 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Miriam\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-17 13:23 - 2013-11-17 13:23 - 00022531 _____ C:\Users\Miriam\Desktop\Addition.txt
2013-11-17 13:21 - 2013-11-17 17:25 - 00011072 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:14 - 2013-11-17 13:14 - 00000937 _____ C:\Users\Miriam\Desktop\JRT.txt
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:59 - 2013-11-17 13:09 - 00000000 ____D C:\Users\Miriam\Desktop\Systemprogramme (Viren etc.)
2013-11-17 12:52 - 2013-11-17 13:18 - 00000000 ____D C:\AdwCleaner
2013-11-17 12:09 - 2013-11-17 12:39 - 00000335 _____ C:\local.conf
2013-11-17 12:04 - 2013-11-17 12:04 - 00000872 _____ C:\Windows\PFRO.log
2013-11-17 11:39 - 2013-11-17 17:15 - 00111318 _____ C:\Windows\WindowsUpdate.log
2013-11-17 11:29 - 2013-11-17 12:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 14:38 - 2013-11-16 14:39 - 00000000 ____D C:\Users\Miriam\Desktop\Neuer Ordner (2)
2013-11-16 09:13 - 2013-11-16 12:03 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Anni
2013-11-16 09:02 - 2013-11-17 12:03 - 00000000 ____D C:\Users\Miriam\Desktop\Neuer Ordner
2013-11-16 08:47 - 2013-11-16 08:48 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 22:06 - 2013-11-15 22:06 - 00000000 ____D C:\Users\Miriam\Desktop\dz
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 09:22 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 09:22 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 17:00 - 2013-11-15 22:03 - 00000000 ____D C:\Users\Miriam\Desktop\shsfg
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:29 - 2013-11-14 17:02 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-14 12:12 - 2013-11-15 11:39 - 00000000 ____D C:\Users\Miriam\Desktop\Gutschein Fotoshootings
2013-11-13 19:25 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:25 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:25 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:25 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:25 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:25 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:25 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:25 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:25 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:25 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:25 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:24 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:24 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:24 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:24 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:24 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:24 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:24 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:24 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 19:24 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 12:55 - 2013-11-14 15:29 - 00000000 ____D C:\Users\Miriam\Desktop\iPhone
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:52 - 2013-11-09 19:00 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-04 13:59 - 2013-11-04 16:28 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-11-01 20:01 - 2013-11-07 22:07 - 00000000 ____D C:\Users\Miriam\Desktop\Johanna Babybauch
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:37 - 2013-10-30 07:38 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP

==================== One Month Modified Files and Folders =======

2013-11-17 17:26 - 2013-11-17 13:21 - 00011072 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-17 17:25 - 2013-11-17 17:24 - 01958026 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-17 17:15 - 2013-11-17 11:39 - 00111318 _____ C:\Windows\WindowsUpdate.log
2013-11-17 17:14 - 2012-12-11 12:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 17:11 - 2012-07-26 11:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-17 17:11 - 2012-07-26 11:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-17 17:11 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-17 16:58 - 2012-12-10 13:36 - 00000000 ____D C:\Users\Miriam\Documents\Outlook-Dateien
2013-11-17 13:37 - 2013-11-17 13:37 - 02347384 _____ (ESET) C:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:30 - 2013-11-17 13:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Miriam\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-17 13:23 - 2013-11-17 13:23 - 00022531 _____ C:\Users\Miriam\Desktop\Addition.txt
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:19 - 2012-12-10 14:12 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\WTablet
2013-11-17 13:19 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 13:18 - 2013-11-17 12:52 - 00000000 ____D C:\AdwCleaner
2013-11-17 13:14 - 2013-11-17 13:14 - 00000937 _____ C:\Users\Miriam\Desktop\JRT.txt
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:09 - 2013-11-17 12:59 - 00000000 ____D C:\Users\Miriam\Desktop\Systemprogramme (Viren etc.)
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 13:06 - 2012-12-09 12:22 - 00000000 ____D C:\Users\Miriam
2013-11-17 12:56 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-17 12:39 - 2013-11-17 12:09 - 00000335 _____ C:\local.conf
2013-11-17 12:09 - 2013-11-17 11:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 12:04 - 2013-11-17 12:04 - 00000872 _____ C:\Windows\PFRO.log
2013-11-17 12:04 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 12:03 - 2013-11-16 09:02 - 00000000 ____D C:\Users\Miriam\Desktop\Neuer Ordner
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 09:48 - 2012-12-09 13:08 - 00000000 ____D C:\Users\Miriam\AppData\Local\Adobe
2013-11-16 21:06 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 14:39 - 2013-11-16 14:38 - 00000000 ____D C:\Users\Miriam\Desktop\Neuer Ordner (2)
2013-11-16 12:53 - 2013-04-07 20:47 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\vlc
2013-11-16 12:50 - 2013-02-23 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Dropbox
2013-11-16 12:03 - 2013-11-16 09:13 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Anni
2013-11-16 10:18 - 2013-02-23 14:40 - 00000000 ___RD C:\Users\Miriam\Dropbox
2013-11-16 08:48 - 2013-11-16 08:47 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 22:06 - 2013-11-15 22:06 - 00000000 ____D C:\Users\Miriam\Desktop\dz
2013-11-15 22:03 - 2013-11-14 17:00 - 00000000 ____D C:\Users\Miriam\Desktop\shsfg
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 11:39 - 2013-11-14 12:12 - 00000000 ____D C:\Users\Miriam\Desktop\Gutschein Fotoshootings
2013-11-15 10:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 17:02 - 2013-11-14 16:29 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:18 - 2013-06-28 13:56 - 00000000 ____D C:\ProgramData\hps
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-14 15:29 - 2013-11-13 12:55 - 00000000 ____D C:\Users\Miriam\Desktop\iPhone
2013-11-13 19:41 - 2012-12-10 13:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 19:38 - 2013-08-14 13:07 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:36 - 2012-12-12 12:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 18:24 - 2012-12-29 20:18 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\FileZilla
2013-11-11 18:22 - 2012-12-12 13:54 - 00000132 _____ C:\Users\Miriam\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-11-11 18:13 - 2013-02-23 14:49 - 00000000 ____D C:\Users\Miriam\Desktop\Bildbea für Erich
2013-11-11 15:00 - 2013-10-06 08:12 - 00000000 ____D C:\Program Files\CCleaner
2013-11-09 19:46 - 2012-12-09 12:28 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-734915465-461864420-888540340-1001
2013-11-09 19:00 - 2013-11-09 18:52 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Local\2BrightSparks
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:26 - 2013-07-29 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Local\Deployment
2013-11-07 22:07 - 2013-11-01 20:01 - 00000000 ____D C:\Users\Miriam\Desktop\Johanna Babybauch
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-05 23:58 - 2013-11-15 09:22 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 09:22 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 16:28 - 2013-11-04 13:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:51 - 2013-09-22 12:10 - 00000000 ____D C:\ProgramData\Oracle
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:38 - 2013-10-30 07:37 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP
2013-10-19 19:14 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-10-18 10:38 - 2013-08-14 18:35 - 00000000 ____D C:\Users\Miriam\Desktop\100CANON

Some content of TEMP:
====================
C:\Users\Miriam\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-08 09:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013 02
Ran by Miriam at 2013-11-17 17:30:52
Running from C:\Users\Miriam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe® Content Viewer (x32 Version: 3.3.0)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000)
Age of Empires III (x32 Version: 1.00.0000)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.10 (Unicode) (x32)
Bamboo (x32)
bl (x32 Version: 1.0.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MG5200 series MP Drivers
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon MP Navigator EX 1.0 (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.0.0)
Canon Utilities EOS Utility (x32 Version: 2.8.1.0)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
CCleaner (Version: 4.06)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.15)
Divine Elemente (Version: 0.9.2.156)
Dropbox (HKCU Version: 2.0.22)
DSLR Remote Pro (x32 Version: v2.4)
ESET Online Scanner v3 (x32)
fc prints order (HKCU)
fc prints order (x32)
File Scavenger 4.2 (de) (x32 Version: 4.2.4.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free Screen To Video V 2.0 (x32 Version: 2.0.0.0)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
High-Definition Video Playback (x32 Version: 7.1.13400.42.0)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Java 7 Update 40 (x32 Version: 7.0.400)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Langenscheidt Vokabeltrainer 6.0 Spanisch (x32 Version: 6.0.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (x32 Version: 14.0.7015.1000)
Microsoft Office O MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Nero 10 ClipartPack (x32 Version: 10.2.10000.11.0)
Nero 10 Menu TemplatePack 1 (x32 Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 2 (x32 Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 3 (x32 Version: 10.2.10100.1.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack 1 (x32 Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack 2 (x32 Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack 3 (x32 Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack 4 (x32 Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0)
Nero 10 PiP EffectPack 1 (x32 Version: 10.2.10000.0.0)
Nero 10 Sample ImagePack (x32 Version: 10.2.10000.11.0)
Nero 10 Sample Videos (x32 Version: 10.2.10000.11.0)
Nero 10 Video TransitionPack 1 (x32 Version: 10.2.10000.0.0)
Nero BackItUp 10 (x32 Version: 5.6.11000.11.100)
Nero Burning ROM 10 (x32 Version: 10.2.11000.12.100)
Nero BurnRights 10 (x32 Version: 4.2.10300.0.102)
Nero Control Center 10 (x32 Version: 10.2.10600.0.6)
Nero Core Components 10 (x32 Version: 2.0.17400.8.2)
Nero CoverDesigner 10 (x32 Version: 5.2.10700.7.100)
Nero DiscSpeed 10 (x32 Version: 6.2.10300.1.100)
Nero Dolby Files 10 (x32 Version: 2.0.12100.0.10)
Nero Express 10 (x32 Version: 10.2.11100.12.100)
Nero MediaHub 10 (x32 Version: 1.2.12300.27.100)
Nero Multimedia Suite 10 Platinum HD (x32 Version: 10.5.10900)
Nero Recode 10 (x32 Version: 4.8.10400.3.100)
Nero RescueAgent 10 (x32 Version: 3.2.10600.7.100)
Nero SoundTrax 10 (x32 Version: 4.8.10200.1.100)
Nero StartSmart 10 (x32 Version: 10.2.11100.10.100)
Nero Vision 10 (x32 Version: 7.2.14700.9.100)
Nero WaveEditor 10 (x32 Version: 5.8.10400.2.100)
Notepad++ (x32 Version: 6.3)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
ORFO 9.0 (x32 Version: 9.0)
ORFO 9.0 (x32)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
PhotoScape (x32)
Pixum ContextUpload V1.0.0 (x32)
Pixum Fotobuch (x32 Version: 5.0.1)
Recuva (Version: 1.49)
RocketDock 1.3.5 (x32)
RUBICon (x32 Version: 2.0.25)
Saal Design Software (x32 Version: 3.1.26)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32)
Sharpener Pro 3.0 (x32 Version: 3.0.1.0)
SyncBackFree (x32 Version: 6.5.4.0)
TeamViewer 8 (x32 Version: 8.0.22298)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.5 (Version: 2.0.5)
Vokabeltrainer-Update 6.0.18 (x32 Version: 6.0.18)
win8codecs (x32 Version: 1.3.2)
WinRAR (x32)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
XAMPP 1.8.1 (x32)
XnConvert 1.55 (x32 Version: 1.55)

==================== Restore Points  =========================

30-10-2013 06:37:09 Installed Cisco Systems VPN Client 5.0.07.0440
03-11-2013 20:04:57 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
09-11-2013 17:26:19 Removed Sun ODF Plugin for Microsoft Office 3.2
13-11-2013 18:33:20 Windows Update
17-11-2013 11:03:27 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-12-09 15:46 - 00001833 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.nero.com
127.0.0.1 www.nero.com/rus/index.html
127.0.0.1 www.nero.com/rus/support.html
127.0.0.1 www.nero.com/rus/store-upgrade-center.html
127.0.0.1 www.nero.com/rus/store-volume-licensing.html
127.0.0.1 www.nero.com/eng/index.html
127.0.0.1 www.nero.com/enu/support-nero8.html
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com
127.0.0.1 www.nero.com/eng/privacy.html
127.0.0.1 support.nero.com
127.0.0.1 nero.net
127.0.0.1 nero.com
127.0.0.1 activate.nero.com
127.0.0.1 www.activate.nero.com
127.0.0.1 nero.de
127.0.0.1 activate.nero.de
127.0.0.1 www.activate.nero.de
127.0.0.1 zero.nero.net
127.0.0.1 cell.nero.net
127.0.0.1 heffiji.nero.net
127.0.0.1 limbo.nero.net
127.0.0.1 nero.net
127.0.0.1 netfoo.nero.net
127.0.0.1 ns2.nero.net
127.0.0.1 oemba.org

There are 3 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0BE78847-CD05-4050-AD34-FEFCCB9D8FC7} - \Plus-HD-2.6-firefoxinstaller No Task File
Task: {224C8230-DCF8-4756-BBB0-4B4375D24355} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {463D0060-2184-4BA8-9541-78482580BBBD} - \Plus-HD-2.6-enabler No Task File
Task: {547DB73E-79C6-4655-A0F4-B853CFFA399A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {988B0A96-71D3-41D7-B802-E12CD8FBA848} - \Plus-HD-2.6-updater No Task File
Task: {AD7EB1DE-828C-4ED7-95BA-D7CC288E4D26} - \Plus-HD-2.6-codedownloader No Task File
Task: {ADD9FFAF-275E-4A67-B784-5AA75CA83C32} - \Software Updater Ui No Task File
Task: {CA133A44-791F-4D26-AD59-226E50F5CCBE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {E24D63E4-DE79-42FC-A76A-676ADA1EE8C6} - System32\Tasks\AdobeAAMUpdater-1.0-Miriam-PC-Miriam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E4B99A2A-8CC9-4A5B-ABAB-10E4C6D030C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {EBEA180D-D1B4-4497-B163-FC6F5F8AA664} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {F0A15924-E05D-4C17-8ED1-B4E979E6128F} - \Software Updater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-24 08:38 - 2006-12-11 01:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-12-09 15:58 - 2007-03-04 10:48 - 00106496 _____ () C:\Program Files (x86)\RocketDock\Docklets\RocketClock\RocketClock.dll
2012-12-09 15:58 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-12-10 13:15 - 2013-11-16 21:06 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F
AlternateDataStreams: C:\Users\Miriam\Desktop\IMG_5600b.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Miriam\AppData\Local\SIHTQPwy:Ged4ZFBEKgLxwRkenoQyFA7HLV
AlternateDataStreams: C:\Users\Miriam\AppData\Local\Temp:OFbb72cIOZU0EWja8UIL

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2013 01:37:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/17/2013 01:37:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/17/2013 01:37:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/17/2013 01:37:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/17/2013 01:37:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (11/17/2013 01:19:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/17/2013 01:19:34 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/17/2013 01:19:14 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/17/2013 01:19:14 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/17/2013 01:19:14 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device


System errors:
=============
Error: (11/17/2013 01:18:20 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (11/17/2013 01:17:50 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (11/17/2013 01:17:20 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (11/17/2013 01:16:50 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (11/17/2013 01:37:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe

Error: (11/17/2013 01:37:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe

Error: (11/17/2013 01:37:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe

Error: (11/17/2013 01:37:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe

Error: (11/17/2013 01:37:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Miriam\Desktop\esetsmartinstaller_enu.exe

Error: (11/17/2013 01:19:37 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/17/2013 01:19:34 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/17/2013 01:19:14 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/17/2013 01:19:14 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/17/2013 01:19:14 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8104.28 MB
Available physical RAM: 6077.79 MB
Total Pagefile: 9320.29 MB
Available Pagefile: 7376.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:229.76 GB) (Free:57.01 GB) NTFS
Drive d: (Daten-Platte) (Fixed) (Total:343.24 GB) (Free:307.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1F8D46A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=343 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

==================== End Of Log ============================
         
Ach noch was: Keines der Programme hat noch was gefunden. Außer beim ADW-Cleaner. Da erscheint nach der Suche unter der Kategorie "Firefox" die folgende Datei. Ist das was kritisches?

