| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2015, 10:39
| #16 |
 |  Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( Hier schon mal das vergessene FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
durchgeführt von Tina (Administrator) auf ADD-INN-BUHA (23-10-2015 09:01:07)
Gestartet von C:\Users\Tina\Desktop
Geladene Profile: Tina (Verfügbare Profile: Tina & MSSQLFDLauncher)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Sage Software) C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe
(Sage Software) C:\Program Files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [glitch_immunity] => C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe [238592 2015-09-15] ()
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-1451804703-4159516416-4063369182-1011\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-1451804703-4159516416-4063369182-1011\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [5628848 2012-12-19] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2013-10-29]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{793DC4C8-C7D8-441E-9944-5BA5D61A1031}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1451804703-4159516416-4063369182-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1451804703-4159516416-4063369182-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
SearchScopes: HKU\S-1-5-21-1451804703-4159516416-4063369182-1011 -> DefaultScope {2593F79E-67FA-4239-82BF-AA2091261133} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1451804703-4159516416-4063369182-1011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1451804703-4159516416-4063369182-1011 -> {2593F79E-67FA-4239-82BF-AA2091261133} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL [2011-09-17] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2014-12-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-12-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-22] (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF [2013-10-14] [ist nicht signiert]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 base_station; C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\baseline.exe [221022 2014-12-23] (Intel(R) Corporation) [Datei ist nicht signiert]
S2 charge_termination_method; C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\laplace_transform.exe [222026 2015-01-19] (Intel(R) Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218784 2014-07-23] (Microsoft Corporation)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [192160 2014-07-23] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [72497640 2012-10-20] (Microsoft Corporation)
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-20] (Microsoft Corporation)
R2 SageDeploymentService; C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe [428400 2013-07-09] (Sage Software) [Datei ist nicht signiert]
R2 SageMultiUserService40; C:\Program Files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe [256000 2014-10-02] (Sage Software) [Datei ist nicht signiert]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [137224 2011-09-20] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe [2594816 2011-10-30] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe [324016 2011-10-30] (Symantec Corporation)
S2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613024 2014-07-23] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20151005.011\BHDrvx64.sys [1650936 2015-08-14] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20151015.001\IDSvia64.sys [671448 2015-03-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20151015.016\ENG64.SYS [138488 2015-07-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20151015.016\EX64.SYS [2146040 2015-07-27] (Symantec Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS [678008 2011-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS [39032 2011-09-27] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [451192 2011-07-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [931448 2011-08-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [171128 2011-09-13] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [386168 2011-09-08] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-23 09:01 - 2015-10-23 09:04 - 00014351 _____ C:\Users\Tina\Desktop\FRST.txt
2015-10-23 09:00 - 2015-10-23 09:00 - 02196480 _____ (Farbar) C:\Users\Tina\Desktop\FRST64.exe
2015-10-23 08:59 - 2015-10-23 08:59 - 00000000 _____ C:\Windows\setuperr.log
2015-10-23 08:59 - 2015-10-23 08:59 - 00000000 _____ C:\Windows\setupact.log
2015-10-23 08:56 - 2015-10-23 09:03 - 00017183 _____ C:\Windows\WindowsUpdate.log
2015-10-22 10:40 - 2015-10-22 10:40 - 00000000 ____D C:\Users\Tina\AppData\Local\TeamViewer
2015-10-22 09:30 - 2015-10-22 09:30 - 00000708 _____ C:\Users\Tina\Desktop\JRT.txt
2015-10-22 09:24 - 2015-10-22 09:24 - 00000900 _____ C:\Users\Tina\Desktop\AdwCleaner[C1].txt
2015-10-22 09:18 - 2015-10-22 09:14 - 00002829 _____ C:\Users\Tina\Desktop\mbam (2).txt
2015-10-22 09:18 - 2015-10-22 09:10 - 00003352 _____ C:\Users\Tina\Desktop\mbam (1).txt
2015-10-22 08:28 - 2015-10-22 08:28 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-22 08:28 - 2015-10-22 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-10-22 08:28 - 2015-10-22 08:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-10-22 08:28 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-22 08:27 - 2015-10-22 08:27 - 01798976 _____ (Malwarebytes) C:\Users\Tina\Desktop\JRT.exe
2015-10-22 08:26 - 2015-10-22 08:28 - 22908888 _____ (Malwarebytes ) C:\Users\Tina\Desktop\mbam-setup-2.2.0.1024.exe
2015-10-22 08:26 - 2015-10-22 08:26 - 01691648 _____ C:\Users\Tina\Desktop\AdwCleaner_5.014.exe
2015-10-19 09:27 - 2015-10-19 09:27 - 00016441 _____ C:\ComboFix.txt
2015-10-19 08:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-19 08:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-19 08:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-19 08:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-19 08:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-19 08:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-19 08:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-19 08:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-19 08:45 - 2015-10-19 08:46 - 05636101 ____R (Swearware) C:\Users\Tina\Desktop\ComboFix.exe
2015-10-19 08:43 - 2015-10-19 09:27 - 00000000 ____D C:\Qoobox
2015-10-19 08:42 - 2015-10-19 09:24 - 00000000 ____D C:\Windows\erdnt
2015-10-15 14:27 - 2015-10-15 14:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-14 16:19 - 2015-10-14 16:19 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tina\Desktop\tdsskiller.exe
2015-10-14 12:41 - 2015-10-22 09:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 12:41 - 2015-10-14 16:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-14 12:40 - 2015-10-14 16:16 - 00000000 ____D C:\Users\Tina\Desktop\mbar
2015-10-14 12:40 - 2015-10-14 12:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Tina\Desktop\mbar-1.09.3.1001.exe
2015-10-14 12:40 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-12 13:59 - 2015-10-23 09:01 - 00000000 ____D C:\FRST
2015-10-08 10:11 - 2015-10-09 08:52 - 00000000 ____D C:\Users\Tina\Desktop\Löschupgrade
2015-10-08 09:30 - 2015-10-08 11:17 - 00000000 ____D C:\Users\Tina\Desktop\Lösch 6.1 Referenz
2015-10-08 09:23 - 2015-10-08 09:23 - 00000000 ____D C:\Users\Tina\Desktop\01
2015-10-07 15:00 - 2015-10-19 10:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-07 15:00 - 2015-10-07 15:00 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-10-23 08:54 - 2014-12-08 18:52 - 00000000 ____D C:\Users\Tina\Documents\Outlook-Dateien
2015-10-23 08:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-22 10:59 - 2015-09-17 11:23 - 00000000 ____D C:\Users\Tina\Desktop\add-inn mda
2015-10-22 10:58 - 2015-09-18 12:23 - 00000000 ____D C:\Users\Tina\Desktop\Neuer Ordner
2015-10-22 10:07 - 2009-07-14 06:45 - 00020288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-22 10:07 - 2009-07-14 06:45 - 00020288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-22 09:21 - 2015-04-21 11:41 - 00000000 ____D C:\AdwCleaner
2015-10-22 09:12 - 2010-11-21 09:00 - 00000000 ____D C:\Windows\ShellNew
2015-10-22 08:28 - 2014-03-20 17:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-19 09:34 - 2013-08-08 14:42 - 00000000 ____D C:\Users\Public\Documents\VR-NetWorld
2015-10-19 09:21 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-10-15 12:24 - 2015-07-20 10:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-12 14:19 - 2015-07-20 14:30 - 00000000 ____D C:\Users\Tina\AppData\Roaming\Notepad++
2015-10-12 14:19 - 2015-07-20 14:30 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-10-12 10:28 - 2015-02-19 10:30 - 00000000 ____D C:\Users\Tina\Desktop\Göggelsbuch
2015-10-08 13:11 - 2015-01-14 15:39 - 00000000 ____D C:\Users\Tina\Documents\SQL Server Management Studio
2015-10-08 10:29 - 2015-01-21 16:41 - 00000000 ____D C:\Users\Tina\AppData\Local\FreePDF_XP
2015-10-08 08:45 - 2012-12-27 18:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-07 15:01 - 2014-12-18 19:41 - 00000000 ____D C:\Users\Tina\AppData\Local\Adobe
2015-10-07 15:00 - 2012-12-28 10:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-07 15:00 - 2012-12-28 10:07 - 00000000 ____D C:\ProgramData\Adobe
2015-10-07 13:46 - 2014-12-08 18:37 - 00113088 _____ C:\Users\Tina\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-07 13:44 - 2009-07-14 06:45 - 00436912 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 09:50 - 2014-03-20 17:29 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-09-23 09:49 - 2015-02-02 13:49 - 00012036 _____ C:\Windows\system32\TeamViewer10_Hooks.log
2015-09-23 09:48 - 2015-02-02 13:48 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-03-17 15:47 - 2015-03-17 15:47 - 0012950 _____ () C:\Users\Tina\AppData\Roaming\Microsoft Excel 97-2003.CAL
2015-04-21 11:16 - 2015-04-21 11:46 - 0007605 _____ () C:\Users\Tina\AppData\Local\resmon.resmoncfg
Einige Dateien in TEMP:
====================
C:\Users\Tina\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-10-22 11:33
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
durchgeführt von Tina (2015-10-23 09:05:04)
Gestartet von C:\Users\Tina\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-12-27 16:44:19)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1451804703-4159516416-4063369182-500 - Administrator - Disabled)
Gast (S-1-5-21-1451804703-4159516416-4063369182-501 - Limited - Disabled)
Tina (S-1-5-21-1451804703-4159516416-4063369182-1011 - Administrator - Enabled) => C:\Users\Tina
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series Benutzerregistrierung (HKLM-x32\...\Canon MX510 series Benutzerregistrierung) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.6 - Gadwin Systems, Inc.)