C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\prefs.js

Habe schon öfters versucht, die Datei von dem Programm löschen zu lassen, doch sie taucht immer wieder auf.
__________________

Alt 18.11.2013, 07:04   #4
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Servus,



Zitat:
Zitat von mailik Beitrag anzeigen
Ich habe in der Zwischenzeit DIESEN Post hier gefunden ( http://www.trojaner-board.de/144426-...erscheint.html ) und die verschiedenen Schritte bereits ausgeführt. Jetzt bin ich beim letzten angekommen (ESET). Der hat jetzt auch nichts mehr gefunden.
Du sollst nicht Anleitungen 1:1 ausführen, da jede Infektion individuell ist und auch so behandelt werden sollte.

Wieso sollte ich dir noch helfen, wenn du sowieso machst, was du willst?


Zudem befindet sich auf deinem Rechner illegale Software:
Zitat:
127.0.0.1 www.nero.com
127.0.0.1 www.nero.com/rus/index.html
127.0.0.1 www.nero.com/rus/support.html
127.0.0.1 www.nero.com/rus/store-upgrade-center.html
127.0.0.1 www.nero.com/rus/store-volume-licensing.html
127.0.0.1 www.nero.com/eng/index.html
127.0.0.1 www.nero.com/enu/support-nero8.html
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com
127.0.0.1 www.nero.com/eng/privacy.html
127.0.0.1 support.nero.com
127.0.0.1 nero.net
127.0.0.1 nero.com
127.0.0.1 activate.nero.com
127.0.0.1 www.activate.nero.com
127.0.0.1 nero.de
127.0.0.1 activate.nero.de
127.0.0.1 www.activate.nero.de
127.0.0.1 zero.nero.net
127.0.0.1 cell.nero.net
127.0.0.1 heffiji.nero.net
127.0.0.1 limbo.nero.net
127.0.0.1 nero.net
127.0.0.1 netfoo.nero.net
127.0.0.1 ns2.nero.net
Solange diese nicht deinstalliert ist, gibt es sowieso keine weitere Hilfe...

Alt 18.11.2013, 07:24   #5
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Okay. Ich habe das jetzt alles deinstalliert und mache auch nichts mehr auf eigene Faust.
Ich dachte, das sei dasselbe. Kenne mich da aber auch nicht aus. Dickes Sorry. Dann fangen wir nochmal von vorne an.

Malewarebyte zeigt mir seit gestern zudem noch immer wieder zwischendurch (egal, ob ich im Internet surfe oder -wie gerade- etwas deinstalliere, diese drei Meldungen hier an:

Zugang zu einer potenziell gefährlichen Website erfolgreich gestoppt:

82.98.97.203
82.98.97.183
82.98.97.185


Alt 18.11.2013, 12:33   #6
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Servus,



FRST nochmal ausführen:



Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.



Poste mir zudem ALLE Logdateien von Tools, die du bereits ausgeführt hast.
__________________
--> "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?

Alt 18.11.2013, 17:57   #7
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by Miriam (administrator) on MIRIAM-PC on 18-11-2013 18:42:23
Running from C:\Users\Miriam\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Windows\system32\nlasvc32.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD4EC88D600D6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: info - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\info@sharkcube.com.xpi
FF Extension: youtube2mp3 - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: mediaconverter - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi
FF Extension: defaults - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

==================== Services (Whitelisted) =================

R2 dxdiag32; C:\Windows\system32\nlasvc32.exe [117760 2013-08-31] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SCElemente; C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe [270336 2013-05-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-08] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 18:42 - 2013-11-18 18:42 - 00000658 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2013-11-18 18:36 - 2013-11-18 18:43 - 00010643 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-18 18:22 - 2013-11-18 18:23 - 01958026 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-17 20:09 - 2013-11-17 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-17 19:02 - 2013-11-18 09:59 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Annika 16.11.2013
2013-11-17 17:34 - 2013-11-17 21:31 - 00000000 ____D C:\Users\Miriam\Desktop\PG
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:52 - 2013-11-17 19:03 - 00000000 ____D C:\AdwCleaner
2013-11-17 12:09 - 2013-11-17 12:39 - 00000335 _____ C:\local.conf
2013-11-17 12:04 - 2013-11-17 19:26 - 00001262 _____ C:\Windows\PFRO.log
2013-11-17 11:39 - 2013-11-18 09:53 - 00357803 _____ C:\Windows\WindowsUpdate.log
2013-11-17 11:29 - 2013-11-17 20:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 08:47 - 2013-11-16 08:48 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 09:22 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 09:22 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:29 - 2013-11-14 17:02 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-13 19:25 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:25 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:25 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:25 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:25 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:25 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:25 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:25 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:25 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:25 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:25 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:24 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:24 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:24 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:24 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:24 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:24 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:24 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:24 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 19:24 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:52 - 2013-11-09 19:00 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-04 13:59 - 2013-11-04 16:28 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:37 - 2013-10-30 07:38 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP

==================== One Month Modified Files and Folders =======

2013-11-18 18:43 - 2013-11-18 18:36 - 00010643 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-18 18:42 - 2013-11-18 18:42 - 00000658 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2013-11-18 18:31 - 2012-12-09 12:22 - 00000000 ____D C:\Users\Miriam
2013-11-18 18:23 - 2013-11-18 18:22 - 01958026 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-18 18:17 - 2012-12-10 14:12 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\WTablet
2013-11-18 18:17 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-18 11:14 - 2012-12-11 12:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 09:59 - 2013-11-17 19:02 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Annika 16.11.2013
2013-11-18 09:53 - 2013-11-17 11:39 - 00357803 _____ C:\Windows\WindowsUpdate.log
2013-11-18 08:31 - 2012-12-09 12:28 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-734915465-461864420-888540340-1001
2013-11-18 08:18 - 2013-06-28 13:52 - 00000000 ____D C:\Program Files (x86)\Pixum
2013-11-17 21:31 - 2013-11-17 17:34 - 00000000 ____D C:\Users\Miriam\Desktop\PG
2013-11-17 20:12 - 2013-11-17 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-17 20:08 - 2013-11-17 11:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 19:31 - 2012-07-26 11:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-17 19:31 - 2012-07-26 11:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-17 19:31 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 19:26 - 2013-11-17 12:04 - 00001262 _____ C:\Windows\PFRO.log
2013-11-17 19:26 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 19:03 - 2013-11-17 12:52 - 00000000 ____D C:\AdwCleaner
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:56 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-17 12:39 - 2013-11-17 12:09 - 00000335 _____ C:\local.conf
2013-11-17 12:04 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 09:48 - 2012-12-09 13:08 - 00000000 ____D C:\Users\Miriam\AppData\Local\Adobe
2013-11-16 21:06 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 12:53 - 2013-04-07 20:47 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\vlc
2013-11-16 12:50 - 2013-02-23 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Dropbox
2013-11-16 08:48 - 2013-11-16 08:47 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 10:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 17:02 - 2013-11-14 16:29 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:18 - 2013-06-28 13:56 - 00000000 ____D C:\ProgramData\hps
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-13 19:41 - 2012-12-10 13:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 19:38 - 2013-08-14 13:07 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:36 - 2012-12-12 12:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 18:24 - 2012-12-29 20:18 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\FileZilla
2013-11-11 18:22 - 2012-12-12 13:54 - 00000132 _____ C:\Users\Miriam\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-11-11 15:00 - 2013-10-06 08:12 - 00000000 ____D C:\Program Files\CCleaner
2013-11-09 19:00 - 2013-11-09 18:52 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Local\2BrightSparks
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:26 - 2013-07-29 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Local\Deployment
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-05 23:58 - 2013-11-15 09:22 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 09:22 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 16:28 - 2013-11-04 13:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:51 - 2013-09-22 12:10 - 00000000 ____D C:\ProgramData\Oracle
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:38 - 2013-10-30 07:37 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP
2013-10-19 19:14 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-18 08:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013 02
Ran by Miriam at 2013-11-18 18:43:22
Running from C:\Users\Miriam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe® Content Viewer (x32 Version: 3.3.0)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000)
Age of Empires III (x32 Version: 1.00.0000)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.10 (Unicode) (x32)
Bamboo (x32)
bl (x32 Version: 1.0.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MG5200 series MP Drivers
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon MP Navigator EX 1.0 (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.0.0)
Canon Utilities EOS Utility (x32 Version: 2.8.1.0)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
CCleaner (Version: 4.06)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.15)
Divine Elemente (Version: 0.9.2.156)
Dropbox (HKCU Version: 2.0.22)
DSLR Remote Pro (x32 Version: v2.4)
ESET Online Scanner v3 (x32)
fc prints order (HKCU)
fc prints order (x32)
File Scavenger 4.2 (de) (x32 Version: 4.2.4.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free Screen To Video V 2.0 (x32 Version: 2.0.0.0)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Java 7 Update 40 (x32 Version: 7.0.400)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Langenscheidt Vokabeltrainer 6.0 Spanisch (x32 Version: 6.0.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (x32 Version: 14.0.7015.1000)
Microsoft Office O MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Notepad++ (x32 Version: 6.3)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
ORFO 9.0 (x32 Version: 9.0)
ORFO 9.0 (x32)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
PhotoScape (x32)
Recuva (Version: 1.49)
RocketDock 1.3.5 (x32)
RUBICon (x32 Version: 2.0.25)
Saal Design Software (x32 Version: 3.1.26)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32)
Sharpener Pro 3.0 (x32 Version: 3.0.1.0)
SyncBackFree (x32 Version: 6.5.4.0)
TeamViewer 8 (x32 Version: 8.0.22298)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.5 (Version: 2.0.5)
Vokabeltrainer-Update 6.0.18 (x32 Version: 6.0.18)
win8codecs (x32 Version: 1.3.2)
WinRAR (x32)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
XAMPP 1.8.1 (x32)
XnConvert 1.55 (x32 Version: 1.55)

==================== Restore Points  =========================

03-11-2013 20:04:57 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
09-11-2013 17:26:19 Removed Sun ODF Plugin for Microsoft Office 3.2
13-11-2013 18:33:20 Windows Update
17-11-2013 11:03:27 Malwarebytes Anti-Rootkit Restore Point

==================== Scheduled Tasks (whitelisted) =============

Task: {0BE78847-CD05-4050-AD34-FEFCCB9D8FC7} - \Plus-HD-2.6-firefoxinstaller No Task File
Task: {224C8230-DCF8-4756-BBB0-4B4375D24355} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {463D0060-2184-4BA8-9541-78482580BBBD} - \Plus-HD-2.6-enabler No Task File
Task: {547DB73E-79C6-4655-A0F4-B853CFFA399A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {988B0A96-71D3-41D7-B802-E12CD8FBA848} - \Plus-HD-2.6-updater No Task File
Task: {AD7EB1DE-828C-4ED7-95BA-D7CC288E4D26} - \Plus-HD-2.6-codedownloader No Task File
Task: {ADD9FFAF-275E-4A67-B784-5AA75CA83C32} - \Software Updater Ui No Task File
Task: {CA133A44-791F-4D26-AD59-226E50F5CCBE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {E24D63E4-DE79-42FC-A76A-676ADA1EE8C6} - System32\Tasks\AdobeAAMUpdater-1.0-Miriam-PC-Miriam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E4B99A2A-8CC9-4A5B-ABAB-10E4C6D030C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {EBEA180D-D1B4-4497-B163-FC6F5F8AA664} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {F0A15924-E05D-4C17-8ED1-B4E979E6128F} - \Software Updater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-12-09 15:58 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-12-09 15:58 - 2007-03-04 10:48 - 00106496 _____ () C:\Program Files (x86)\RocketDock\Docklets\RocketClock\RocketClock.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F
AlternateDataStreams: C:\Users\Miriam\AppData\Local\SIHTQPwy:Ged4ZFBEKgLxwRkenoQyFA7HLV
AlternateDataStreams: C:\Users\Miriam\AppData\Local\Temp:OFbb72cIOZU0EWja8UIL

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2013 06:24:28 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2013 06:18:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2013 06:17:47 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007267C
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:32 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:32 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:32 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device


System errors:
=============
Error: (11/18/2013 06:41:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/17/2013 01:18:20 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (11/17/2013 01:17:50 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (11/17/2013 01:17:20 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (11/17/2013 01:16:50 PM) (Source: DCOM) (User: Miriam-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (11/18/2013 06:24:28 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2013 06:18:37 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/18/2013 06:17:47 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007267CRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:45 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:32 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:32 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/18/2013 06:17:32 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 8104.28 MB
Available physical RAM: 6588.77 MB
Total Pagefile: 9320.29 MB
Available Pagefile: 7821.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:229.76 GB) (Free:70.83 GB) NTFS
Drive d: (Daten-Platte) (Fixed) (Total:343.24 GB) (Free:315.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1F8D46A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=343 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.18.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Miriam :: MIRIAM-PC [Administrator]

Schutz: Deaktiviert

18.11.2013 18:48:59
mbam-log-2013-11-18 (18-48-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231590
Laufzeit: 1 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.012 - Bericht erstellt am 18/11/2013 um 18:53:26
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzername : Miriam - MIRIAM-PC
# Gestartet von : C:\Users\Miriam\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [40366 octets] - [17/11/2013 12:52:42]
AdwCleaner[R1].txt - [40486 octets] - [17/11/2013 12:54:33]
AdwCleaner[R2].txt - [1023 octets] - [17/11/2013 12:57:57]
AdwCleaner[R3].txt - [1113 octets] - [17/11/2013 13:01:44]
AdwCleaner[R4].txt - [1233 octets] - [17/11/2013 13:05:34]
AdwCleaner[R5].txt - [1353 octets] - [17/11/2013 13:16:26]
AdwCleaner[R6].txt - [1474 octets] - [17/11/2013 18:45:16]
AdwCleaner[R7].txt - [1534 octets] - [17/11/2013 18:50:09]
AdwCleaner[R8].txt - [1594 octets] - [17/11/2013 19:03:13]
AdwCleaner[R9].txt - [1185 octets] - [18/11/2013 18:53:26]
AdwCleaner[S0].txt - [288 octets] - [17/11/2013 12:54:18]
AdwCleaner[S1].txt - [39392 octets] - [17/11/2013 12:55:16]
AdwCleaner[S2].txt - [1175 octets] - [17/11/2013 13:03:44]
AdwCleaner[S3].txt - [1295 octets] - [17/11/2013 13:06:52]
AdwCleaner[S4].txt - [1415 octets] - [17/11/2013 13:18:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1545 octets] ##########
         
--- --- ---

Das ist alles, was ich habe. Die alten LOG-Dateien hatte ich leider schon -bevor ich "Schimpfe" gekriegt habe
gelöscht, da ich dachte, es sei alles i.O. Habe jetzt nochmal neue erstellt.
War das denn jetzt richtig, die externen Festplatten abzustecken? Oder sollte ich die bei
den Scans dran lassen?

Geändert von mailik (18.11.2013 um 18:19 Uhr)

Alt 18.11.2013, 18:38   #8
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Servus,


externe Festplatte nur anschließen, wenn das ausdrücklich in der Anleitung dabei steht!





Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Alt 18.11.2013, 21:00   #9
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 Pro x64
Ran by Miriam on 18.11.2013 at 21:40:12,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.11.2013 at 21:44:09,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

[/CODE]

Code:
ATTFilter

Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Miriam on 18.11.2013 at 21:48:10,98.
Microsoft Windows 8 Pro 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Miriam\Desktop\zoek.exe [Script inserted] 

==== System Restore Info ======================

18.11.2013 21:49:12 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-734915465-461864420-888540340-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\jetpack deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- YouTube MP3 Downloadhelper - %ProfilePath%\extensions\info@sharkcube.com.xpi
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de.xpi
- Media Converter - %ProfilePath%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi
- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default
4BF70B35B943BD73BD6E13EB7C1BA4B3	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll -	Shockwave Flash
AF661355EBAB898EB92D5454AEF93CE0	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.400.43
3A57A288F098188E92C6B0309CBC50B2	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Miriam\AppData\Local\Mozilla\Firefox\Profiles\gb0hxko8.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Miriam\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 18.11.2013 at 21:55:41,19 ======================
         
Habe ich jetzt alles gemacht, wie du es gesagt hast. Diese Meldung von Malwarebytes "Zugang zu einer potenziell gefährlichen Website erfolgreich gestoppt" kam gerade wieder.

Alt 19.11.2013, 17:11   #10
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Servus,






Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 19.11.2013, 18:56   #11
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Miriam (administrator) on MIRIAM-PC on 19-11-2013 19:53:34
Running from C:\Users\Miriam\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Windows\system32\nlasvc32.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD4EC88D600D6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: info - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\info@sharkcube.com.xpi
FF Extension: youtube2mp3 - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: mediaconverter - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi
FF Extension: defaults - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

==================== Services (Whitelisted) =================

R2 dxdiag32; C:\Windows\system32\nlasvc32.exe [117760 2013-08-31] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SCElemente; C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe [270336 2013-05-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-08] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 19:53 - 2013-11-19 19:53 - 01957964 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-19 19:52 - 2013-11-19 19:52 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Miriam\Desktop\tdsskiller.exe
2013-11-19 10:34 - 2013-11-19 19:32 - 00189851 _____ C:\Windows\WindowsUpdate.log
2013-11-18 21:54 - 2013-11-18 21:54 - 00001052 _____ C:\Windows\PFRO.log
2013-11-18 21:53 - 2013-11-18 21:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-18 21:48 - 2013-11-18 21:55 - 00005614 _____ C:\zoek-results.log
2013-11-18 21:48 - 2013-11-18 21:53 - 00000000 ____D C:\zoek_backup
2013-11-18 21:46 - 2013-11-18 13:36 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.scr
2013-11-18 21:46 - 2013-11-18 13:36 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.com
2013-11-18 21:46 - 2013-11-01 17:45 - 01269760 _____ C:\Users\Miriam\Desktop\zoek.exe
2013-11-18 21:44 - 2013-11-18 21:44 - 00000617 _____ C:\Users\Miriam\Desktop\JRT.txt
2013-11-18 21:38 - 2013-11-18 21:38 - 01034531 _____ (Thisisu) C:\Users\Miriam\Desktop\JRT.exe
2013-11-18 21:36 - 2013-11-18 21:36 - 00000000 ____D C:\Users\Miriam\Documents\Divine Elemente
2013-11-18 19:20 - 2013-11-18 21:24 - 00000000 ____D C:\Users\Miriam\Desktop\Generationenshootiong Schills
2013-11-18 18:52 - 2013-11-18 18:52 - 01085542 _____ C:\Users\Miriam\Desktop\adwcleaner.exe
2013-11-18 18:43 - 2013-11-18 18:43 - 00019757 _____ C:\Users\Miriam\Desktop\Addition.txt
2013-11-18 18:42 - 2013-11-18 18:42 - 00000658 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2013-11-18 18:36 - 2013-11-19 19:54 - 00010565 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-17 19:02 - 2013-11-18 09:59 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Annika 16.11.2013
2013-11-17 17:34 - 2013-11-17 21:31 - 00000000 ____D C:\Users\Miriam\Desktop\PG
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:52 - 2013-11-18 18:53 - 00000000 ____D C:\AdwCleaner
2013-11-17 12:09 - 2013-11-17 12:39 - 00000335 _____ C:\local.conf
2013-11-17 11:29 - 2013-11-17 20:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 08:47 - 2013-11-16 08:48 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 09:22 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 09:22 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:29 - 2013-11-14 17:02 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-13 19:25 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:25 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:25 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:25 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:25 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:25 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:25 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:25 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:25 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:25 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:25 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:24 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:24 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:24 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:24 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:24 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:24 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:24 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:24 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 19:24 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:52 - 2013-11-09 19:00 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-04 13:59 - 2013-11-04 16:28 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:37 - 2013-10-30 07:38 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP

==================== One Month Modified Files and Folders =======

2013-11-19 19:54 - 2013-11-18 18:36 - 00010565 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-19 19:53 - 2013-11-19 19:53 - 01957964 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-19 19:52 - 2013-11-19 19:52 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Miriam\Desktop\tdsskiller.exe
2013-11-19 19:32 - 2013-11-19 10:34 - 00189851 _____ C:\Windows\WindowsUpdate.log
2013-11-19 19:14 - 2012-12-11 12:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-19 19:10 - 2012-12-10 14:12 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\WTablet
2013-11-19 19:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-19 11:21 - 2012-12-10 15:10 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 10:38 - 2012-12-09 13:08 - 00000000 ____D C:\Users\Miriam\AppData\Local\Adobe
2013-11-18 21:59 - 2012-07-26 11:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-18 21:59 - 2012-07-26 11:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-18 21:59 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 21:57 - 2012-12-09 15:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-18 21:55 - 2013-11-18 21:48 - 00005614 _____ C:\zoek-results.log
2013-11-18 21:55 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 21:54 - 2013-11-18 21:54 - 00001052 _____ C:\Windows\PFRO.log
2013-11-18 21:53 - 2013-11-18 21:48 - 00000000 ____D C:\zoek_backup
2013-11-18 21:48 - 2013-11-18 21:53 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-18 21:44 - 2013-11-18 21:44 - 00000617 _____ C:\Users\Miriam\Desktop\JRT.txt
2013-11-18 21:38 - 2013-11-18 21:38 - 01034531 _____ (Thisisu) C:\Users\Miriam\Desktop\JRT.exe
2013-11-18 21:36 - 2013-11-18 21:36 - 00000000 ____D C:\Users\Miriam\Documents\Divine Elemente
2013-11-18 21:24 - 2013-11-18 19:20 - 00000000 ____D C:\Users\Miriam\Desktop\Generationenshootiong Schills
2013-11-18 18:53 - 2013-11-17 12:52 - 00000000 ____D C:\AdwCleaner
2013-11-18 18:52 - 2013-11-18 18:52 - 01085542 _____ C:\Users\Miriam\Desktop\adwcleaner.exe
2013-11-18 18:43 - 2013-11-18 18:43 - 00019757 _____ C:\Users\Miriam\Desktop\Addition.txt
2013-11-18 18:42 - 2013-11-18 18:42 - 00000658 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2013-11-18 18:31 - 2012-12-09 12:22 - 00000000 ____D C:\Users\Miriam
2013-11-18 13:36 - 2013-11-18 21:46 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.scr
2013-11-18 13:36 - 2013-11-18 21:46 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.com
2013-11-18 09:59 - 2013-11-17 19:02 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Annika 16.11.2013
2013-11-18 08:31 - 2012-12-09 12:28 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-734915465-461864420-888540340-1001
2013-11-18 08:18 - 2013-06-28 13:52 - 00000000 ____D C:\Program Files (x86)\Pixum
2013-11-17 21:31 - 2013-11-17 17:34 - 00000000 ____D C:\Users\Miriam\Desktop\PG
2013-11-17 20:08 - 2013-11-17 11:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:56 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-17 12:39 - 2013-11-17 12:09 - 00000335 _____ C:\local.conf
2013-11-17 12:04 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 21:06 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 12:53 - 2013-04-07 20:47 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\vlc
2013-11-16 12:50 - 2013-02-23 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Dropbox
2013-11-16 08:48 - 2013-11-16 08:47 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 10:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 17:02 - 2013-11-14 16:29 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:18 - 2013-06-28 13:56 - 00000000 ____D C:\ProgramData\hps
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-13 19:41 - 2012-12-10 13:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 19:38 - 2013-08-14 13:07 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:36 - 2012-12-12 12:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 18:24 - 2012-12-29 20:18 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\FileZilla
2013-11-11 18:22 - 2012-12-12 13:54 - 00000132 _____ C:\Users\Miriam\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-11-11 15:00 - 2013-10-06 08:12 - 00000000 ____D C:\Program Files\CCleaner
2013-11-09 19:00 - 2013-11-09 18:52 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Local\2BrightSparks
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:26 - 2013-07-29 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Local\Deployment
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-05 23:58 - 2013-11-15 09:22 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 09:22 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 16:28 - 2013-11-04 13:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-11-01 17:45 - 2013-11-18 21:46 - 01269760 _____ C:\Users\Miriam\Desktop\zoek.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:51 - 2013-09-22 12:10 - 00000000 ____D C:\ProgramData\Oracle
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:38 - 2013-10-30 07:37 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-19 10:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Miriam at 2013-11-19 19:54:55
Running from C:\Users\Miriam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe® Content Viewer (x32 Version: 3.3.0)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000)
Age of Empires III (x32 Version: 1.00.0000)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.10 (Unicode) (x32)
Bamboo (x32)
bl (x32 Version: 1.0.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MG5200 series MP Drivers
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon MP Navigator EX 1.0 (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.0.0)
Canon Utilities EOS Utility (x32 Version: 2.8.1.0)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
CCleaner (Version: 4.06)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.15)
Divine Elemente (Version: 0.9.2.156)
Dropbox (HKCU Version: 2.0.22)
         