GDR 3128 für SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3153 für SQL Server 2012 (KB2977326) (64-bit) (HKLM\...\KB2977326) (Version: 11.1.3153.0 - Microsoft Corporation)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2005-Abwärtskompatibilität (HKLM\...\{1A3B22D6-4932-4920-B7D3-7D17D36E9BA4}) (Version: 8.05.2309 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{023E8A2C-2169-473E-8F76-7C45D0D63F39}) (Version: 11.1.2816.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{FE022499-97DD-45C9-A86B-7D34EA4E3A8D}) (Version: 11.1.3153.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{D6737142-1A85-4299-8523-5F3A1636EBE7}) (Version: 11.1.3153.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{90E8C2E5-198C-4923-BC06-AF13E5FA964D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012-Richtlinien (HKLM-x32\...\{1D4E365F-F39C-48BA-A995-CAEDFDA29AD1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{18558FE7-A87A-4063-9732-95E9E1420828}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A282A232-780C-45E2-A5E5-9B61D74DCC6E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - DEU (HKLM-x32\...\{B28DC16A-5394-3761-B143-450AE92516BB}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 - DEU Language Pack (HKLM-x32\...\{38F74A0E-357B-336C-B614-FE59F4BC62A0}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 - DEU Language Pack (HKLM\...\{CEDCDF4E-1A8D-3E38-85C5-0437D689B6E5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 - DEU Language Pack (HKLM-x32\...\{96D7B7B6-424F-3A52-8E8D-32CF2615DBD2}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer für SQL Server 2012 (HKLM\...\{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.1.3000.0 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.203.0 - Tracker Software Products Ltd)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Sage Mehrbenutzerdienst 4.0 (HKLM-x32\...\{D015B5E9-8187-4FBC-A019-2C614E67CC10}) (Version: 4.0.7.1 - Sage Software GmbH)
Sage Office Line Evolution 2014 (HKLM-x32\...\{92591382-D0AA-4E2E-9469-6EE67901684E}) (Version: 6.2 - Sage Software GmbH)
Service Pack 1 für SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version: - )
SQL Server 2012 Analysis Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server-Browser für SQL Server 2012 (HKLM-x32\...\{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}) (Version: 11.1.3000.0 - Microsoft Corporation)
Symantec Endpoint Protection (HKLM\...\{5A21AEB1-7984-4B49-967C-9CC1A3379A5E}) (Version: 12.1.1000.157 - Symantec Corporation)
SysTools Outlook PST Viewer v4.0 version SysTools Outlook PST Viewer v4.0 (HKLM-x32\...\{6D4F8DDE-707B-468F-A4FA-502A2A5FC3CE}_is1) (Version: SysTools Outlook PST Viewer v4.0 - SysTools Software)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
19-10-2015 08:47:59 ComboFix created restore point
22-10-2015 09:26:49 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-10-19 09:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {709CF97E-1AA8-441C-8B6E-622BDBD59CA6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {888A8135-3D90-4582-B72F-87534490AC0E} - System32\Tasks\{587E1BA0-588E-4157-B058-74782774B3B0} => pcalua.exe -a C:\Users\Virpi\Downloads\VRNetWorldSW_50028(1).exe -d C:\Users\Virpi\Downloads
Task: {E687F70C-33C0-427E-A0F5-72B6A1A4B4B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-12-28 10:09 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-23 09:35 - 2015-09-15 14:35 - 00238592 _____ () C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1451804703-4159516416-4063369182-1011\Control Panel\Desktop\\Wallpaper -> C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3C66BFFD-A4AB-4D77-98EA-2EC31AD667B3}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
FirewallRules: [{3479FAF1-0C88-407A-971E-70CC41F4EFC1}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
FirewallRules: [{965ADF66-BF71-4F2A-A4F4-3E71F090A8EA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
FirewallRules: [{7561C62B-466E-4335-ABF8-2055D509BCCA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
FirewallRules: [{B0A6273F-5369-4DED-BC82-C992442F7F43}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{55E7E6FB-7D9A-44E3-B92D-49A3017E6796}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D6F1ADAD-395F-4EC9-A3B4-107D4687DC6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0E10DEC5-4DCE-4955-8CCB-3D60A9FD0194}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F55D8AD8-3877-493B-836C-39CD7B44BDED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28DAC6BC-B919-4FB8-8C90-8F27C877C4A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{98DFD6E1-3FCE-4822-BB43-C88C61935CD6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F98D106F-7CDA-4C0F-8C6E-449F0D29E751}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/23/2015 08:54:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2015 09:25:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2015 09:14:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2015 08:43:38 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Sicherheitsrisiko gefunden!Tracking Cookies in Datei: Cookie:tina@doubleclick.net/ von: Manuelle-Scan. Aktion: Löschen erfolgreich. Beschreibung der Aktion: Die Datei wurde erfolgreich gelöscht.
Error: (10/22/2015 08:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam-setup-2.2.0.1024.tmp, Version: 51.52.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: mbamsrv.dll, Version: 2.1.9.0, Zeitstempel: 0x5605e356
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00050294
ID des fehlerhaften Prozesses: 0x1488
Startzeit der fehlerhaften Anwendung: 0xmbam-setup-2.2.0.1024.tmp0
Pfad der fehlerhaften Anwendung: mbam-setup-2.2.0.1024.tmp1
Pfad des fehlerhaften Moduls: mbam-setup-2.2.0.1024.tmp2
Berichtskennung: mbam-setup-2.2.0.1024.tmp3
Error: (10/19/2015 09:35:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/19/2015 09:05:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PEV.exe, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Name des fehlerhaften Moduls: PEV.exe, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d1c0
ID des fehlerhaften Prozesses: 0xd58
Startzeit der fehlerhaften Anwendung: 0xPEV.exe0
Pfad der fehlerhaften Anwendung: PEV.exe1
Pfad des fehlerhaften Moduls: PEV.exe2
Berichtskennung: PEV.exe3
Error: (10/19/2015 08:39:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/16/2015 09:23:26 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Sicherheitsrisiko gefunden!Suspicious.Cloud.5 in Datei: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\ultimate_tensile_strength\dispersion.exe von: Auto-Protect-Scan. Aktion: Isolieren erfolgreich : Zugriff verweigert. Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert.
Error: (10/16/2015 09:22:26 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Sicherheitsrisiko gefunden!Suspicious.Cloud.5 in Datei: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\ink\bg-BG\thermal_management\eia_485.exe von: Auto-Protect-Scan. Aktion: Isolieren erfolgreich : Zugriff verweigert. Beschreibung der Aktion: Die Datei wurde erfolgreich isoliert.
Systemfehler:
=============
Error: (10/23/2015 08:54:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SQL Server-Agent (MSSQLSERVER)" ist vom Dienst "SQL Server (MSSQLSERVER)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1069
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SQL Server Reporting Services (MSSQLSERVER)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "ReportServer" konnte sich nicht als ".\Virpi" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SQL Server Analysis Services (MSSQLSERVER)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "MSSQLServerOLAPService" konnte sich nicht als ".\Virpi" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SQL Server (MSSQLSERVER)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "MSSQLSERVER" konnte sich nicht als ".\Virpi" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SQL Server Integration Services 11.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (10/23/2015 08:54:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "MsDtsServer110" konnte sich nicht als ".\Virpi" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (10/23/2015 08:54:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst internal_temperature erreicht.
CodeIntegrity:
===================================
Date: 2015-10-19 09:17:04.183
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-10-19 09:17:04.116
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Prozentuale Nutzung des RAM: 90%
Installierter physikalischer RAM: 4086.11 MB
Verfügbarer physikalischer RAM: 388.31 MB
Summe virtueller Speicher: 8170.41 MB
Verfügbarer virtueller Speicher: 3815.1 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:87.79 GB) (Free:23.44 GB) NTFS
Drive d: () (Fixed) (Total:142.99 GB) (Free:72.32 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7AB852FC)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=87.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1264eddc1676fd45a5aa7d222d0be76e
# end=init
# utc_time=2015-10-23 07:23:01
# local_time=2015-10-23 09:23:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26372
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=1264eddc1676fd45a5aa7d222d0be76e
# end=updated
# utc_time=2015-10-23 07:26:00
# local_time=2015-10-23 09:26:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=1264eddc1676fd45a5aa7d222d0be76e
# engine=26372
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-23 09:15:41
# local_time=2015-10-23 11:15:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Symantec Endpoint Protection'
# compatibility_mode=3601 16777213 100 89 88964155 154165405 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776638 100 94 72065562 197221591 0 0
# scanned=162283
# found=39
# cleaned=0
# scan_time=6580
sh=8C4FD34D7EAC56D12345E36F01A1B9FF80F90E62 ft=1 fh=5344f1e07a977142 vn="Variante von Win32/Kryptik.EBEY Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe"
sh=637DC5800846A13D26CD7DC9E1D227E986625166 ft=1 fh=380daf52eccff986 vn="Variante von Win32/Kryptik.EBCL Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\thermal_management\charge_pump.exe"
sh=A14372374ED09C364DE72C91A775A9E8C9824290 ft=1 fh=ba5623e797c5f464 vn="Variante von Win32/Kryptik.DZEB Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\dc_dc_converter\heat_sink.exe"
sh=B638E649DF4D0187B3EBA5FABF67545239F807B0 ft=1 fh=c71c0011dd551d20 vn="Variante von Win32/Kryptik.EBCL Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\laser_diode_driver\electromagnetic_radiation.exe"
sh=B638E649DF4D0187B3EBA5FABF67545239F807B0 ft=1 fh=c71c0011dd551d20 vn="Variante von Win32/Kryptik.EBCL Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\coherent_sampling\vacuum.exe"
sh=603AEE95C38B9D1405D0831DDDBADC207387C3BA ft=1 fh=9ac3e1a0f0d25e83 vn="Variante von Win32/Kryptik.DZIS Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\tin_whiskers.exe"
sh=0F74A33D613558FD01127CD931CEEBA5A556CCEF ft=1 fh=1a2d92f153ada6a6 vn="Variante von Win32/Kryptik.DZIS Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\viscoelasticity.exe"
sh=637DC5800846A13D26CD7DC9E1D227E986625166 ft=1 fh=380daf52eccff986 vn="Variante von Win32/Kryptik.EBCL Trojaner" ac=I fn="C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ultimate_tensile_strength\controller_area_network.exe"
sh=50ACEA3A4D7D4CD92EC9D5193E56854FA6E1E6C3 ft=1 fh=e03b8b94cce3218e vn="Variante von Win32/Kryptik.DZUU Trojaner" ac=I fn="C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp"
sh=50ACEA3A4D7D4CD92EC9D5193E56854FA6E1E6C3 ft=1 fh=e03b8b94cce3218e vn="Variante von Win32/Kryptik.DZUU Trojaner" ac=I fn="C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp"
sh=06E8CA9AC07865F47374B731A35FE9305A9AD175 ft=1 fh=872818138429cf70 vn="Variante von Win32/Injector.CJZR Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0000\file0000\tsk0000.dta"
sh=73663111F9B93BE0BDB6B67B4C3BA5ED604E56A1 ft=1 fh=d4f30de08ad7715b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0001\file0000\tsk0000.dta"
sh=0C4F4DB2E76FC444F926A3F18DA5F958F0A24572 ft=1 fh=49f11aab98c013d5 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0002\file0000\tsk0000.dta"
sh=7189373894A308CB43F5A72A306E552E8B65181A ft=1 fh=098e6507f0bf2515 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0003\file0000\tsk0000.dta"
sh=06E8CA9AC07865F47374B731A35FE9305A9AD175 ft=1 fh=872818138429cf70 vn="Variante von Win32/Injector.CJZR Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0004\file0000\tsk0000.dta"
sh=0C4F4DB2E76FC444F926A3F18DA5F958F0A24572 ft=1 fh=49f11aab98c013d5 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0005\file0000\tsk0000.dta"
sh=7189373894A308CB43F5A72A306E552E8B65181A ft=1 fh=098e6507f0bf2515 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0006\file0000\tsk0000.dta"
sh=73663111F9B93BE0BDB6B67B4C3BA5ED604E56A1 ft=1 fh=d4f30de08ad7715b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.24.40\zbot0007\file0000\tsk0000.dta"
sh=06E8CA9AC07865F47374B731A35FE9305A9AD175 ft=1 fh=872818138429cf70 vn="Variante von Win32/Injector.CJZR Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0000\file0000\tsk0000.dta"
sh=73663111F9B93BE0BDB6B67B4C3BA5ED604E56A1 ft=1 fh=d4f30de08ad7715b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0001\file0000\tsk0000.dta"
sh=0C4F4DB2E76FC444F926A3F18DA5F958F0A24572 ft=1 fh=49f11aab98c013d5 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0002\file0000\tsk0000.dta"
sh=7189373894A308CB43F5A72A306E552E8B65181A ft=1 fh=098e6507f0bf2515 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0003\file0000\tsk0000.dta"
sh=06E8CA9AC07865F47374B731A35FE9305A9AD175 ft=1 fh=872818138429cf70 vn="Variante von Win32/Injector.CJZR Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0004\file0000\tsk0000.dta"
sh=0C4F4DB2E76FC444F926A3F18DA5F958F0A24572 ft=1 fh=49f11aab98c013d5 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0005\file0000\tsk0000.dta"
sh=7189373894A308CB43F5A72A306E552E8B65181A ft=1 fh=098e6507f0bf2515 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0006\file0000\tsk0000.dta"
sh=73663111F9B93BE0BDB6B67B4C3BA5ED604E56A1 ft=1 fh=d4f30de08ad7715b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.27.16\zbot0007\file0000\tsk0000.dta"
sh=06E8CA9AC07865F47374B731A35FE9305A9AD175 ft=1 fh=872818138429cf70 vn="Variante von Win32/Injector.CJZR Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0000\file0000\tsk0000.dta"
sh=73663111F9B93BE0BDB6B67B4C3BA5ED604E56A1 ft=1 fh=d4f30de08ad7715b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0001\file0000\tsk0000.dta"
sh=0C4F4DB2E76FC444F926A3F18DA5F958F0A24572 ft=1 fh=49f11aab98c013d5 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0002\file0000\tsk0000.dta"
sh=7189373894A308CB43F5A72A306E552E8B65181A ft=1 fh=098e6507f0bf2515 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0003\file0000\tsk0000.dta"
sh=06E8CA9AC07865F47374B731A35FE9305A9AD175 ft=1 fh=872818138429cf70 vn="Variante von Win32/Injector.CJZR Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0004\file0000\tsk0000.dta"
sh=0C4F4DB2E76FC444F926A3F18DA5F958F0A24572 ft=1 fh=49f11aab98c013d5 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0005\file0000\tsk0000.dta"
sh=7189373894A308CB43F5A72A306E552E8B65181A ft=1 fh=098e6507f0bf2515 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0006\file0000\tsk0000.dta"
sh=73663111F9B93BE0BDB6B67B4C3BA5ED604E56A1 ft=1 fh=d4f30de08ad7715b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\15.10.2015_14.29.44\zbot0007\file0000\tsk0000.dta"
sh=50ACEA3A4D7D4CD92EC9D5193E56854FA6E1E6C3 ft=1 fh=e03b8b94cce3218e vn="Variante von Win32/Kryptik.DZUU Trojaner" ac=I fn="C:\Users\All Users\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp"
sh=50ACEA3A4D7D4CD92EC9D5193E56854FA6E1E6C3 ft=1 fh=e03b8b94cce3218e vn="Variante von Win32/Kryptik.DZUU Trojaner" ac=I fn="C:\Users\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp"
sh=DEBC29B203560DCDD68C49BD807DEF191CB7E9A7 ft=1 fh=79436a0674c526eb vn="Variante von Win32/Kryptik.DZIS Trojaner" ac=I fn="C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\baseline.exe"
sh=E433A0F9587075E4D58C2BE81DCF1DE2CB9789E3 ft=1 fh=47b0ced0bed95964 vn="Variante von Win32/Kryptik.DZEB Trojaner" ac=I fn="C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\laplace_transform.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Kryptik.EBEY Trojaner" ac=I fn="${Memory}"
Code:
ATTFilter Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.239 Flash Player out of Date!