Alt 19.11.2013, 18:59   #12
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Code:
ATTFilter
19:57:10.0920 0x1114  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
19:57:13.0704 0x1114  ============================================================
19:57:13.0704 0x1114  Current date / time: 2013/11/19 19:57:13.0704
19:57:13.0704 0x1114  SystemInfo:
19:57:13.0704 0x1114  
19:57:13.0704 0x1114  OS Version: 6.2.9200 ServicePack: 0.0
19:57:13.0704 0x1114  Product type: Workstation
19:57:13.0704 0x1114  ComputerName: MIRIAM-PC
19:57:13.0705 0x1114  UserName: Miriam
19:57:13.0705 0x1114  Windows directory: C:\Windows
19:57:13.0705 0x1114  System windows directory: C:\Windows
19:57:13.0705 0x1114  Running under WOW64
19:57:13.0705 0x1114  Processor architecture: Intel x64
19:57:13.0705 0x1114  Number of processors: 8
19:57:13.0705 0x1114  Page size: 0x1000
19:57:13.0705 0x1114  Boot type: Normal boot
19:57:13.0705 0x1114  ============================================================
19:57:14.0934 0x1114  KLMD registered as C:\Windows\system32\drivers\02935362.sys
19:57:15.0171 0x1114  System UUID: {1C9AC928-2419-BC96-E426-8A8C2F8E0756}
19:57:15.0855 0x1114  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:57:15.0861 0x1114  Drive \Device\Harddisk1\DR1 - Size: 0x78EF00000 (30.23 Gb), SectorSize: 0x200, Cylinders: 0xF6A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:15.0863 0x1114  ============================================================
19:57:15.0863 0x1114  \Device\Harddisk0\DR0:
19:57:15.0864 0x1114  MBR partitions:
19:57:15.0864 0x1114  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
19:57:15.0864 0x1114  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x1CB83000
19:57:15.0890 0x1114  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CC33000, BlocksNum 0x2AE7A800
19:57:15.0890 0x1114  \Device\Harddisk1\DR1:
19:57:15.0891 0x1114  MBR partitions:
19:57:15.0891 0x1114  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3C75800
19:57:15.0891 0x1114  ============================================================
19:57:15.0930 0x1114  C: <-> \Device\Harddisk0\DR0\Partition2
19:57:15.0975 0x1114  D: <-> \Device\Harddisk0\DR0\Partition3
19:57:15.0975 0x1114  ============================================================
19:57:15.0975 0x1114  Initialize success
19:57:15.0975 0x1114  ============================================================
19:57:20.0726 0x01a8  ============================================================
19:57:20.0726 0x01a8  Scan started
19:57:20.0726 0x01a8  Mode: Manual; 
19:57:20.0726 0x01a8  ============================================================
19:57:20.0726 0x01a8  KSN ping started
19:57:23.0245 0x01a8  KSN ping finished: true
19:57:23.0935 0x01a8  ================ Scan system memory ========================
19:57:23.0935 0x01a8  System memory - ok
19:57:23.0937 0x01a8  ================ Scan services =============================
19:57:24.0111 0x01a8  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
19:57:24.0128 0x01a8  1394ohci - ok
19:57:24.0146 0x01a8  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
19:57:24.0149 0x01a8  3ware - ok
19:57:24.0221 0x01a8  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:57:24.0234 0x01a8  ACPI - ok
19:57:24.0246 0x01a8  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
19:57:24.0249 0x01a8  acpiex - ok
19:57:24.0268 0x01a8  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
19:57:24.0269 0x01a8  acpipagr - ok
19:57:24.0272 0x01a8  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
19:57:24.0272 0x01a8  AcpiPmi - ok
19:57:24.0276 0x01a8  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
19:57:24.0276 0x01a8  acpitime - ok
19:57:24.0422 0x01a8  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:24.0427 0x01a8  AdobeARMservice - ok
19:57:24.0563 0x01a8  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:24.0581 0x01a8  AdobeFlashPlayerUpdateSvc - ok
19:57:24.0619 0x01a8  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:57:24.0631 0x01a8  adp94xx - ok
19:57:24.0646 0x01a8  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:57:24.0654 0x01a8  adpahci - ok
19:57:24.0661 0x01a8  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:57:24.0666 0x01a8  adpu320 - ok
19:57:24.0713 0x01a8  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:57:24.0726 0x01a8  AeLookupSvc - ok
19:57:24.0793 0x01a8  [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD             C:\Windows\system32\drivers\afd.sys
19:57:24.0805 0x01a8  AFD - ok
19:57:24.0817 0x01a8  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:57:24.0818 0x01a8  agp440 - ok
19:57:24.0849 0x01a8  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
19:57:24.0851 0x01a8  ALG - ok
19:57:24.0864 0x01a8  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
19:57:24.0867 0x01a8  AllUserInstallAgent - ok
19:57:24.0906 0x01a8  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
19:57:24.0909 0x01a8  AmdK8 - ok
19:57:24.0929 0x01a8  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
19:57:24.0931 0x01a8  AmdPPM - ok
19:57:24.0943 0x01a8  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:57:24.0946 0x01a8  amdsata - ok
19:57:24.0965 0x01a8  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:57:24.0971 0x01a8  amdsbs - ok
19:57:24.0974 0x01a8  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:57:24.0975 0x01a8  amdxata - ok
19:57:24.0980 0x01a8  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
19:57:24.0983 0x01a8  AppID - ok
19:57:25.0001 0x01a8  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:57:25.0003 0x01a8  AppIDSvc - ok
19:57:25.0046 0x01a8  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
19:57:25.0048 0x01a8  Appinfo - ok
19:57:25.0137 0x01a8  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:57:25.0142 0x01a8  Apple Mobile Device - ok
19:57:25.0170 0x01a8  [ 2D14788C5D0836292BEB27BBE109BE56, D032FDBD9E1708F77348655DE00DB395E38EB27A7EC3FB2EF3BA07D22CBC1402 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:57:25.0183 0x01a8  AppMgmt - ok
19:57:25.0193 0x01a8  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
19:57:25.0198 0x01a8  arc - ok
19:57:25.0213 0x01a8  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:57:25.0216 0x01a8  arcsas - ok
19:57:25.0219 0x01a8  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:25.0220 0x01a8  AsyncMac - ok
19:57:25.0224 0x01a8  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:57:25.0225 0x01a8  atapi - ok
19:57:25.0274 0x01a8  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:57:25.0286 0x01a8  AudioEndpointBuilder - ok
19:57:25.0367 0x01a8  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:57:25.0383 0x01a8  Audiosrv - ok
19:57:25.0417 0x01a8  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:57:25.0421 0x01a8  AxInstSV - ok
19:57:25.0477 0x01a8  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:57:25.0489 0x01a8  b06bdrv - ok
19:57:25.0527 0x01a8  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
19:57:25.0529 0x01a8  BasicDisplay - ok
19:57:25.0543 0x01a8  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
19:57:25.0544 0x01a8  BasicRender - ok
19:57:25.0599 0x01a8  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
19:57:25.0604 0x01a8  BDESVC - ok
19:57:25.0621 0x01a8  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
19:57:25.0622 0x01a8  Beep - ok
19:57:25.0701 0x01a8  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
19:57:25.0724 0x01a8  BFE - ok
19:57:25.0776 0x01a8  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
19:57:25.0795 0x01a8  BITS - ok
19:57:25.0818 0x01a8  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:57:25.0820 0x01a8  bowser - ok
19:57:25.0866 0x01a8  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:57:25.0869 0x01a8  BrokerInfrastructure - ok
19:57:25.0899 0x01a8  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
19:57:25.0902 0x01a8  Browser - ok
19:57:25.0942 0x01a8  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
19:57:25.0942 0x01a8  BthAvrcpTg - ok
19:57:25.0979 0x01a8  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
19:57:25.0981 0x01a8  BthHFEnum - ok
19:57:26.0013 0x01a8  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
19:57:26.0014 0x01a8  bthhfhid - ok
19:57:26.0030 0x01a8  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
19:57:26.0032 0x01a8  BTHMODEM - ok
19:57:26.0050 0x01a8  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
19:57:26.0053 0x01a8  bthserv - ok
19:57:26.0074 0x01a8  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:57:26.0077 0x01a8  cdfs - ok
19:57:26.0102 0x01a8  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
19:57:26.0107 0x01a8  cdrom - ok
19:57:26.0131 0x01a8  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:57:26.0134 0x01a8  CertPropSvc - ok
19:57:26.0146 0x01a8  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
19:57:26.0147 0x01a8  circlass - ok
19:57:26.0171 0x01a8  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
19:57:26.0180 0x01a8  CLFS - ok
19:57:26.0202 0x01a8  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
19:57:26.0203 0x01a8  CmBatt - ok
19:57:26.0260 0x01a8  [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:57:26.0271 0x01a8  CNG - ok
19:57:26.0291 0x01a8  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
19:57:26.0293 0x01a8  CompositeBus - ok
19:57:26.0296 0x01a8  COMSysApp - ok
19:57:26.0304 0x01a8  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
19:57:26.0305 0x01a8  condrv - ok
19:57:26.0335 0x01a8  [ 78AF1C499BF02F9814DF959A04A4F9C9, 9D569A57551C7ACE032C3ECC7BEB8C7606D6BAF58AC1660B4E9FBE907F47E274 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:57:26.0342 0x01a8  cphs - ok
19:57:26.0387 0x01a8  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:57:26.0392 0x01a8  CryptSvc - ok
19:57:26.0472 0x01a8  [ F2C69C3D98249DE14D4B2832516D4FD5, 5F622A61A99202802B35532036CFCFDFB1FDEC32465BA8CCAB4C4FAFA336FC2A ] CSC             C:\Windows\system32\drivers\csc.sys
19:57:26.0485 0x01a8  CSC - ok
19:57:26.0528 0x01a8  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4, 7F6F888CF4D7EF93144A791891E41858F7C0CDDC0B65ED09B9CD55EE3734FCCF ] CscService      C:\Windows\System32\cscsvc.dll
19:57:26.0565 0x01a8  CscService - ok
19:57:26.0605 0x01a8  [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
19:57:26.0606 0x01a8  CVirtA - ok
19:57:26.0763 0x01a8  [ 98C413E1A2FB6E5A4C101C25B3D0B275, 86C02211285F1807A6B276F07C56DE1A54BD5947E513884D8D971A22F4362849 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:57:26.0795 0x01a8  CVPND - ok
19:57:26.0821 0x01a8  [ 79AF0E203D089AF442A3F70ED00A37FB, BF28BF9AEE23A3052D5ADA6C1B4C255C5F09DED69BB88D2CA3C011D2C3CFA8C1 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
19:57:26.0828 0x01a8  CVPNDRVA - ok
19:57:26.0876 0x01a8  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
19:57:26.0881 0x01a8  dam - ok
19:57:26.0957 0x01a8  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:57:26.0975 0x01a8  DcomLaunch - ok
19:57:27.0002 0x01a8  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
19:57:27.0011 0x01a8  defragsvc - ok
19:57:27.0047 0x01a8  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
19:57:27.0054 0x01a8  DeviceAssociationService - ok
19:57:27.0099 0x01a8  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
19:57:27.0103 0x01a8  DeviceInstall - ok
19:57:27.0125 0x01a8  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
19:57:27.0128 0x01a8  Dfsc - ok
19:57:27.0175 0x01a8  [ B9430166FEB246F6070A62B3554932C9, 677DE435AA5C1FBFC0171384D4B7CED2EA6B0F8567540DB9DE454AC6D4A7C1D7 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:57:27.0182 0x01a8  dg_ssudbus - ok
19:57:27.0259 0x01a8  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:57:27.0282 0x01a8  Dhcp - ok
19:57:27.0300 0x01a8  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
19:57:27.0303 0x01a8  discache - ok
19:57:27.0319 0x01a8  [ 560495FF4CA22E1D9B1972FA18F43B6F, 41FFDD4C1097AA857A8177E34F101A1A9C1429A4E8DEC3D395C6135A9E112CD6 ] disk            C:\Windows\system32\drivers\disk.sys
19:57:27.0321 0x01a8  disk - ok
19:57:27.0342 0x01a8  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
19:57:27.0343 0x01a8  dmvsc - ok
19:57:27.0385 0x01a8  [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
19:57:27.0389 0x01a8  DNE - ok
19:57:27.0445 0x01a8  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:57:27.0460 0x01a8  Dnscache - ok
19:57:27.0495 0x01a8  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
19:57:27.0503 0x01a8  dot3svc - ok
19:57:27.0525 0x01a8  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
19:57:27.0532 0x01a8  DPS - ok
19:57:27.0575 0x01a8  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:57:27.0575 0x01a8  drmkaud - ok
19:57:27.0633 0x01a8  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
19:57:27.0645 0x01a8  DsmSvc - ok
19:57:27.0697 0x01a8  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\System32\drivers\dtsoftbus01.sys
19:57:27.0706 0x01a8  dtsoftbus01 - ok
19:57:27.0747 0x01a8  [ A76182DB73D8F8FFD27A8FB18AA04FF0, 149F734F04DF0FAAE5B93E31B3B6004119CA97DE929E10F7CC322BE33871378C ] dxdiag32        C:\Windows\system32\nlasvc32.exe
19:57:27.0751 0x01a8  dxdiag32 - ok
19:57:27.0869 0x01a8  [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9, 3D348D3EFCA9C2AC25C3D0722FB8F64820936DEFD3926888740442972A0A8189 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:57:27.0900 0x01a8  DXGKrnl - ok
19:57:27.0933 0x01a8  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
19:57:27.0936 0x01a8  Eaphost - ok
19:57:28.0085 0x01a8  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:57:28.0152 0x01a8  ebdrv - ok
19:57:28.0214 0x01a8  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS             C:\Windows\System32\lsass.exe
19:57:28.0219 0x01a8  EFS - ok
19:57:28.0262 0x01a8  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
19:57:28.0268 0x01a8  EhStorClass - ok
19:57:28.0294 0x01a8  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:57:28.0298 0x01a8  EhStorTcgDrv - ok
19:57:28.0304 0x01a8  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
19:57:28.0305 0x01a8  ErrDev - ok
19:57:28.0347 0x01a8  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
19:57:28.0358 0x01a8  EventSystem - ok
19:57:28.0379 0x01a8  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
19:57:28.0383 0x01a8  exfat - ok
19:57:28.0404 0x01a8  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:57:28.0409 0x01a8  fastfat - ok
19:57:28.0449 0x01a8  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
19:57:28.0485 0x01a8  Fax - ok
19:57:28.0490 0x01a8  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
19:57:28.0491 0x01a8  fdc - ok
19:57:28.0500 0x01a8  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:57:28.0502 0x01a8  fdPHost - ok
19:57:28.0511 0x01a8  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:57:28.0512 0x01a8  FDResPub - ok
19:57:28.0557 0x01a8  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
19:57:28.0561 0x01a8  fhsvc - ok
19:57:28.0595 0x01a8  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:57:28.0597 0x01a8  FileInfo - ok
19:57:28.0608 0x01a8  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:57:28.0609 0x01a8  Filetrace - ok
19:57:28.0625 0x01a8  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
19:57:28.0626 0x01a8  flpydisk - ok
19:57:28.0649 0x01a8  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:57:28.0657 0x01a8  FltMgr - ok
19:57:28.0753 0x01a8  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\Windows\system32\FntCache.dll
19:57:28.0779 0x01a8  FontCache - ok
19:57:28.0905 0x01a8  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:57:28.0909 0x01a8  FontCache3.0.0.0 - ok
19:57:28.0935 0x01a8  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:57:28.0939 0x01a8  FsDepends - ok
19:57:28.0957 0x01a8  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:57:28.0961 0x01a8  Fs_Rec - ok
19:57:29.0026 0x01a8  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:57:29.0045 0x01a8  fvevol - ok
19:57:29.0090 0x01a8  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
19:57:29.0092 0x01a8  FxPPM - ok
19:57:29.0121 0x01a8  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:57:29.0126 0x01a8  gagp30kx - ok
19:57:29.0163 0x01a8  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
19:57:29.0167 0x01a8  gencounter - ok
19:57:29.0209 0x01a8  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
19:57:29.0218 0x01a8  GPIOClx0101 - ok
19:57:29.0316 0x01a8  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:57:29.0346 0x01a8  gpsvc - ok
19:57:29.0409 0x01a8  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:57:29.0422 0x01a8  HdAudAddService - ok
19:57:29.0468 0x01a8  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
19:57:29.0470 0x01a8  HDAudBus - ok
19:57:29.0486 0x01a8  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
19:57:29.0488 0x01a8  HidBatt - ok
19:57:29.0529 0x01a8  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
19:57:29.0531 0x01a8  HidBth - ok
19:57:29.0569 0x01a8  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
19:57:29.0570 0x01a8  hidi2c - ok
19:57:29.0591 0x01a8  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
19:57:29.0593 0x01a8  HidIr - ok
19:57:29.0617 0x01a8  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
19:57:29.0618 0x01a8  hidserv - ok
19:57:29.0666 0x01a8  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
19:57:29.0669 0x01a8  HidUsb - ok
19:57:29.0723 0x01a8  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:57:29.0732 0x01a8  hkmsvc - ok
19:57:29.0780 0x01a8  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:57:29.0799 0x01a8  HomeGroupListener - ok
19:57:29.0847 0x01a8  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:57:29.0860 0x01a8  HomeGroupProvider - ok
19:57:29.0879 0x01a8  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:57:29.0881 0x01a8  HpSAMD - ok
19:57:29.0943 0x01a8  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:57:29.0961 0x01a8  HTTP - ok
19:57:29.0975 0x01a8  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:57:29.0976 0x01a8  hwpolicy - ok
19:57:29.0993 0x01a8  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
19:57:29.0993 0x01a8  hyperkbd - ok
19:57:29.0997 0x01a8  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
19:57:29.0998 0x01a8  HyperVideo - ok
19:57:30.0021 0x01a8  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
19:57:30.0024 0x01a8  i8042prt - ok
19:57:30.0055 0x01a8  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:57:30.0064 0x01a8  iaStorV - ok
19:57:30.0131 0x01a8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:57:30.0136 0x01a8  IDriverT - ok
19:57:30.0339 0x01a8  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:57:30.0518 0x01a8  igfx - ok
19:57:30.0538 0x01a8  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:57:30.0539 0x01a8  iirsp - ok
19:57:30.0621 0x01a8  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:57:30.0646 0x01a8  IKEEXT - ok
19:57:30.0651 0x01a8  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:57:30.0652 0x01a8  intelide - ok
19:57:30.0698 0x01a8  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
19:57:30.0700 0x01a8  intelppm - ok
19:57:30.0706 0x01a8  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:30.0708 0x01a8  IpFilterDriver - ok
19:57:30.0771 0x01a8  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:57:30.0790 0x01a8  iphlpsvc - ok
19:57:30.0810 0x01a8  [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
19:57:30.0812 0x01a8  IPMIDRV - ok
19:57:30.0818 0x01a8  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:57:30.0822 0x01a8  IPNAT - ok