Mozilla Firefox 32.0.3 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
-Symantec bringt mir nun keine Meldungen mehr, der PC ist zwar noch ein bissl langsam aber ich denke die eigentlichen Probleme wurden nun behoben...I hope so |
|
24.10.2015, 09:35
| #17 |
| /// the machine /// TB-Ausbilder    | Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( Flash und Firefox updaten.
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\thermal_management\charge_pump.exe
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\dc_dc_converter\heat_sink.exe
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\laser_diode_driver\electromagnetic_radiation.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\coherent_sampling\vacuum.exe
C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\tin_whiskers.exe
C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\viscoelasticity.exe
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ultimate_tensile_strength\controller_area_network.exe
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp
C:\Users\All Users\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp
C:\Users\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\baseline.exe
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\laplace_transform.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Jetzt bitte zur Kontrolle nochmal einen neuen Scan mit TDSSKiller machen.
__________________ |
|
28.10.2015, 10:44
| #18 |
| | Fixlog.txtCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
durchgeführt von Tina (2015-10-28 10:35:55) Run:1
Gestartet von C:\Users\Tina\Desktop
Geladene Profile: Tina (Verfügbare Profile: Tina & MSSQLFDLauncher)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\thermal_management\charge_pump.exe
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\dc_dc_converter\heat_sink.exe
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\laser_diode_driver\electromagnetic_radiation.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\coherent_sampling\vacuum.exe
C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\tin_whiskers.exe
C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\viscoelasticity.exe
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ultimate_tensile_strength\controller_area_network.exe
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp
C:\Users\All Users\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp
C:\Users\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\baseline.exe
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\laplace_transform.exe
Emptytemp:
*****************
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\min_los_sens\amp_hour.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\thermal_management\charge_pump.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\dc_dc_converter\heat_sink.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\laser_diode_driver\electromagnetic_radiation.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\coherent_sampling\vacuum.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\tin_whiskers.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\VC\murphys_law\viscoelasticity.exe => erfolgreich verschoben
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ultimate_tensile_strength\controller_area_network.exe => erfolgreich verschoben
C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp => erfolgreich verschoben
"C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp" => nicht gefunden.
"C:\Users\All Users\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\CmnClnt\00013524.tmp" => nicht gefunden.
"C:\Users\All Users\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\00013524.tmp" => nicht gefunden.
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\baseline.exe => erfolgreich verschoben
C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\linear_fan_control\laplace_transform.exe => erfolgreich verschoben
EmptyTemp: => 93.7 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 10:36:03 ====
|
|
28.10.2015, 20:28
| #19 |
| /// the machine /// TB-Ausbilder | Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( Der neue Scan mit TDSSKILLER? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.10.2015, 08:37
| #20 |
| | Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( Moin moin, sorry den hab ich vergessen zu posten, aber alles tutti so wie es aussieht, aber hier nochmal der Report von TDSSKILLER: Code:
ATTFilter BlocksNum 0x32000 08:34:08.0427 0x1364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x436000, BlocksNum 0xAF96000 08:34:08.0427 0x1364 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB3CC000, BlocksNum 0x11DF9000 08:34:08.0427 0x1364 ============================================================ 08:34:08.0596 0x1364 C: <-> \Device\Harddisk0\DR0\Partition2 08:34:08.0740 0x1364 D: <-> \Device\Harddisk0\DR0\Partition3 08:34:08.0740 0x1364 ============================================================ 08:34:08.0740 0x1364 Initialize success 08:34:08.0740 0x1364 ============================================================ 08:34:11.0112 0x0804 ============================================================ 08:34:11.0112 0x0804 Scan started 08:34:11.0112 0x0804 Mode: Manual; 08:34:11.0112 0x0804 ============================================================ 08:34:11.0112 0x0804 KSN ping started 08:34:13.0634 0x0804 KSN ping finished: true 08:34:15.0431 0x0804 ================ Scan system memory ======================== 08:34:15.0431 0x0804 System memory - ok 08:34:15.0432 0x0804 ================ Scan services ============================= 08:34:15.0858 0x0804 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 08:34:15.0888 0x0804 1394ohci - ok 08:34:16.0011 0x0804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 08:34:16.0044 0x0804 ACPI - ok 08:34:16.0070 0x0804 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 08:34:16.0081 0x0804 AcpiPmi - ok 08:34:16.0443 0x0804 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:34:16.0456 0x0804 AdobeARMservice - ok 08:34:16.0575 0x0804 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 08:34:16.0602 0x0804 adp94xx - ok 08:34:16.0645 0x0804 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 08:34:16.0662 0x0804 adpahci - ok 08:34:16.0687 0x0804 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 08:34:16.0706 0x0804 adpu320 - ok 08:34:16.0734 0x0804 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 08:34:16.0736 0x0804 AeLookupSvc - ok 08:34:16.0797 0x0804 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 08:34:16.0811 0x0804 AFD - ok 08:34:16.0844 0x0804 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 08:34:16.0847 0x0804 agp440 - ok 08:34:16.0866 0x0804 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 08:34:16.0873 0x0804 ALG - ok 08:34:16.0971 0x0804 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 08:34:17.0338 0x0804 aliide - ok 08:34:17.0395 0x0804 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 08:34:17.0411 0x0804 amdide - ok 08:34:17.0499 0x0804 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 08:34:17.0514 0x0804 AmdK8 - ok 08:34:17.0533 0x0804 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 08:34:17.0542 0x0804 AmdPPM - ok 08:34:17.0607 0x0804 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 08:34:17.0620 0x0804 amdsata - ok 08:34:17.0698 0x0804 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 08:34:17.0706 0x0804 amdsbs - ok 08:34:17.0757 0x0804 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 08:34:17.0773 0x0804 amdxata - ok 08:34:17.0836 0x0804 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 08:34:17.0852 0x0804 AppID - ok 08:34:17.0937 0x0804 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 08:34:17.0953 0x0804 AppIDSvc - ok 08:34:18.0048 0x0804 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 08:34:18.0075 0x0804 Appinfo - ok 08:34:18.0261 0x0804 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 08:34:18.0278 0x0804 AppMgmt - ok 08:34:18.0397 0x0804 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 08:34:18.0426 0x0804 arc - ok 08:34:18.0556 0x0804 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 08:34:18.0586 0x0804 arcsas - ok 08:34:19.0750 0x0804 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:34:19.0759 0x0804 aspnet_state - ok 08:34:19.0851 0x0804 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 08:34:19.0862 0x0804 AsyncMac - ok 08:34:19.0923 0x0804 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 08:34:19.0925 0x0804 atapi - ok 08:34:20.0228 0x0804 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 08:34:20.0262 0x0804 AudioEndpointBuilder - ok 08:34:20.0425 0x0804 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 08:34:20.0450 0x0804 AudioSrv - ok 08:34:20.0577 0x0804 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 08:34:20.0590 0x0804 AxInstSV - ok 08:34:20.0748 0x0804 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 08:34:20.0773 0x0804 b06bdrv - ok 08:34:20.0912 0x0804 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 08:34:20.0921 0x0804 b57nd60a - ok 08:34:21.0196 0x0804 base_station - ok 08:34:21.0286 0x0804 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 08:34:21.0302 0x0804 BDESVC - ok 08:34:21.0387 0x0804 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 08:34:21.0404 0x0804 Beep - ok 08:34:21.0700 0x0804 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 08:34:21.0760 0x0804 BFE - ok 08:34:22.0546 0x0804 [ 3E2882C7D02E34D5528BDDECD8CEF930, 39AEB34BD5BFD0BE6C8D0E37D5D5912B76B87A442C2AD91AC3E5F709D73C809C ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20151015.011\BHDrvx64.sys 08:34:22.0613 0x0804 BHDrvx64 - ok 08:34:22.0864 0x0804 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll 08:34:22.0921 0x0804 BITS - ok 08:34:22.0963 0x0804 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 08:34:22.0981 0x0804 blbdrive - ok 08:34:23.0035 0x0804 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 08:34:23.0051 0x0804 bowser - ok 08:34:23.0116 0x0804 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 08:34:23.0129 0x0804 BrFiltLo - ok 08:34:23.0168 0x0804 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 08:34:23.0180 0x0804 BrFiltUp - ok 08:34:23.0225 0x0804 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 08:34:23.0240 0x0804 BridgeMP - ok 08:34:23.0323 0x0804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 08:34:23.0329 0x0804 Browser - ok 08:34:23.0398 0x0804 [ 63A00CDBEB300522C49EC7CA77324060, 99CB6D37C7D898982A192AAA8DE5CE255E6FA482E19FE9032BAA7069E652F6F5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys 08:34:23.0411 0x0804 BrSerIb - ok 08:34:23.0532 0x0804 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 08:34:23.0551 0x0804 Brserid - ok 08:34:23.0593 0x0804 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 08:34:23.0609 0x0804 BrSerWdm - ok 08:34:23.0676 0x0804 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 08:34:23.0687 0x0804 BrUsbMdm - ok 08:34:23.0711 0x0804 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 08:34:23.0727 0x0804 BrUsbSer - ok 08:34:23.0764 0x0804 [ BBCFD6C6EF66449F55AF1BFDB08C9B12, D6D5D408FCFFF9ED69D095948E786C08EEECD5F55905A3D8FE2BB08944C5E1F2 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys 08:34:23.0778 0x0804 BrUsbSIb - ok 08:34:23.0812 0x0804 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 08:34:23.0828 0x0804 BTHMODEM - ok 08:34:23.0880 0x0804 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 08:34:23.0893 0x0804 bthserv - ok 08:34:23.0985 0x0804 catchme - ok 08:34:24.0068 0x0804 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 08:34:24.0082 0x0804 cdfs - ok 08:34:24.0169 0x0804 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 08:34:24.0203 0x0804 cdrom - ok 08:34:24.0319 0x0804 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 08:34:24.0331 0x0804 CertPropSvc - ok 08:34:24.0400 0x0804 charge_termination_method - ok 08:34:24.0483 0x0804 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 08:34:24.0493 0x0804 circlass - ok 08:34:24.0598 0x0804 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 08:34:24.0617 0x0804 CLFS - ok 08:34:24.0926 0x0804 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:34:24.0955 0x0804 clr_optimization_v2.0.50727_32 - ok 08:34:25.0154 0x0804 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:34:25.0182 0x0804 clr_optimization_v2.0.50727_64 - ok 08:34:25.0786 0x0804 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:34:25.0804 0x0804 clr_optimization_v4.0.30319_32 - ok 08:34:25.0855 0x0804 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:34:25.0872 0x0804 clr_optimization_v4.0.30319_64 - ok 08:34:25.0916 0x0804 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 08:34:25.0953 0x0804 CmBatt - ok 08:34:25.0995 0x0804 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 08:34:26.0412 0x0804 cmdide - ok 08:34:26.0491 0x0804 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 08:34:26.0514 0x0804 CNG - ok 08:34:26.0533 0x0804 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 08:34:26.0535 0x0804 Compbatt - ok 08:34:26.0570 0x0804 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 08:34:26.0581 0x0804 CompositeBus - ok 08:34:26.0593 0x0804 COMSysApp - ok 08:34:26.0612 0x0804 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 08:34:26.0614 0x0804 crcdisk - ok 08:34:26.0708 0x0804 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 08:34:26.0720 0x0804 CryptSvc - ok 08:34:26.0800 0x0804 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 08:34:26.0826 0x0804 CSC - ok 08:34:26.0886 0x0804 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 08:34:26.0903 0x0804 CscService - ok 08:34:27.0033 0x0804 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 08:34:27.0049 0x0804 DcomLaunch - ok 08:34:27.0091 0x0804 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 08:34:27.0104 0x0804 defragsvc - ok 08:34:27.0157 0x0804 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 08:34:27.0162 0x0804 DfsC - ok 08:34:27.0232 0x0804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 08:34:27.0240 0x0804 Dhcp - ok 08:34:27.0268 0x0804 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 08:34:27.0283 0x0804 discache - ok 08:34:27.0362 0x0804 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 08:34:27.0367 0x0804 Disk - ok 08:34:27.0423 0x0804 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 08:34:27.0434 0x0804 dmvsc - ok 08:34:27.0478 0x0804 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 08:34:27.0482 0x0804 Dnscache - ok 08:34:27.0550 0x0804 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 08:34:27.0566 0x0804 dot3svc - ok 08:34:27.0581 0x0804 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 08:34:27.0596 0x0804 DPS - ok 08:34:27.0689 0x0804 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 08:34:27.0700 0x0804 drmkaud - ok 08:34:27.0921 0x0804 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 08:34:27.0956 0x0804 DXGKrnl - ok 08:34:27.0993 0x0804 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 08:34:28.0009 0x0804 EapHost - ok 08:34:28.0676 0x0804 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 08:34:28.0842 0x0804 ebdrv - ok 08:34:29.0105 0x0804 [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 08:34:29.0128 0x0804 eeCtrl - ok 08:34:29.0196 0x0804 [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] EFS C:\Windows\System32\lsass.exe 08:34:29.0220 0x0804 EFS - ok 08:34:29.0533 0x0804 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 08:34:29.0581 0x0804 ehRecvr - ok 08:34:29.0604 0x0804 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 08:34:29.0609 0x0804 ehSched - ok 08:34:29.0809 0x0804 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 08:34:29.0852 0x0804 elxstor - ok 08:34:29.0958 0x0804 [ 8400C9E33B68C556BF63AEF490EB145C, A840DF1A27C935DD427E53C5D2FFFE79E612D0B4074CE26AA992DA62D4925806 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 08:34:29.0979 0x0804 EraserUtilRebootDrv - ok 08:34:29.0996 0x0804 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 08:34:29.0999 0x0804 ErrDev - ok 08:34:30.0141 0x0804 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 08:34:30.0187 0x0804 EventSystem - ok 08:34:30.0268 0x0804 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 08:34:30.0290 0x0804 exfat - ok 08:34:30.0359 0x0804 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 08:34:30.0392 0x0804 fastfat - ok 08:34:30.0641 0x0804 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 08:34:30.0696 0x0804 Fax - ok 08:34:30.0780 0x0804 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 08:34:30.0806 0x0804 fdc - ok 08:34:30.0884 0x0804 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 08:34:30.0885 0x0804 fdPHost - ok 08:34:30.0953 0x0804 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 08:34:30.0956 0x0804 FDResPub - ok 08:34:30.0998 0x0804 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 08:34:31.0024 0x0804 FileInfo - ok 08:34:31.0068 0x0804 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 08:34:31.0074 0x0804 Filetrace - ok 08:34:31.0085 0x0804 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 08:34:31.0094 0x0804 flpydisk - ok 08:34:31.0167 0x0804 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 08:34:31.0186 0x0804 FltMgr - ok 08:34:31.0391 0x0804 