19:57:30.0846 0x01a8  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:57:30.0847 0x01a8  IRENUM - ok
19:57:30.0851 0x01a8  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:57:30.0852 0x01a8  isapnp - ok
19:57:30.0867 0x01a8  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
19:57:30.0873 0x01a8  iScsiPrt - ok
19:57:30.0893 0x01a8  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
19:57:30.0895 0x01a8  kbdclass - ok
19:57:30.0921 0x01a8  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
19:57:30.0922 0x01a8  kbdhid - ok
19:57:30.0932 0x01a8  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
19:57:30.0933 0x01a8  kdnic - ok
19:57:30.0941 0x01a8  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso          C:\Windows\system32\lsass.exe
19:57:30.0943 0x01a8  KeyIso - ok
19:57:30.0986 0x01a8  [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:57:30.0988 0x01a8  KSecDD - ok
19:57:31.0043 0x01a8  [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:57:31.0055 0x01a8  KSecPkg - ok
19:57:31.0092 0x01a8  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:57:31.0093 0x01a8  ksthunk - ok
19:57:31.0135 0x01a8  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:57:31.0148 0x01a8  KtmRm - ok
19:57:31.0184 0x01a8  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:57:31.0192 0x01a8  LanmanServer - ok
19:57:31.0229 0x01a8  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:57:31.0235 0x01a8  LanmanWorkstation - ok
19:57:31.0252 0x01a8  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:57:31.0254 0x01a8  lltdio - ok
19:57:31.0280 0x01a8  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:57:31.0288 0x01a8  lltdsvc - ok
19:57:31.0307 0x01a8  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:57:31.0309 0x01a8  lmhosts - ok
19:57:31.0331 0x01a8  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:57:31.0335 0x01a8  LSI_SAS - ok
19:57:31.0339 0x01a8  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:57:31.0342 0x01a8  LSI_SAS2 - ok
19:57:31.0348 0x01a8  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:57:31.0351 0x01a8  LSI_SCSI - ok
19:57:31.0361 0x01a8  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
19:57:31.0363 0x01a8  LSI_SSS - ok
19:57:31.0410 0x01a8  [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM             C:\Windows\System32\lsm.dll
19:57:31.0420 0x01a8  LSM - ok
19:57:31.0436 0x01a8  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:57:31.0439 0x01a8  luafv - ok
19:57:31.0495 0x01a8  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:57:31.0496 0x01a8  MBAMProtector - ok
19:57:31.0545 0x01a8  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:57:31.0552 0x01a8  MBAMScheduler - ok
19:57:31.0580 0x01a8  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:57:31.0591 0x01a8  MBAMService - ok
19:57:31.0609 0x01a8  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:57:31.0610 0x01a8  megasas - ok
19:57:31.0632 0x01a8  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:57:31.0640 0x01a8  MegaSR - ok
19:57:31.0674 0x01a8  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
19:57:31.0676 0x01a8  MEIx64 - ok
19:57:31.0747 0x01a8  Microsoft SharePoint Workspace Audit Service - ok
19:57:31.0790 0x01a8  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
19:57:31.0799 0x01a8  MMCSS - ok
19:57:31.0810 0x01a8  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
19:57:31.0813 0x01a8  Modem - ok
19:57:31.0856 0x01a8  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
19:57:31.0857 0x01a8  monitor - ok
19:57:31.0866 0x01a8  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
19:57:31.0868 0x01a8  mouclass - ok
19:57:31.0882 0x01a8  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
19:57:31.0884 0x01a8  mouhid - ok
19:57:31.0912 0x01a8  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:57:31.0916 0x01a8  mountmgr - ok
19:57:31.0942 0x01a8  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:57:31.0945 0x01a8  MozillaMaintenance - ok
19:57:31.0978 0x01a8  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C, BCBFF081FAFB822CE29D291FB329FC310D90F0EC0D1BB69CF8CB09ED5A2E84D1 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:57:31.0980 0x01a8  mpsdrv - ok
19:57:32.0039 0x01a8  [ 3031573A739DBEE8923851929D0AF423, E9EA6C0D12A896AC745173B1F1A58192B52724AA424718B16B8D05E9AC091741 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:57:32.0058 0x01a8  MpsSvc - ok
19:57:32.0091 0x01a8  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:57:32.0095 0x01a8  MRxDAV - ok
19:57:32.0142 0x01a8  [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:32.0151 0x01a8  mrxsmb - ok
19:57:32.0169 0x01a8  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:32.0175 0x01a8  mrxsmb10 - ok
19:57:32.0190 0x01a8  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:32.0195 0x01a8  mrxsmb20 - ok
19:57:32.0238 0x01a8  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
19:57:32.0245 0x01a8  MsBridge - ok
19:57:32.0267 0x01a8  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
19:57:32.0274 0x01a8  MSDTC - ok
19:57:32.0292 0x01a8  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:57:32.0294 0x01a8  Msfs - ok
19:57:32.0328 0x01a8  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
19:57:32.0331 0x01a8  msgpiowin32 - ok
19:57:32.0348 0x01a8  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:57:32.0349 0x01a8  mshidkmdf - ok
19:57:32.0368 0x01a8  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
19:57:32.0369 0x01a8  mshidumdf - ok
19:57:32.0381 0x01a8  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:57:32.0382 0x01a8  msisadrv - ok
19:57:32.0406 0x01a8  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:57:32.0412 0x01a8  MSiSCSI - ok
19:57:32.0414 0x01a8  msiserver - ok
19:57:32.0423 0x01a8  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:57:32.0424 0x01a8  MSKSSRV - ok
19:57:32.0436 0x01a8  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
19:57:32.0438 0x01a8  MsLldp - ok
19:57:32.0442 0x01a8  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:32.0442 0x01a8  MSPCLOCK - ok
19:57:32.0445 0x01a8  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:57:32.0446 0x01a8  MSPQM - ok
19:57:32.0476 0x01a8  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:57:32.0485 0x01a8  MsRPC - ok
19:57:32.0498 0x01a8  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
19:57:32.0499 0x01a8  mssmbios - ok
19:57:32.0511 0x01a8  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:57:32.0512 0x01a8  MSTEE - ok
19:57:32.0530 0x01a8  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
19:57:32.0531 0x01a8  MTConfig - ok
19:57:32.0545 0x01a8  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
19:57:32.0547 0x01a8  Mup - ok
19:57:32.0552 0x01a8  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
19:57:32.0554 0x01a8  mvumis - ok
19:57:32.0596 0x01a8  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
19:57:32.0607 0x01a8  napagent - ok
19:57:32.0633 0x01a8  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:57:32.0642 0x01a8  NativeWifiP - ok
19:57:32.0667 0x01a8  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
19:57:32.0671 0x01a8  NcaSvc - ok
19:57:32.0690 0x01a8  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
19:57:32.0693 0x01a8  NcdAutoSetup - ok
19:57:32.0757 0x01a8  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:57:32.0778 0x01a8  NDIS - ok
19:57:32.0791 0x01a8  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:57:32.0793 0x01a8  NdisCap - ok
19:57:32.0824 0x01a8  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
19:57:32.0827 0x01a8  NdisImPlatform - ok
19:57:32.0862 0x01a8  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:32.0862 0x01a8  NdisTapi - ok
19:57:32.0880 0x01a8  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:32.0883 0x01a8  Ndisuio - ok
19:57:32.0908 0x01a8  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:32.0921 0x01a8  NdisWan - ok
19:57:32.0929 0x01a8  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:32.0934 0x01a8  NDISWANLEGACY - ok
19:57:32.0980 0x01a8  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:57:32.0983 0x01a8  NDProxy - ok
19:57:33.0001 0x01a8  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
19:57:33.0008 0x01a8  Ndu - ok
19:57:33.0029 0x01a8  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:57:33.0031 0x01a8  NetBIOS - ok
19:57:33.0053 0x01a8  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:57:33.0065 0x01a8  NetBT - ok
19:57:33.0081 0x01a8  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon        C:\Windows\system32\lsass.exe
19:57:33.0083 0x01a8  Netlogon - ok
19:57:33.0115 0x01a8  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
19:57:33.0121 0x01a8  Netman - ok
19:57:33.0192 0x01a8  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
19:57:33.0208 0x01a8  netprofm - ok
19:57:33.0267 0x01a8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:57:33.0293 0x01a8  NetTcpPortSharing - ok
19:57:33.0594 0x01a8  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
19:57:33.0873 0x01a8  NETwNs64 - ok
19:57:33.0907 0x01a8  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:57:33.0909 0x01a8  nfrd960 - ok
19:57:33.0967 0x01a8  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:57:33.0981 0x01a8  NlaSvc - ok
19:57:33.0999 0x01a8  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:57:34.0000 0x01a8  Npfs - ok
19:57:34.0019 0x01a8  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
19:57:34.0020 0x01a8  npsvctrig - ok
19:57:34.0046 0x01a8  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
19:57:34.0048 0x01a8  nsi - ok
19:57:34.0065 0x01a8  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:57:34.0066 0x01a8  nsiproxy - ok
19:57:34.0187 0x01a8  [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:57:34.0225 0x01a8  Ntfs - ok
19:57:34.0245 0x01a8  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
19:57:34.0246 0x01a8  Null - ok
19:57:34.0667 0x01a8  [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:57:35.0069 0x01a8  nvlddmkm - ok
19:57:35.0107 0x01a8  [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:57:35.0108 0x01a8  nvpciflt - ok
19:57:35.0148 0x01a8  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:57:35.0159 0x01a8  nvraid - ok
19:57:35.0175 0x01a8  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:57:35.0181 0x01a8  nvstor - ok
19:57:35.0238 0x01a8  [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:57:35.0258 0x01a8  nvsvc - ok
19:57:35.0362 0x01a8  [ 84E035225474E48CD3A6A3CE52332095, C90E1BC112EDED3035F2D440DDA6FC838D5D9B5F0D7CBE5E4672FEB1CC49F449 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:57:35.0390 0x01a8  nvUpdatusService - ok
19:57:35.0405 0x01a8  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:57:35.0407 0x01a8  nv_agp - ok
19:57:35.0457 0x01a8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:35.0468 0x01a8  ose - ok
19:57:35.0690 0x01a8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:57:35.0877 0x01a8  osppsvc - ok
19:57:35.0915 0x01a8  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:57:35.0923 0x01a8  p2pimsvc - ok
19:57:35.0946 0x01a8  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:57:35.0957 0x01a8  p2psvc - ok
19:57:35.0980 0x01a8  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
19:57:35.0982 0x01a8  Parport - ok
19:57:36.0023 0x01a8  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:57:36.0026 0x01a8  partmgr - ok
19:57:36.0096 0x01a8  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:57:36.0113 0x01a8  PcaSvc - ok
19:57:36.0133 0x01a8  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
19:57:36.0141 0x01a8  pci - ok
19:57:36.0152 0x01a8  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
19:57:36.0153 0x01a8  pciide - ok
19:57:36.0176 0x01a8  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:57:36.0195 0x01a8  pcmcia - ok
19:57:36.0215 0x01a8  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
19:57:36.0217 0x01a8  pcw - ok
19:57:36.0261 0x01a8  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
19:57:36.0267 0x01a8  pdc - ok
19:57:36.0375 0x01a8  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:57:36.0399 0x01a8  PEAUTH - ok
19:57:36.0500 0x01a8  [ DF0D9BDCB600913F40FF125BF8CE1979, 63544C3CEAF47FEEB761FD25BCAE53610C7AD65B7B2295C49D72A7C3C78A376D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:57:36.0552 0x01a8  PeerDistSvc - ok
19:57:36.0618 0x01a8  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:57:36.0620 0x01a8  PerfHost - ok
19:57:36.0692 0x01a8  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
19:57:36.0722 0x01a8  pla - ok
19:57:36.0760 0x01a8  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:57:36.0764 0x01a8  PlugPlay - ok
19:57:36.0784 0x01a8  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:57:36.0786 0x01a8  PNRPAutoReg - ok
19:57:36.0813 0x01a8  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:57:36.0819 0x01a8  PNRPsvc - ok
19:57:36.0858 0x01a8  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:57:36.0868 0x01a8  PolicyAgent - ok
19:57:36.0901 0x01a8  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
19:57:36.0905 0x01a8  Power - ok
19:57:36.0939 0x01a8  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:57:36.0943 0x01a8  PptpMiniport - ok
19:57:37.0113 0x01a8  [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
19:57:37.0169 0x01a8  PrintNotify - ok
19:57:37.0203 0x01a8  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
19:57:37.0206 0x01a8  Processor - ok
19:57:37.0238 0x01a8  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
19:57:37.0244 0x01a8  ProfSvc - ok
19:57:37.0258 0x01a8  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:57:37.0262 0x01a8  Psched - ok
19:57:37.0295 0x01a8  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:57:37.0296 0x01a8  PxHlpa64 - ok
19:57:37.0322 0x01a8  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
19:57:37.0329 0x01a8  QWAVE - ok
19:57:37.0360 0x01a8  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:57:37.0362 0x01a8  QWAVEdrv - ok
19:57:37.0382 0x01a8  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:57:37.0385 0x01a8  RasAcd - ok
19:57:37.0424 0x01a8  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:57:37.0429 0x01a8  RasAgileVpn - ok
19:57:37.0451 0x01a8  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
19:57:37.0457 0x01a8  RasAuto - ok
19:57:37.0474 0x01a8  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:37.0479 0x01a8  Rasl2tp - ok
19:57:37.0511 0x01a8  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
19:57:37.0521 0x01a8  RasMan - ok
19:57:37.0537 0x01a8  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:37.0540 0x01a8  RasPppoe - ok
19:57:37.0552 0x01a8  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:57:37.0555 0x01a8  RasSstp - ok
19:57:37.0603 0x01a8  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:57:37.0613 0x01a8  rdbss - ok
19:57:37.0626 0x01a8  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
19:57:37.0627 0x01a8  rdpbus - ok
19:57:37.0650 0x01a8  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:57:37.0655 0x01a8  RDPDR - ok
19:57:37.0697 0x01a8  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:57:37.0701 0x01a8  RdpVideoMiniport - ok
19:57:37.0737 0x01a8  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:57:37.0752 0x01a8  RDPWD - ok
19:57:37.0772 0x01a8  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:57:37.0777 0x01a8  rdyboost - ok
19:57:37.0805 0x01a8  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:57:37.0808 0x01a8  RemoteAccess - ok
19:57:37.0840 0x01a8  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:57:37.0845 0x01a8  RemoteRegistry - ok
19:57:37.0882 0x01a8  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:57:37.0885 0x01a8  RpcEptMapper - ok
19:57:37.0913 0x01a8  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
19:57:37.0914 0x01a8  RpcLocator - ok
19:57:37.0962 0x01a8  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
19:57:37.0976 0x01a8  RpcSs - ok
19:57:37.0996 0x01a8  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:57:37.0998 0x01a8  rspndr - ok
19:57:38.0041 0x01a8  [ 15923AA360F7675D3D43C9669316A0BA, AD1852732082140C62CC44A01914162E44BF412B4A852DF27DC0E0765E64288F ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
19:57:38.0054 0x01a8  RTL8168 - ok
19:57:38.0081 0x01a8  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
19:57:38.0082 0x01a8  s3cap - ok
19:57:38.0124 0x01a8  [ 4F55BC63DCA859A6DEDC1106E0062135, C9AA97130DBEEE4D47BE2DAB3A8B8E7F0484DA0FCD3701C664B2F76F7671ACCF ] S3XXx64         C:\Windows\system32\DRIVERS\S3XXx64.sys
19:57:38.0125 0x01a8  S3XXx64 - ok
19:57:38.0161 0x01a8  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs           C:\Windows\system32\lsass.exe
19:57:38.0163 0x01a8  SamSs - ok
19:57:38.0178 0x01a8  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:57:38.0182 0x01a8  sbp2port - ok
19:57:38.0210 0x01a8  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:57:38.0216 0x01a8  SCardSvr - ok
19:57:38.0374 0x01a8  [ 8E24888064AFBF618EA1B8E442E92853, 08490E5E3D8EA0F5791F6883780D512DD4826AD7C7A51C033C8CB127455C0625 ] SCElemente      C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe
19:57:38.0387 0x01a8  SCElemente - ok
19:57:38.0415 0x01a8  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:57:38.0417 0x01a8  scfilter - ok
19:57:38.0527 0x01a8  [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule        C:\Windows\system32\schedsvc.dll
19:57:38.0556 0x01a8  Schedule - ok
19:57:38.0587 0x01a8  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:57:38.0590 0x01a8  SCPolicySvc - ok
19:57:38.0645 0x01a8  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
19:57:38.0657 0x01a8  sdbus - ok
19:57:38.0701 0x01a8  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:57:38.0714 0x01a8  SDRSVC - ok
19:57:38.0756 0x01a8  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
19:57:38.0759 0x01a8  sdstor - ok
19:57:38.0784 0x01a8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:57:38.0785 0x01a8  secdrv - ok
19:57:38.0804 0x01a8  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
19:57:38.0807 0x01a8  seclogon - ok
19:57:38.0830 0x01a8  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
19:57:38.0834 0x01a8  SENS - ok
19:57:38.0861 0x01a8  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:57:38.0870 0x01a8  SensrSvc - ok
19:57:38.0888 0x01a8  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
19:57:38.0890 0x01a8  SerCx - ok
19:57:38.0896 0x01a8  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
19:57:38.0897 0x01a8  Serenum - ok
19:57:38.0905 0x01a8  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
19:57:38.0909 0x01a8  Serial - ok
19:57:38.0914 0x01a8  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
19:57:38.0917 0x01a8  sermouse - ok
19:57:38.0932 0x01a8  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:57:38.0940 0x01a8  SessionEnv - ok
19:57:38.0944 0x01a8  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
19:57:38.0945 0x01a8  sfloppy - ok
19:57:38.0985 0x01a8  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:57:38.0995 0x01a8  SharedAccess - ok
19:57:39.0043 0x01a8  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:57:39.0057 0x01a8  ShellHWDetection - ok
19:57:39.0062 0x01a8  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:57:39.0064 0x01a8  SiSRaid2 - ok
19:57:39.0082 0x01a8  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:57:39.0084 0x01a8  SiSRaid4 - ok
19:57:39.0100 0x01a8  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:57:39.0102 0x01a8  SNMPTRAP - ok