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 08:34:31.0446 0x0804 FontCache - ok 08:34:31.0574 0x0804 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:34:31.0581 0x0804 FontCache3.0.0.0 - ok 08:34:31.0603 0x0804 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 08:34:31.0607 0x0804 FsDepends - ok 08:34:31.0654 0x0804 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 08:34:31.0660 0x0804 Fs_Rec - ok 08:34:31.0755 0x0804 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 08:34:31.0779 0x0804 fvevol - ok 08:34:31.0809 0x0804 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 08:34:31.0824 0x0804 gagp30kx - ok 08:34:32.0012 0x0804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 08:34:32.0040 0x0804 gpsvc - ok 08:34:32.0088 0x0804 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 08:34:32.0100 0x0804 hcw85cir - ok 08:34:32.0252 0x0804 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 08:34:32.0273 0x0804 HdAudAddService - ok 08:34:32.0356 0x0804 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 08:34:32.0369 0x0804 HDAudBus - ok 08:34:32.0391 0x0804 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 08:34:32.0406 0x0804 HidBatt - ok 08:34:32.0431 0x0804 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 08:34:32.0441 0x0804 HidBth - ok 08:34:32.0459 0x0804 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 08:34:32.0468 0x0804 HidIr - ok 08:34:32.0499 0x0804 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 08:34:32.0513 0x0804 hidserv - ok 08:34:32.0583 0x0804 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 08:34:32.0601 0x0804 HidUsb - ok 08:34:32.0643 0x0804 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 08:34:32.0651 0x0804 hkmsvc - ok 08:34:32.0716 0x0804 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 08:34:32.0729 0x0804 HomeGroupListener - ok 08:34:32.0779 0x0804 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 08:34:32.0790 0x0804 HomeGroupProvider - ok 08:34:32.0828 0x0804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 08:34:32.0864 0x0804 HpSAMD - ok 08:34:33.0025 0x0804 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 08:34:33.0075 0x0804 HTTP - ok 08:34:33.0110 0x0804 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 08:34:33.0114 0x0804 hwpolicy - ok 08:34:33.0148 0x0804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 08:34:33.0154 0x0804 i8042prt - ok 08:34:33.0218 0x0804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 08:34:33.0234 0x0804 iaStorV - ok 08:34:33.0385 0x0804 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:34:33.0458 0x0804 idsvc - ok 08:34:33.0716 0x0804 [ 4A2CAA578E0A829A15CD76CEC66A1E41, 4F01D251EC8EE2AC99C7540C8D4636EFF89B3F72EDE26412EE741E01EE3B8E02 ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20151022.001\IDSvia64.sys 08:34:33.0748 0x0804 IDSVia64 - ok 08:34:33.0877 0x0804 IEEtwCollectorService - ok 08:34:34.0864 0x0804 [ 24CC43ECDEEFD4C19FBBEE4951B647F1, 416799965E6602F8F03E2A92E8BB42B1D5643C65EF09815FC5A56A2FA73E6773 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 08:34:35.0104 0x0804 igfx - ok 08:34:35.0168 0x0804 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 08:34:35.0180 0x0804 iirsp - ok 08:34:35.0304 0x0804 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 08:34:35.0351 0x0804 IKEEXT - ok 08:34:35.0387 0x0804 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 08:34:35.0394 0x0804 intelide - ok 08:34:35.0433 0x0804 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 08:34:35.0434 0x0804 intelppm - ok 08:34:35.0465 0x0804 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 08:34:35.0469 0x0804 IPBusEnum - ok 08:34:35.0489 0x0804 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:34:35.0495 0x0804 IpFilterDriver - ok 08:34:35.0544 0x0804 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 08:34:35.0575 0x0804 iphlpsvc - ok 08:34:35.0598 0x0804 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 08:34:35.0601 0x0804 IPMIDRV - ok 08:34:35.0635 0x0804 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 08:34:35.0640 0x0804 IPNAT - ok 08:34:35.0658 0x0804 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 08:34:35.0659 0x0804 IRENUM - ok 08:34:35.0675 0x0804 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 08:34:35.0677 0x0804 isapnp - ok 08:34:35.0716 0x0804 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 08:34:35.0733 0x0804 iScsiPrt - ok 08:34:35.0758 0x0804 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 08:34:35.0760 0x0804 kbdclass - ok 08:34:35.0781 0x0804 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 08:34:35.0782 0x0804 kbdhid - ok 08:34:35.0793 0x0804 [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] KeyIso C:\Windows\system32\lsass.exe 08:34:35.0795 0x0804 KeyIso - ok 08:34:35.0842 0x0804 [ 063C09DB965E3DFD6F4F08416F6DB8F5, 0BE015C59288397536B3941BA55EFE0CF06714BC43FF3A33A1D844B4E0F16097 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 08:34:35.0846 0x0804 KSecDD - ok 08:34:35.0864 0x0804 [ 1FA627E63195BF3BF636BFEF0D7190D4, 794456605303F4916E81BE899E0B05CB070094E719ADA8BE8072A761E35CA8E9 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 08:34:35.0870 0x0804 KSecPkg - ok 08:34:35.0893 0x0804 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 08:34:35.0895 0x0804 ksthunk - ok 08:34:35.0921 0x0804 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 08:34:35.0938 0x0804 KtmRm - ok 08:34:36.0043 0x0804 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 08:34:36.0058 0x0804 LanmanServer - ok 08:34:36.0141 0x0804 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 08:34:36.0156 0x0804 LanmanWorkstation - ok 08:34:36.0201 0x0804 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 08:34:36.0212 0x0804 lltdio - ok 08:34:36.0286 0x0804 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 08:34:36.0316 0x0804 lltdsvc - ok 08:34:36.0392 0x0804 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 08:34:36.0409 0x0804 lmhosts - ok 08:34:36.0455 0x0804 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 08:34:36.0471 0x0804 LSI_FC - ok 08:34:36.0525 0x0804 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 08:34:36.0542 0x0804 LSI_SAS - ok 08:34:36.0566 0x0804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 08:34:36.0575 0x0804 LSI_SAS2 - ok 08:34:36.0663 0x0804 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 08:34:36.0678 0x0804 LSI_SCSI - ok 08:34:36.0719 0x0804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 08:34:36.0733 0x0804 luafv - ok 08:34:36.0821 0x0804 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 08:34:36.0834 0x0804 MBAMProtector - ok 08:34:37.0179 0x0804 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 08:34:37.0249 0x0804 MBAMService - ok 08:34:37.0292 0x0804 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 08:34:37.0322 0x0804 MBAMWebAccessControl - ok 08:34:37.0365 0x0804 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 08:34:37.0414 0x0804 Mcx2Svc - ok 08:34:37.0466 0x0804 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 08:34:37.0479 0x0804 megasas - ok 08:34:37.0547 0x0804 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 08:34:37.0583 0x0804 MegaSR - ok 08:34:37.0959 0x0804 Microsoft SharePoint Workspace Audit Service - ok 08:34:38.0037 0x0804 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 08:34:38.0052 0x0804 MMCSS - ok 08:34:38.0072 0x0804 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 08:34:38.0084 0x0804 Modem - ok 08:34:38.0164 0x0804 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 08:34:38.0166 0x0804 monitor - ok 08:34:38.0199 0x0804 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 08:34:38.0209 0x0804 mouclass - ok 08:34:38.0267 0x0804 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 08:34:38.0281 0x0804 mouhid - ok 08:34:38.0327 0x0804 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 08:34:38.0339 0x0804 mountmgr - ok 08:34:38.0509 0x0804 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 08:34:38.0519 0x0804 MozillaMaintenance - ok 08:34:38.0585 0x0804 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 08:34:38.0594 0x0804 mpio - ok 08:34:38.0616 0x0804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 08:34:38.0625 0x0804 mpsdrv - ok 08:34:38.0855 0x0804 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 08:34:38.0893 0x0804 MpsSvc - ok 08:34:38.0998 0x0804 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 08:34:39.0014 0x0804 MRxDAV - ok 08:34:39.0093 0x0804 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 08:34:39.0110 0x0804 mrxsmb - ok 08:34:39.0194 0x0804 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:34:39.0214 0x0804 mrxsmb10 - ok 08:34:39.0267 0x0804 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:34:39.0277 0x0804 mrxsmb20 - ok 08:34:39.0319 0x0804 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 08:34:39.0331 0x0804 msahci - ok 08:34:39.0388 0x0804 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 08:34:39.0397 0x0804 msdsm - ok 08:34:39.0449 0x0804 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 08:34:39.0457 0x0804 MSDTC - ok 08:34:39.0868 0x0804 [ 3DE4F1440DE21DC7DECEE9B1F1AC35D8, F4D75C1D84CF27DF421E144F2733EA20BD4F1415B43C379D6D73EBB3BA8CE037 ] MsDtsServer110 C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe 08:34:39.0883 0x0804 MsDtsServer110 - ok 08:34:39.0919 0x0804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 08:34:39.0926 0x0804 Msfs - ok 08:34:39.0936 0x0804 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 08:34:39.0943 0x0804 mshidkmdf - ok 08:34:39.0956 0x0804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 08:34:39.0958 0x0804 msisadrv - ok 08:34:39.0985 0x0804 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 08:34:39.0990 0x0804 MSiSCSI - ok 08:34:39.0996 0x0804 msiserver - ok 08:34:40.0017 0x0804 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 08:34:40.0018 0x0804 MSKSSRV - ok 08:34:40.0042 0x0804 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 08:34:40.0043 0x0804 MSPCLOCK - ok 08:34:40.0051 0x0804 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 08:34:40.0053 0x0804 MSPQM - ok 08:34:40.0074 0x0804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 08:34:40.0086 0x0804 MsRPC - ok 08:34:40.0198 0x0804 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 08:34:40.0199 0x0804 mssmbios - ok 08:34:40.0388 0x0804 [ F4991C8C070C86082E6F0597F73E02D0, C39F47D2D4525BB4950827F1EDB92CCF5067267AA1AAEF7137E45482C1436D97 ] MSSQLFDLauncher C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe 08:34:40.0393 0x0804 MSSQLFDLauncher - ok 08:34:40.0609 0x0804 [ 64D793C35644E12FA72A679069F85668, 071E9A8863E7ADFD81678CC84AB9053B13D999920C4A8282C3E28A5A30D0123A ] MSSQLSERVER C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe 08:34:40.0688 0x0804 MSSQLSERVER - ok 08:34:40.0813 0x0804 MSSQLServerOLAPService - ok 08:34:40.0837 0x0804 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 08:34:40.0846 0x0804 MSTEE - ok 08:34:40.0892 0x0804 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 08:34:40.0900 0x0804 MTConfig - ok 08:34:40.0931 0x0804 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 08:34:40.0942 0x0804 Mup - ok 08:34:41.0070 0x0804 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 08:34:41.0087 0x0804 napagent - ok 08:34:41.0156 0x0804 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 08:34:41.0174 0x0804 NativeWifiP - ok 08:34:41.0363 0x0804 [ 5A4EC58A5F2E63DB2092B343CF1B2834, 33F957565E38A3A2842DDB16D7C969F93A4FB888DB5AFBBF5431A712FADE4E13 ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20151022.025\ENG64.SYS 08:34:41.0377 0x0804 NAVENG - ok 08:34:41.0875 0x0804 [ 526EA496D7F06B3746775046B33027C1, FEC0B860F49C28ED6ED721A09D19239BB1E20CE3A29697B24B2FE604AE0EB808 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20151022.025\EX64.SYS 08:34:41.0959 0x0804 NAVEX15 - ok 08:34:42.0218 0x0804 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 08:34:42.0262 0x0804 NDIS - ok 08:34:42.0335 0x0804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 08:34:42.0360 0x0804 NdisCap - ok 08:34:42.0427 0x0804 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 08:34:42.0448 0x0804 NdisTapi - ok 08:34:42.0489 0x0804 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 08:34:42.0499 0x0804 Ndisuio - ok 08:34:42.0549 0x0804 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 08:34:42.0579 0x0804 NdisWan - ok 08:34:42.0628 0x0804 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 08:34:42.0649 0x0804 NDProxy - ok 08:34:42.0721 0x0804 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 08:34:42.0754 0x0804 NetBIOS - ok 08:34:42.0857 0x0804 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 08:34:42.0881 0x0804 NetBT - ok 08:34:42.0906 0x0804 [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] Netlogon C:\Windows\system32\lsass.exe 08:34:42.0908 0x0804 Netlogon - ok 08:34:43.0058 0x0804 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 08:34:43.0093 0x0804 Netman - ok 08:34:43.0152 0x0804 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:34:43.0176 0x0804 NetMsmqActivator - ok 08:34:43.0190 0x0804 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:34:43.0194 0x0804 NetPipeActivator - ok 08:34:43.0348 0x0804 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 08:34:43.0381 0x0804 netprofm - ok 08:34:43.0471 0x0804 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:34:43.0474 0x0804 NetTcpActivator - ok 08:34:43.0484 0x0804 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:34:43.0487 0x0804 NetTcpPortSharing - ok 08:34:43.0546 0x0804 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 08:34:43.0561 0x0804 nfrd960 - ok 08:34:43.0678 0x0804 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 08:34:43.0699 0x0804 NlaSvc - ok 08:34:43.0746 0x0804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 08:34:43.0756 0x0804 Npfs - ok 08:34:43.0830 0x0804 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 08:34:43.0848 0x0804 nsi - ok 08:34:43.0891 0x0804 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 08:34:43.0905 0x0804 nsiproxy - ok 08:34:44.0304 0x0804 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 08:34:44.0387 0x0804 Ntfs - ok 08:34:44.0432 0x0804 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 08:34:44.0445 0x0804 Null - ok 08:34:44.0550 0x0804 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 08:34:44.0561 0x0804 nvraid - ok 08:34:44.0638 0x0804 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 08:34:44.0672 0x0804 nvstor - ok 08:34:44.0789 0x0804 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 08:34:44.0813 0x0804 nv_agp - ok 08:34:44.0839 0x0804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 08:34:44.0843 0x0804 ohci1394 - ok 08:34:45.0079 0x0804 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:34:45.0090 0x0804 ose - ok 08:34:46.0436 0x0804 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 08:34:46.0661 0x0804 osppsvc - ok 08:34:46.0810 0x0804 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 08:34:46.0829 0x0804 p2pimsvc - ok 08:34:46.0960 0x0804 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 08:34:46.0987 0x0804 p2psvc - ok 08:34:47.0022 0x0804 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 08:34:47.0057 0x0804 Parport - ok 08:34:47.0101 0x0804 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 08:34:47.0108 0x0804 partmgr - ok 08:34:47.0181 0x0804 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 08:34:47.0188 0x0804 PcaSvc - ok 08:34:47.0236 0x0804 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 08:34:47.0254 0x0804 pci - ok 08:34:47.0280 0x0804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 08:34:47.0287 0x0804 pciide - ok 08:34:47.0318 0x0804 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 08:34:47.0334 0x0804 pcmcia - ok 08:34:47.0351 0x0804 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 08:34:47.0358 0x0804 pcw - ok 08:34:47.0507 0x0804 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 08:34:47.0528 0x0804 PEAUTH - ok 08:34:47.0679 0x0804 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 08:34:47.0772 0x0804 PeerDistSvc - ok 08:34:49.0897 0x0804 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 08:34:50.0012 0x0804 PerfHost - ok 08:34:50.0248 0x0804 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 08:34:50.0331 0x0804 pla - ok 08:34:50.0482 0x0804 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 08:34:50.0506 0x0804 PlugPlay - ok 08:34:50.0522 0x0804 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 08:34:50.0531 0x0804 PNRPAutoReg - ok 08:34:50.0601 0x0804 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 08:34:50.0608 0x0804 PNRPsvc - ok 08:34:50.0700 0x0804 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 08:34:50.0741 0x0804 PolicyAgent - ok 08:34:50.0787 0x0804 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 08:34:50.0823 0x0804 Power - ok 08:34:50.0878 0x0804 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 08:34:50.0885 0x0804 PptpMiniport - ok 08:34:50.0907 0x0804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 08:34:50.0916 0x0804 Processor - ok 08:34:51.0010 0x0804 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 08:34:51.0036 0x0804 ProfSvc - ok 08:34:51.0061 0x0804 [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] ProtectedStorage