19:57:39.0148 0x01a8  [ FD3AF5575B99871BADB94E7699DBCE08, 847A78C1388683984AFA7D00B7C7F8741BC1DFBF4999AAD1E2EFC22D3C316846 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
19:57:39.0154 0x01a8  spaceport - ok
19:57:39.0166 0x01a8  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
19:57:39.0168 0x01a8  SpbCx - ok
19:57:39.0207 0x01a8  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
19:57:39.0226 0x01a8  Spooler - ok
19:57:39.0429 0x01a8  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:57:39.0601 0x01a8  sppsvc - ok
19:57:39.0638 0x01a8  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:57:39.0647 0x01a8  srv - ok
19:57:39.0703 0x01a8  [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:57:39.0716 0x01a8  srv2 - ok
19:57:39.0735 0x01a8  [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:57:39.0742 0x01a8  srvnet - ok
19:57:39.0781 0x01a8  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:57:39.0788 0x01a8  SSDPSRV - ok
19:57:39.0808 0x01a8  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:57:39.0812 0x01a8  SstpSvc - ok
19:57:39.0867 0x01a8  [ C692C94FE55CAD0633440236022C27B3, 9A21E9B2EB96DC8C58DE060EEAFC2FD71AB9C539039DAAD5F7380556E2D1D69B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:57:39.0885 0x01a8  ssudmdm - ok
19:57:39.0922 0x01a8  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:57:39.0925 0x01a8  stexstor - ok
19:57:39.0985 0x01a8  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
19:57:40.0005 0x01a8  stisvc - ok
19:57:40.0048 0x01a8  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
19:57:40.0049 0x01a8  storahci - ok
19:57:40.0079 0x01a8  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:57:40.0080 0x01a8  storflt - ok
19:57:40.0092 0x01a8  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
19:57:40.0094 0x01a8  StorSvc - ok
19:57:40.0107 0x01a8  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:57:40.0109 0x01a8  storvsc - ok
19:57:40.0114 0x01a8  [ 1A36AC469140F87CDE62D7F8524E270C, B07086E0D844567FF0A880366EA8ED8042F8ED744E6AB1FD9539F360905A07F2 ] storvsp         C:\Windows\System32\drivers\storvsp.sys
19:57:40.0116 0x01a8  storvsp - ok
19:57:40.0137 0x01a8  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
19:57:40.0139 0x01a8  svsvc - ok
19:57:40.0156 0x01a8  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
19:57:40.0157 0x01a8  swenum - ok
19:57:40.0293 0x01a8  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:57:40.0313 0x01a8  SwitchBoard - ok
19:57:40.0343 0x01a8  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
19:57:40.0358 0x01a8  swprv - ok
19:57:40.0437 0x01a8  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
19:57:40.0466 0x01a8  SysMain - ok
19:57:40.0526 0x01a8  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:57:40.0542 0x01a8  SystemEventsBroker - ok
19:57:40.0573 0x01a8  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
19:57:40.0578 0x01a8  TabletInputService - ok
19:57:40.0789 0x01a8  [ 25999F2134BE3EA656D1F8D50FA089E6, 1986FB31A4D81301672CF1F16B60CE5F3A40D8A061CF1F8281F0458AFF466F00 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
19:57:40.0971 0x01a8  TabletServicePen - ok
19:57:41.0016 0x01a8  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:57:41.0024 0x01a8  TapiSrv - ok
19:57:41.0154 0x01a8  [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:57:41.0201 0x01a8  Tcpip - ok
19:57:41.0255 0x01a8  [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:57:41.0292 0x01a8  TCPIP6 - ok
19:57:41.0311 0x01a8  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:57:41.0312 0x01a8  tcpipreg - ok
19:57:41.0325 0x01a8  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:57:41.0329 0x01a8  tdx - ok
19:57:41.0575 0x01a8  [ F67C21CC4195F6AFC447418FE163E156, 01D245952C1AF2B365DBA6C36AFE0FFB2332480B6A1D7D4B43A0DE4FB7535B0B ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:57:41.0768 0x01a8  TeamViewer8 - ok
19:57:41.0782 0x01a8  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
19:57:41.0784 0x01a8  terminpt - ok
19:57:41.0854 0x01a8  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
19:57:41.0879 0x01a8  TermService - ok
19:57:41.0894 0x01a8  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
19:57:41.0897 0x01a8  Themes - ok
19:57:41.0946 0x01a8  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:57:41.0948 0x01a8  THREADORDER - ok
19:57:41.0997 0x01a8  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
19:57:42.0012 0x01a8  TimeBroker - ok
19:57:42.0052 0x01a8  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
19:57:42.0058 0x01a8  TPM - ok
19:57:42.0079 0x01a8  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
19:57:42.0085 0x01a8  TrkWks - ok
19:57:42.0153 0x01a8  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:57:42.0160 0x01a8  TrustedInstaller - ok
19:57:42.0191 0x01a8  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:57:42.0194 0x01a8  TsUsbFlt - ok
19:57:42.0201 0x01a8  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
19:57:42.0203 0x01a8  TsUsbGD - ok
19:57:42.0227 0x01a8  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:57:42.0235 0x01a8  tunnel - ok
19:57:42.0251 0x01a8  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:57:42.0254 0x01a8  uagp35 - ok
19:57:42.0259 0x01a8  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
19:57:42.0261 0x01a8  UASPStor - ok
19:57:42.0297 0x01a8  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
19:57:42.0302 0x01a8  UCX01000 - ok
19:57:42.0368 0x01a8  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:57:42.0380 0x01a8  udfs - ok
19:57:42.0419 0x01a8  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:57:42.0422 0x01a8  UI0Detect - ok
19:57:42.0440 0x01a8  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:57:42.0442 0x01a8  uliagpkx - ok
19:57:42.0462 0x01a8  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
19:57:42.0464 0x01a8  umbus - ok
19:57:42.0480 0x01a8  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
19:57:42.0482 0x01a8  UmPass - ok
19:57:42.0510 0x01a8  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:57:42.0519 0x01a8  UmRdpService - ok
19:57:42.0550 0x01a8  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
19:57:42.0563 0x01a8  upnphost - ok
19:57:42.0611 0x01a8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\System32\Drivers\usbaapl64.sys
19:57:42.0612 0x01a8  USBAAPL64 - ok
19:57:42.0663 0x01a8  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
19:57:42.0672 0x01a8  usbccgp - ok
19:57:42.0692 0x01a8  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
19:57:42.0697 0x01a8  usbcir - ok
19:57:42.0750 0x01a8  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
19:57:42.0756 0x01a8  usbehci - ok
19:57:42.0807 0x01a8  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
19:57:42.0827 0x01a8  usbhub - ok
19:57:42.0863 0x01a8  [ B1E910DDC08A8536116214326124903C, 8A1C69DD8ACC00A42CD86791397093342A86B2428DCBFC2CB21F0232D948B7B5 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
19:57:42.0873 0x01a8  USBHUB3 - ok
19:57:42.0907 0x01a8  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
19:57:42.0908 0x01a8  usbohci - ok
19:57:42.0920 0x01a8  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
19:57:42.0921 0x01a8  usbprint - ok
19:57:42.0948 0x01a8  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
19:57:42.0951 0x01a8  USBSTOR - ok
19:57:42.0981 0x01a8  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
19:57:42.0982 0x01a8  usbuhci - ok
19:57:43.0005 0x01a8  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:57:43.0010 0x01a8  usbvideo - ok
19:57:43.0031 0x01a8  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
19:57:43.0040 0x01a8  USBXHCI - ok
19:57:43.0052 0x01a8  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc        C:\Windows\system32\lsass.exe
19:57:43.0054 0x01a8  VaultSvc - ok
19:57:43.0082 0x01a8  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:57:43.0083 0x01a8  vdrvroot - ok
19:57:43.0162 0x01a8  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
19:57:43.0187 0x01a8  vds - ok
19:57:43.0201 0x01a8  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
19:57:43.0204 0x01a8  VerifierExt - ok
19:57:43.0246 0x01a8  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
19:57:43.0257 0x01a8  vhdmp - ok
19:57:43.0270 0x01a8  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:57:43.0271 0x01a8  viaide - ok
19:57:43.0278 0x01a8  [ 0E43886F01C85B47BA0A3157274BCF59, C81E1841B1138D8C224FAF76258F7EB65145CCAF7938CA86CBADD8FFF79BA596 ] Vid             C:\Windows\System32\drivers\Vid.sys
19:57:43.0283 0x01a8  Vid - ok
19:57:43.0293 0x01a8  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:57:43.0296 0x01a8  vmbus - ok
19:57:43.0300 0x01a8  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
19:57:43.0301 0x01a8  VMBusHID - ok
19:57:43.0307 0x01a8  [ B4F432A51826FFC66F4DF72A83E8E4B1, 2C6F4D477F91605A3685FCF9EC6EA798E74C6853CC91547A749E9C050E7C19E8 ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
19:57:43.0310 0x01a8  vmbusr - ok
19:57:43.0347 0x01a8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
19:57:43.0354 0x01a8  vmicheartbeat - ok
19:57:43.0364 0x01a8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
19:57:43.0371 0x01a8  vmickvpexchange - ok
19:57:43.0381 0x01a8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
19:57:43.0387 0x01a8  vmicrdv - ok
19:57:43.0396 0x01a8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
19:57:43.0403 0x01a8  vmicshutdown - ok
19:57:43.0412 0x01a8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
19:57:43.0418 0x01a8  vmictimesync - ok
19:57:43.0428 0x01a8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
19:57:43.0435 0x01a8  vmicvss - ok
19:57:43.0451 0x01a8  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:57:43.0453 0x01a8  volmgr - ok
19:57:43.0480 0x01a8  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:57:43.0488 0x01a8  volmgrx - ok
19:57:43.0541 0x01a8  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:57:43.0547 0x01a8  volsnap - ok
19:57:43.0571 0x01a8  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
19:57:43.0573 0x01a8  vpci - ok
19:57:43.0577 0x01a8  [ 0190AFFF28F600461C0164353CC7EE27, D112DF69C9E629EC77FB95E7ACDDAAE24B5028C84454134BD26FEF9CC953AC0E ] vpcivsp         C:\Windows\System32\drivers\vpcivsp.sys
19:57:43.0579 0x01a8  vpcivsp - ok
19:57:43.0610 0x01a8  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:57:43.0613 0x01a8  vsmraid - ok
19:57:43.0715 0x01a8  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\Windows\system32\vssvc.exe
19:57:43.0748 0x01a8  VSS - ok
19:57:43.0774 0x01a8  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
19:57:43.0781 0x01a8  VSTXRAID - ok
19:57:43.0794 0x01a8  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:57:43.0795 0x01a8  vwifibus - ok
19:57:43.0830 0x01a8  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:57:43.0833 0x01a8  vwififlt - ok
19:57:43.0840 0x01a8  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:57:43.0841 0x01a8  vwifimp - ok
19:57:43.0875 0x01a8  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
19:57:43.0884 0x01a8  W32Time - ok
19:57:43.0917 0x01a8  [ E04D43C7D1641E95D35CAE6086C7E350, BF08ED680EC835D70C522B91560B8987F206793E8E2987117C1D7B77DEFF8556 ] wacommousefilter C:\Windows\System32\drivers\wacommousefilter.sys
19:57:43.0919 0x01a8  wacommousefilter - ok
19:57:43.0922 0x01a8  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
19:57:43.0923 0x01a8  WacomPen - ok
19:57:43.0939 0x01a8  [ 26B430E7C5F598FE7353E3BC4B261321, 86D612DAA7381CD9A58AF4F60D2413705DD6C8DC2BDCC43ACD3C8063A7D52E07 ] wacomvhid       C:\Windows\System32\drivers\wacomvhid.sys
19:57:43.0940 0x01a8  wacomvhid - ok
19:57:43.0956 0x01a8  [ 8B4255329EDFBA3ECFBD0714476FAD38, DF1EEBB2672A0A0762B16CDB85896752F508A0CB86E8B644F34F5098C73B9814 ] WacomVKHid      C:\Windows\System32\drivers\WacomVKHid.sys
19:57:43.0957 0x01a8  WacomVKHid - ok
19:57:44.0004 0x01a8  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:57:44.0011 0x01a8  Wanarp - ok
19:57:44.0021 0x01a8  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:57:44.0025 0x01a8  Wanarpv6 - ok
19:57:44.0096 0x01a8  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
19:57:44.0132 0x01a8  wbengine - ok
19:57:44.0156 0x01a8  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:57:44.0164 0x01a8  WbioSrvc - ok
19:57:44.0202 0x01a8  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
19:57:44.0209 0x01a8  Wcmsvc - ok
19:57:44.0311 0x01a8  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:57:44.0333 0x01a8  wcncsvc - ok
19:57:44.0364 0x01a8  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:57:44.0367 0x01a8  WcsPlugInService - ok
19:57:44.0396 0x01a8  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
19:57:44.0398 0x01a8  Wd - ok
19:57:44.0440 0x01a8  [ FD47DF026B32969B8A68721A0243E8EE, 57A7B9B40CEDADFB023AEDD9F29869F1B93EA2596F47B5DDC233D57FC585CCE1 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
19:57:44.0443 0x01a8  WdBoot - ok
19:57:44.0536 0x01a8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:57:44.0558 0x01a8  Wdf01000 - ok
19:57:44.0576 0x01a8  [ 5F425D842DD6ADE9F95A51A0616AFAD7, 807B8E6A4FE443A362076C225F588A8C897CFE24A6367F4D461C8F6D3EF004C5 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
19:57:44.0582 0x01a8  WdFilter - ok
19:57:44.0596 0x01a8  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:57:44.0600 0x01a8  WdiServiceHost - ok
19:57:44.0612 0x01a8  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:57:44.0615 0x01a8  WdiSystemHost - ok
19:57:44.0638 0x01a8  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6, 4281100271761521F75F4D5A3D2E9FF40A9C7D81CEDAFD2EDD95788534090CA6 ] WebClient       C:\Windows\System32\webclnt.dll
19:57:44.0645 0x01a8  WebClient - ok
19:57:44.0664 0x01a8  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:57:44.0672 0x01a8  Wecsvc - ok
19:57:44.0688 0x01a8  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:57:44.0692 0x01a8  wercplsupport - ok
19:57:44.0735 0x01a8  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:57:44.0739 0x01a8  WerSvc - ok
19:57:44.0784 0x01a8  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
19:57:44.0791 0x01a8  WFPLWFS - ok
19:57:44.0811 0x01a8  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
19:57:44.0817 0x01a8  WiaRpc - ok
19:57:44.0847 0x01a8  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:57:44.0849 0x01a8  WIMMount - ok
19:57:44.0881 0x01a8  WinDefend - ok
19:57:44.0987 0x01a8  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:57:45.0011 0x01a8  WinHttpAutoProxySvc - ok
19:57:45.0063 0x01a8  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:57:45.0068 0x01a8  Winmgmt - ok
19:57:45.0175 0x01a8  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:57:45.0235 0x01a8  WinRM - ok
19:57:45.0277 0x01a8  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:57:45.0278 0x01a8  WinUsb - ok
19:57:45.0347 0x01a8  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
19:57:45.0376 0x01a8  WlanSvc - ok
19:57:45.0501 0x01a8  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
19:57:45.0546 0x01a8  wlidsvc - ok
19:57:45.0579 0x01a8  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
19:57:45.0580 0x01a8  WmiAcpi - ok
19:57:45.0608 0x01a8  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:57:45.0612 0x01a8  wmiApSrv - ok
19:57:45.0648 0x01a8  WMPNetworkSvc - ok
19:57:45.0681 0x01a8  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
19:57:45.0682 0x01a8  wpcfltr - ok
19:57:45.0713 0x01a8  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:57:45.0715 0x01a8  WPCSvc - ok
19:57:45.0751 0x01a8  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:57:45.0755 0x01a8  WPDBusEnum - ok
19:57:45.0776 0x01a8  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
19:57:45.0777 0x01a8  WpdUpFltr - ok
19:57:45.0813 0x01a8  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:57:45.0814 0x01a8  ws2ifsl - ok
19:57:45.0863 0x01a8  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:57:45.0883 0x01a8  wscsvc - ok
19:57:45.0917 0x01a8  [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
19:57:45.0919 0x01a8  WSDPrintDevice - ok
19:57:45.0966 0x01a8  [ FA07DF46070F0826139709EF4D31FB71, 8F46A55D5C4336536E7974C9CEAFED55E7E9E9BF133D2AD0F6A55174F70B2F03 ] WSDScan         C:\Windows\System32\drivers\WSDScan.sys
19:57:45.0968 0x01a8  WSDScan - ok
19:57:45.0972 0x01a8  WSearch - ok
19:57:46.0106 0x01a8  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
19:57:46.0157 0x01a8  WSService - ok
19:57:46.0270 0x01a8  [ 21903F2FC8F70C1FC2AAAA2F06C2C665, 3269742B83BD2ABF25F6F6D987DF5751F12349262DAB2F9D7F16D1E45C223F36 ] WTouchService   C:\Program Files\WTouch\WTouchService.exe
19:57:46.0273 0x01a8  WTouchService - ok
19:57:46.0431 0x01a8  [ 5EE919B9C3056B399E488A9B253E258A, DEB92A99F7BCDD3575C737EDEFF853A9BD4E5D523C4D11C205C6C7257A5A79B7 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:57:46.0502 0x01a8  wuauserv - ok
19:57:46.0536 0x01a8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:57:46.0538 0x01a8  WudfPf - ok
19:57:46.0562 0x01a8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
19:57:46.0566 0x01a8  WUDFRd - ok
19:57:46.0588 0x01a8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:57:46.0592 0x01a8  wudfsvc - ok
19:57:46.0599 0x01a8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:46.0603 0x01a8  WUDFWpdFs - ok
19:57:46.0610 0x01a8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:46.0614 0x01a8  WUDFWpdMtp - ok
19:57:46.0662 0x01a8  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:57:46.0673 0x01a8  WwanSvc - ok
19:57:46.0681 0x01a8  ================ Scan global ===============================
19:57:46.0727 0x01a8  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
19:57:46.0780 0x01a8  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
19:57:46.0815 0x01a8  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
19:57:46.0863 0x01a8  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
19:57:46.0872 0x01a8  [ Global ] - ok
19:57:46.0872 0x01a8  ================ Scan MBR ==================================
19:57:46.0879 0x01a8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:57:47.0061 0x01a8  \Device\Harddisk0\DR0 - ok
19:57:47.0067 0x01a8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:57:47.0072 0x01a8  \Device\Harddisk1\DR1 - ok
19:57:47.0073 0x01a8  ================ Scan VBR ==================================
19:57:47.0075 0x01a8  [ D309E8376F8C8ED39FBE9D522CBB7738 ] \Device\Harddisk0\DR0\Partition1
19:57:47.0076 0x01a8  \Device\Harddisk0\DR0\Partition1 - ok
19:57:47.0087 0x01a8  [ 9840AAFFB286A8F6597BA84AE2A1D322 ] \Device\Harddisk0\DR0\Partition2
19:57:47.0088 0x01a8  \Device\Harddisk0\DR0\Partition2 - ok
19:57:47.0104 0x01a8  [ 0CF5608F106EC0C123F8D602A9A64E9D ] \Device\Harddisk0\DR0\Partition3
19:57:47.0105 0x01a8  \Device\Harddisk0\DR0\Partition3 - ok
19:57:47.0108 0x01a8  [ F3E2A137C2EADD9E13C7450BFB2545DC ] \Device\Harddisk1\DR1\Partition1
19:57:47.0109 0x01a8  \Device\Harddisk1\DR1\Partition1 - ok
19:57:47.0110 0x01a8  Waiting for KSN requests completion. In queue: 57
19:57:48.0111 0x01a8  Waiting for KSN requests completion. In queue: 57
19:57:49.0111 0x01a8  Waiting for KSN requests completion. In queue: 57
19:57:50.0164 0x01a8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.215.0 ), 0x61100 ( enabled : updated )
19:57:50.0215 0x01a8  Win FW state via NFP2: enabled
19:57:52.0695 0x01a8  ============================================================
19:57:52.0695 0x01a8  Scan finished
19:57:52.0695 0x01a8  ============================================================
19:57:52.0714 0x10f8  Detected object count: 0
19:57:52.0714 0x10f8  Actual detected object count: 0
         

Alt 19.11.2013, 19:42   #13
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Servus,



die logdatei "Addition.txt" ist unvollständig, bitte poste die vollständige Datei.

Alt 19.11.2013, 20:13   #14
mailik
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Hab hier nochmal beides. Hoffentlich jetzt komplett...
Hatte "addition.txt" beim ersten Lauf erst nachträglich markiert. Deshalb war es denk ich mal unvollständig.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Miriam (administrator) on MIRIAM-PC on 19-11-2013 21:11:16
Running from C:\Users\Miriam\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Windows\system32\nlasvc32.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD4EC88D600D6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: info - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\info@sharkcube.com.xpi
FF Extension: youtube2mp3 - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: mediaconverter - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi
FF Extension: defaults - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\gb0hxko8.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

==================== Services (Whitelisted) =================

R2 dxdiag32; C:\Windows\system32\nlasvc32.exe [117760 2013-08-31] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SCElemente; C:\Program Files (x86)\Divine\Elemente\System\ControlService.exe [270336 2013-05-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-08] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 19:56 - 2013-11-19 19:56 - 04101441 _____ C:\Users\Miriam\Desktop\tdsskiller.zip
2013-11-19 19:53 - 2013-11-19 19:53 - 01957964 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-19 19:52 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Miriam\Desktop\TDSSKiller.exe
2013-11-19 10:34 - 2013-11-19 20:39 - 00202868 _____ C:\Windows\WindowsUpdate.log
2013-11-18 21:54 - 2013-11-18 21:54 - 00001052 _____ C:\Windows\PFRO.log
2013-11-18 21:53 - 2013-11-18 21:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-18 21:48 - 2013-11-18 21:55 - 00005614 _____ C:\zoek-results.log
2013-11-18 21:48 - 2013-11-18 21:53 - 00000000 ____D C:\zoek_backup
2013-11-18 21:46 - 2013-11-18 13:36 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.scr
2013-11-18 21:46 - 2013-11-18 13:36 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.com
2013-11-18 21:46 - 2013-11-01 17:45 - 01269760 _____ C:\Users\Miriam\Desktop\zoek.exe
2013-11-18 21:44 - 2013-11-18 21:44 - 00000617 _____ C:\Users\Miriam\Desktop\JRT.txt
2013-11-18 21:38 - 2013-11-18 21:38 - 01034531 _____ (Thisisu) C:\Users\Miriam\Desktop\JRT.exe
2013-11-18 21:36 - 2013-11-18 21:36 - 00000000 ____D C:\Users\Miriam\Documents\Divine Elemente
2013-11-18 19:20 - 2013-11-18 21:24 - 00000000 ____D C:\Users\Miriam\Desktop\Generationenshootiong Schills
2013-11-18 18:52 - 2013-11-18 18:52 - 01085542 _____ C:\Users\Miriam\Desktop\adwcleaner.exe
2013-11-18 18:43 - 2013-11-19 19:55 - 00022729 _____ C:\Users\Miriam\Desktop\Addition.txt
2013-11-18 18:42 - 2013-11-18 18:42 - 00000658 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2013-11-18 18:36 - 2013-11-19 21:12 - 00010710 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-17 19:02 - 2013-11-18 09:59 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Annika 16.11.2013
2013-11-17 17:34 - 2013-11-17 21:31 - 00000000 ____D C:\Users\Miriam\Desktop\PG
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:52 - 2013-11-18 18:53 - 00000000 ____D C:\AdwCleaner
2013-11-17 12:09 - 2013-11-17 12:39 - 00000335 _____ C:\local.conf
2013-11-17 11:29 - 2013-11-17 20:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 08:47 - 2013-11-16 08:48 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 09:22 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 09:22 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:29 - 2013-11-14 17:02 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-13 19:25 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:25 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:25 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-13 19:25 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 19:25 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-13 19:25 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-13 19:25 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-13 19:25 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 19:25 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 19:25 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 19:25 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 19:25 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 19:25 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 19:25 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 19:25 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 19:25 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 19:24 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 19:24 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 19:24 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:24 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:24 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:24 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 19:24 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:24 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 19:24 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:24 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:24 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:24 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:24 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:24 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 19:24 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:52 - 2013-11-09 19:00 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-04 13:59 - 2013-11-04 16:28 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:37 - 2013-10-30 07:38 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP

==================== One Month Modified Files and Folders =======

2013-11-19 21:12 - 2013-11-18 18:36 - 00010710 _____ C:\Users\Miriam\Desktop\FRST.txt
2013-11-19 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-19 20:39 - 2013-11-19 10:34 - 00202868 _____ C:\Windows\WindowsUpdate.log
2013-11-19 20:14 - 2012-12-11 12:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-19 19:56 - 2013-11-19 19:56 - 04101441 _____ C:\Users\Miriam\Desktop\tdsskiller.zip
2013-11-19 19:55 - 2013-11-18 18:43 - 00022729 _____ C:\Users\Miriam\Desktop\Addition.txt
2013-11-19 19:53 - 2013-11-19 19:53 - 01957964 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2013-11-19 19:10 - 2012-12-10 14:12 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\WTablet
2013-11-19 11:21 - 2012-12-10 15:10 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 10:38 - 2012-12-09 13:08 - 00000000 ____D C:\Users\Miriam\AppData\Local\Adobe
2013-11-18 21:59 - 2012-07-26 11:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-11-18 21:59 - 2012-07-26 11:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-11-18 21:59 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 21:57 - 2012-12-09 15:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-18 21:55 - 2013-11-18 21:48 - 00005614 _____ C:\zoek-results.log
2013-11-18 21:55 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 21:54 - 2013-11-18 21:54 - 00001052 _____ C:\Windows\PFRO.log
2013-11-18 21:53 - 2013-11-18 21:48 - 00000000 ____D C:\zoek_backup
2013-11-18 21:48 - 2013-11-18 21:53 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-18 21:44 - 2013-11-18 21:44 - 00000617 _____ C:\Users\Miriam\Desktop\JRT.txt
2013-11-18 21:38 - 2013-11-18 21:38 - 01034531 _____ (Thisisu) C:\Users\Miriam\Desktop\JRT.exe
2013-11-18 21:36 - 2013-11-18 21:36 - 00000000 ____D C:\Users\Miriam\Documents\Divine Elemente
2013-11-18 21:24 - 2013-11-18 19:20 - 00000000 ____D C:\Users\Miriam\Desktop\Generationenshootiong Schills
2013-11-18 18:53 - 2013-11-17 12:52 - 00000000 ____D C:\AdwCleaner
2013-11-18 18:52 - 2013-11-18 18:52 - 01085542 _____ C:\Users\Miriam\Desktop\adwcleaner.exe
2013-11-18 18:42 - 2013-11-18 18:42 - 00000658 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2013-11-18 18:31 - 2012-12-09 12:22 - 00000000 ____D C:\Users\Miriam
2013-11-18 13:36 - 2013-11-18 21:46 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.scr
2013-11-18 13:36 - 2013-11-18 21:46 - 01397113 _____ C:\Users\Miriam\Desktop\zoek.com
2013-11-18 09:59 - 2013-11-17 19:02 - 00000000 ____D C:\Users\Miriam\Desktop\Shooting Annika 16.11.2013
2013-11-18 09:28 - 2013-11-19 19:52 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Miriam\Desktop\TDSSKiller.exe
2013-11-18 08:31 - 2012-12-09 12:28 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-734915465-461864420-888540340-1001
2013-11-18 08:18 - 2013-06-28 13:52 - 00000000 ____D C:\Program Files (x86)\Pixum
2013-11-17 21:31 - 2013-11-17 17:34 - 00000000 ____D C:\Users\Miriam\Desktop\PG
2013-11-17 20:08 - 2013-11-17 11:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-17 13:37 - 2013-11-17 13:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-17 13:31 - 2013-11-17 13:31 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Malwarebytes
2013-11-17 13:30 - 2013-11-17 13:30 - 00001296 _____ C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbam-setup-1.75.0.1300.lnk
2013-11-17 13:30 - 2013-11-17 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 13:21 - 2013-11-17 13:21 - 00000000 ____D C:\FRST
2013-11-17 13:10 - 2013-11-17 13:10 - 00000000 ____D C:\Windows\ERUNT
2013-11-17 13:07 - 2013-11-17 13:07 - 00000000 ____D C:\WTablet
2013-11-17 12:56 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-17 12:39 - 2013-11-17 12:09 - 00000335 _____ C:\local.conf
2013-11-17 12:04 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 11:29 - 2013-11-17 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 21:06 - 2012-12-10 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 12:53 - 2013-04-07 20:47 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\vlc
2013-11-16 12:50 - 2013-02-23 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Dropbox
2013-11-16 08:48 - 2013-11-16 08:47 - 05122776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-15 12:42 - 2013-11-15 12:42 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.2
2013-11-15 10:10 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 17:02 - 2013-11-14 16:29 - 00000000 ____D C:\Program Files\Recuva
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\XnConvert
2013-11-14 16:59 - 2013-11-14 16:59 - 00000000 ____D C:\Program Files (x86)\XnConvert
2013-11-14 16:18 - 2013-06-28 13:56 - 00000000 ____D C:\ProgramData\hps
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-11-14 16:14 - 2013-11-14 16:14 - 00000000 ____D C:\Program Files (x86)\Convar
2013-11-13 19:41 - 2012-12-10 13:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 19:38 - 2013-08-14 13:07 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:36 - 2012-12-12 12:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 18:24 - 2012-12-29 20:18 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\FileZilla
2013-11-11 18:22 - 2012-12-12 13:54 - 00000132 _____ C:\Users\Miriam\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-11-11 15:00 - 2013-10-06 08:12 - 00000000 ____D C:\Program Files\CCleaner
2013-11-09 19:00 - 2013-11-09 18:52 - 00000000 ____D C:\Windows\System32\Tasks\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\2BrightSparks
2013-11-09 19:00 - 2013-08-21 16:32 - 00000000 ____D C:\Users\Miriam\AppData\Local\2BrightSparks
2013-11-09 18:59 - 2013-11-09 18:59 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-11-09 18:26 - 2013-07-29 14:34 - 00000000 ____D C:\Users\Miriam\AppData\Local\Deployment
2013-11-07 09:41 - 2013-11-07 09:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Software_Updater
2013-11-05 23:58 - 2013-11-15 09:22 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 09:22 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 16:28 - 2013-11-04 13:59 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\TeamViewer
2013-11-04 13:58 - 2013-11-04 13:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-11-01 17:45 - 2013-11-18 21:46 - 01269760 _____ C:\Users\Miriam\Desktop\zoek.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-30 08:51 - 2013-10-30 08:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-30 08:51 - 2013-09-22 12:10 - 00000000 ____D C:\ProgramData\Oracle
2013-10-30 08:50 - 2013-10-30 08:50 - 00000000 ____D C:\Program Files\Java
2013-10-30 07:38 - 2013-10-30 07:37 - 00001593 _____ C:\Windows\VPNInstall.MIF
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-10-30 07:37 - 2013-10-30 07:37 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-10-30 07:35 - 2013-10-30 07:35 - 00000000 ____D C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-19 10:48

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Miriam at 2013-11-19 21:12:16
Running from C:\Users\Miriam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe® Content Viewer (x32 Version: 3.3.0)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000)
Age of Empires III (x32 Version: 1.00.0000)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.10 (Unicode) (x32)
Bamboo (x32)
bl (x32 Version: 1.0.0)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MG5200 series MP Drivers
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon MP Navigator EX 1.0 (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.0.0)
Canon Utilities EOS Utility (x32 Version: 2.8.1.0)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
CCleaner (Version: 4.06)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.15)
Divine Elemente (Version: 0.9.2.156)
Dropbox (HKCU Version: 2.0.22)
DSLR Remote Pro (x32 Version: v2.4)
ESET Online Scanner v3 (x32)
fc prints order (HKCU)
fc prints order (x32)
File Scavenger 4.2 (de) (x32 Version: 4.2.4.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free Screen To Video V 2.0 (x32 Version: 2.0.0.0)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Java 7 Update 40 (x32 Version: 7.0.400)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Langenscheidt Vokabeltrainer 6.0 Spanisch (x32 Version: 6.0.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (x32 Version: 14.0.7015.1000)
Microsoft Office O MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Notepad++ (x32 Version: 6.3)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
ORFO 9.0 (x32 Version: 9.0)
ORFO 9.0 (x32)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
PhotoScape (x32)
Recuva (Version: 1.49)
RocketDock 1.3.5 (x32)
RUBICon (x32 Version: 2.0.25)
Saal Design Software (x32 Version: 3.1.26)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32)
Sharpener Pro 3.0 (x32 Version: 3.0.1.0)
SyncBackFree (x32 Version: 6.5.4.0)
TeamViewer 8 (x32 Version: 8.0.22298)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.5 (Version: 2.0.5)
Vokabeltrainer-Update 6.0.18 (x32 Version: 6.0.18)
win8codecs (x32 Version: 1.3.2)
WinRAR (x32)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
XAMPP 1.8.1 (x32)
XnConvert 1.55 (x32 Version: 1.55)

==================== Restore Points  =========================

03-11-2013 20:04:57 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
09-11-2013 17:26:19 Removed Sun ODF Plugin for Microsoft Office 3.2
13-11-2013 18:33:20 Windows Update
17-11-2013 11:03:27 Malwarebytes Anti-Rootkit Restore Point
18-11-2013 20:48:54 zoek.exe restore point

==================== Scheduled Tasks (whitelisted) =============

Task: {0BE78847-CD05-4050-AD34-FEFCCB9D8FC7} - \Plus-HD-2.6-firefoxinstaller No Task File
Task: {224C8230-DCF8-4756-BBB0-4B4375D24355} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {463D0060-2184-4BA8-9541-78482580BBBD} - \Plus-HD-2.6-enabler No Task File
Task: {547DB73E-79C6-4655-A0F4-B853CFFA399A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {988B0A96-71D3-41D7-B802-E12CD8FBA848} - \Plus-HD-2.6-updater No Task File
Task: {AD7EB1DE-828C-4ED7-95BA-D7CC288E4D26} - \Plus-HD-2.6-codedownloader No Task File
Task: {ADD9FFAF-275E-4A67-B784-5AA75CA83C32} - \Software Updater Ui No Task File
Task: {CA133A44-791F-4D26-AD59-226E50F5CCBE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {E24D63E4-DE79-42FC-A76A-676ADA1EE8C6} - System32\Tasks\AdobeAAMUpdater-1.0-Miriam-PC-Miriam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E4B99A2A-8CC9-4A5B-ABAB-10E4C6D030C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {EBEA180D-D1B4-4497-B163-FC6F5F8AA664} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {F0A15924-E05D-4C17-8ED1-B4E979E6128F} - \Software Updater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-24 08:38 - 2006-12-11 01:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-10-10 02:22 - 2012-10-10 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-12-09 15:58 - 2007-03-04 10:48 - 00106496 _____ () C:\Program Files (x86)\RocketDock\Docklets\RocketClock\RocketClock.dll
2012-12-09 15:58 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2012-12-10 13:15 - 2013-11-16 21:06 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F
AlternateDataStreams: C:\Users\Miriam\AppData\Local\SIHTQPwy:Ged4ZFBEKgLxwRkenoQyFA7HLV

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2013 09:10:41 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/19/2013 08:42:06 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/19/2013 07:10:20 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/19/2013 07:10:17 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Pen_Tablet.exe, Version: 5.2.0.6, Zeitstempel: 0x4a5dfdf8
Name des fehlerhaften Moduls: Pen_Tablet.exe, Version: 5.2.0.6, Zeitstempel: 0x4a5dfdf8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000222b2d
ID des fehlerhaften Prozesses: 0x658
Startzeit der fehlerhaften Anwendung: 0xPen_Tablet.exe0
Pfad der fehlerhaften Anwendung: Pen_Tablet.exe1
Pfad des fehlerhaften Moduls: Pen_Tablet.exe2
Berichtskennung: Pen_Tablet.exe3
Vollständiger Name des fehlerhaften Pakets: Pen_Tablet.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Pen_Tablet.exe5

Error: (11/19/2013 07:10:01 PM) (Source: TabletServicePen) (User: )
Description: Could not init tablet driver


System errors:
=============
Error: (11/19/2013 09:10:32 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 09:10:30 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 09:10:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 09:10:26 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 09:10:24 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 09:10:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 08:47:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 08:46:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 08:41:56 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (11/19/2013 08:41:54 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (11/19/2013 09:10:41 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/19/2013 08:42:06 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/19/2013 07:10:20 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/19/2013 07:10:17 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:13 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (11/19/2013 07:10:04 PM) (Source: Application Error)(User: )
Description: Pen_Tablet.exe5.2.0.64a5dfdf8Pen_Tablet.exe5.2.0.64a5dfdf8c00000050000000000222b2d65801cee55290893882C:\Windows\system32\Pen_Tablet.exeC:\Windows\system32\Pen_Tablet.execfcda32a-5145-11e3-bece-e811329a24ba

Error: (11/19/2013 07:10:01 PM) (Source: TabletServicePen)(User: )
Description: Could not init tablet driver


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 8104.28 MB
Available physical RAM: 6570.61 MB
Total Pagefile: 9320.29 MB
Available Pagefile: 7790.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:229.76 GB) (Free:69.97 GB) NTFS
Drive d: (Daten-Platte) (Fixed) (Total:343.24 GB) (Free:315.96 GB) NTFS
Drive i: (EOS_DIGITAL) (Removable) (Total:30.22 GB) (Free:21.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1F8D46A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=343 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 19.11.2013, 20:19   #15
M-K-D-B
/// TB-Ausbilder
 
"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Standard

"http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?



Servus,



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Task: {0BE78847-CD05-4050-AD34-FEFCCB9D8FC7} - \Plus-HD-2.6-firefoxinstaller No Task File
Task: {463D0060-2184-4BA8-9541-78482580BBBD} - \Plus-HD-2.6-enabler No Task File
Task: {988B0A96-71D3-41D7-B802-E12CD8FBA848} - \Plus-HD-2.6-updater No Task File
Task: {AD7EB1DE-828C-4ED7-95BA-D7CC288E4D26} - \Plus-HD-2.6-codedownloader No Task File
Task: {ADD9FFAF-275E-4A67-B784-5AA75CA83C32} - \Software Updater Ui No Task File
Task: {F0A15924-E05D-4C17-8ED1-B4E979E6128F} - \Software Updater No Task File
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Antwort

Themen zu "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?
abstürze, abstürzen, adresse, akamaihd virus browserabsturz system langsam, befallen, bereits, einiger, externe, externen, fenster, festplatte, festplatten, firefox, ignoriert, interne, internet, laptop, loswerden, platte, platten, programm, scan, start, super, unsicher, unterwegs, vermehrt



Ähnliche Themen: "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?


  1. Tab mit "http://rvzr-a.akamaihd.net" öffnen sich im Browser
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (49)
  2. http://rvzr-a.akamaihd.net/-Fenster
    Log-Analyse und Auswertung - 05.02.2014 (12)
  3. Windows 7 64 - Unerwünschte Popupwebseite http://rvzr-a.akamaihd.net/sd/....
    Log-Analyse und Auswertung - 24.01.2014 (1)
  4. Win 7: "PlusHD.8" & "rvzr-a-akamaihd.net" nerven - brauche Support beim Entfernen
    Log-Analyse und Auswertung - 24.01.2014 (17)
  5. Virus (http://rvzr-a.akamaihd.net)
    Log-Analyse und Auswertung - 15.01.2014 (14)
  6. "rvzr-a.akamaihd.net" entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (2)
  7. Ask Toobar lässt sich nicht deinstallieren + die Seite: "http://rvzr-a.akamaihd.net" öffnet sich ständig - Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (13)
  8. http://rvzr-a.akamaihd.net/-Fenster erscheint
    Log-Analyse und Auswertung - 25.11.2013 (24)
  9. Blue screen und http://rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (21)
  10. http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel
    Log-Analyse und Auswertung - 25.11.2013 (15)
  11. "rvzr-a.akamaihd.net" entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (4)
  12. Befall mit "PLUS-DH-2.3" und "rvzr-a.akamaihd.net"
    Log-Analyse und Auswertung - 23.11.2013 (9)
  13. http //rvzr-a.akamaihd.net auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.11.2013 (11)
  14. http://rvzr-a.akamaihd.net/ erscheint immer in Google Chrome
    Log-Analyse und Auswertung - 20.11.2013 (11)
  15. http://rvzr-a.akamaihd.net öffnet sich permanent
    Log-Analyse und Auswertung - 19.11.2013 (9)
  16. http://rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (10)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? - Hallo! Seit einiger Zeit kommt es bei mir vermehrt zu Abstürzen von Firefox und IE. Mein Laptop ist auch immer bereits beim Start ausgelastet. Anfangs habe ich es ignoriert, doch - "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun?...
Archiv
Du betrachtest: "http://rvzr-a.akamaihd.net"-Virus - Was soll ich tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.