C:\Windows\system32\lsass.exe 08:34:51.0062 0x0804 ProtectedStorage - ok 08:34:51.0106 0x0804 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 08:34:51.0120 0x0804 Psched - ok 08:34:51.0201 0x0804 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 08:34:51.0271 0x0804 ql2300 - ok 08:34:51.0318 0x0804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 08:34:51.0322 0x0804 ql40xx - ok 08:34:51.0354 0x0804 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 08:34:51.0370 0x0804 QWAVE - ok 08:34:51.0386 0x0804 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 08:34:51.0388 0x0804 QWAVEdrv - ok 08:34:51.0397 0x0804 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 08:34:51.0400 0x0804 RasAcd - ok 08:34:51.0424 0x0804 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 08:34:51.0426 0x0804 RasAgileVpn - ok 08:34:51.0442 0x0804 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 08:34:51.0447 0x0804 RasAuto - ok 08:34:51.0467 0x0804 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 08:34:51.0472 0x0804 Rasl2tp - ok 08:34:51.0505 0x0804 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 08:34:51.0522 0x0804 RasMan - ok 08:34:51.0539 0x0804 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 08:34:51.0543 0x0804 RasPppoe - ok 08:34:51.0562 0x0804 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 08:34:51.0566 0x0804 RasSstp - ok 08:34:51.0633 0x0804 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 08:34:51.0651 0x0804 rdbss - ok 08:34:51.0666 0x0804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 08:34:51.0668 0x0804 rdpbus - ok 08:34:51.0680 0x0804 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 08:34:51.0681 0x0804 RDPCDD - ok 08:34:51.0707 0x0804 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 08:34:51.0713 0x0804 RDPDR - ok 08:34:51.0730 0x0804 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 08:34:51.0731 0x0804 RDPENCDD - ok 08:34:51.0743 0x0804 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 08:34:51.0746 0x0804 RDPREFMP - ok 08:34:51.0872 0x0804 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 08:34:51.0882 0x0804 RdpVideoMiniport - ok 08:34:51.0939 0x0804 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 08:34:51.0951 0x0804 RDPWD - ok 08:34:51.0991 0x0804 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 08:34:52.0003 0x0804 rdyboost - ok 08:34:52.0035 0x0804 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 08:34:52.0082 0x0804 RemoteAccess - ok 08:34:52.0117 0x0804 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 08:34:52.0124 0x0804 RemoteRegistry - ok 08:34:52.0431 0x0804 [ 0D84CB080B36EECBC8201E046C6CE763, 195344E2E623B811349FD594880D45D7B992580A83FF82C3354B0ED4C50A999F ] ReportServer C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe 08:34:52.0533 0x0804 ReportServer - ok 08:34:52.0569 0x0804 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 08:34:52.0572 0x0804 RpcEptMapper - ok 08:34:52.0594 0x0804 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 08:34:52.0596 0x0804 RpcLocator - ok 08:34:52.0622 0x0804 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 08:34:52.0634 0x0804 RpcSs - ok 08:34:52.0707 0x0804 [ 964E8376B0B3FE1354B19907E1A4A692, 7B955D071EC7E681DA11F1DBF530AEE03A120D2FBA184A2A203E59BA1121C3AB ] RsFx0201 C:\Windows\system32\DRIVERS\RsFx0201.sys 08:34:52.0751 0x0804 RsFx0201 - ok 08:34:52.0789 0x0804 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 08:34:52.0793 0x0804 rspndr - ok 08:34:52.0822 0x0804 [ 68DD0457D18FCCEF7384AE84022F0C86, 82C02EDB30D4FA1145AB1818F9FCE0B73FEB1B94C138B5513794F25FAC85F2CC ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys 08:34:52.0825 0x0804 RTL8023x64 - ok 08:34:52.0853 0x0804 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 08:34:52.0854 0x0804 s3cap - ok 08:34:52.0945 0x0804 [ 5D9932536F12E1E125DC9B48E2CDF784, B149E606E35FF1038BAAF41648AE7542D788F4101C6BB92506EF2D9D3AD325FC ] SageDeploymentService C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe 08:34:52.0962 0x0804 SageDeploymentService - ok 08:34:53.0022 0x0804 [ F6A730B70F4BB31133C2C0C45A369671, 68BD5CCCC4E6E1EFAC336BE1FBD4963F30169E29D7DDFF6FBDF2893DEAF85200 ] SageMultiUserService40 C:\Program Files (x86)\Common Files\Sage Software Shared\MultiUserServiceServer.exe 08:34:53.0030 0x0804 SageMultiUserService40 - ok 08:34:53.0044 0x0804 [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] SamSs C:\Windows\system32\lsass.exe 08:34:53.0046 0x0804 SamSs - ok 08:34:53.0076 0x0804 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 08:34:53.0084 0x0804 sbp2port - ok 08:34:53.0114 0x0804 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 08:34:53.0122 0x0804 SCardSvr - ok 08:34:53.0137 0x0804 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 08:34:53.0139 0x0804 scfilter - ok 08:34:53.0193 0x0804 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 08:34:53.0236 0x0804 Schedule - ok 08:34:53.0271 0x0804 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 08:34:53.0284 0x0804 SCPolicySvc - ok 08:34:53.0324 0x0804 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 08:34:53.0331 0x0804 SDRSVC - ok 08:34:53.0368 0x0804 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 08:34:53.0370 0x0804 secdrv - ok 08:34:53.0385 0x0804 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 08:34:53.0391 0x0804 seclogon - ok 08:34:53.0426 0x0804 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 08:34:53.0439 0x0804 SENS - ok 08:34:53.0464 0x0804 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 08:34:53.0475 0x0804 SensrSvc - ok 08:34:53.0602 0x0804 [ 74885BDFF62E537F268EBF8E8CEC24BB, D49949C3ED3CE748FD5EF0CA4ECEA5F30B9EEAE365EBA7072A0BE203A84D8227 ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe 08:34:53.0605 0x0804 SepMasterService - ok 08:34:53.0635 0x0804 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 08:34:53.0637 0x0804 Serenum - ok 08:34:53.0654 0x0804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 08:34:53.0667 0x0804 Serial - ok 08:34:53.0678 0x0804 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 08:34:53.0680 0x0804 sermouse - ok 08:34:53.0713 0x0804 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 08:34:53.0725 0x0804 SessionEnv - ok 08:34:53.0735 0x0804 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 08:34:53.0737 0x0804 sffdisk - ok 08:34:53.0752 0x0804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 08:34:53.0754 0x0804 sffp_mmc - ok 08:34:53.0767 0x0804 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 08:34:53.0773 0x0804 sffp_sd - ok 08:34:53.0790 0x0804 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 08:34:53.0792 0x0804 sfloppy - ok 08:34:53.0824 0x0804 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 08:34:53.0834 0x0804 SharedAccess - ok 08:34:53.0866 0x0804 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 08:34:53.0883 0x0804 ShellHWDetection - ok 08:34:53.0899 0x0804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 08:34:53.0902 0x0804 SiSRaid2 - ok 08:34:53.0934 0x0804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 08:34:53.0938 0x0804 SiSRaid4 - ok 08:34:53.0956 0x0804 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 08:34:53.0960 0x0804 Smb - ok 08:34:54.0083 0x0804 [ B8EF6F1FAFBE89E24E152907605E7A25, B1771BB419265EFBA3185DA884FD921C66A86492C3DF19AB06E26010372C9442 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe 08:34:54.0173 0x0804 SmcService - ok 08:34:54.0208 0x0804 [ 89733DCC3817455FBC3AB4A3C19EE765, 0D550153860D9557BC5E8B7B03CEF677FA4E24DB0A8F51F536B87D1CD0100A1C ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe 08:34:54.0218 0x0804 SNAC - ok 08:34:54.0251 0x0804 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 08:34:54.0254 0x0804 SNMPTRAP - ok 08:34:54.0282 0x0804 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 08:34:54.0284 0x0804 spldr - ok 08:34:54.0339 0x0804 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 08:34:54.0355 0x0804 Spooler - ok 08:34:54.0555 0x0804 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 08:34:54.0683 0x0804 sppsvc - ok 08:34:54.0719 0x0804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 08:34:54.0731 0x0804 sppuinotify - ok 08:34:54.0863 0x0804 [ E9254892A2D74E537BAD3092F0F8EE40, BEB715404B799F3181C699E233F98B2A913BEB677E94ABE8E2872499FC755385 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 08:34:54.0879 0x0804 SQLBrowser - ok 08:34:55.0159 0x0804 [ F4A50C0B17A39B77B2DAB6A89C1A820F, 750CB6E862D45B28BF2822D5A053FB06D2D45EE45C8F28322BE892E81E48FB47 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE 08:34:55.0183 0x0804 SQLSERVERAGENT - ok 08:34:55.0299 0x0804 [ 055B0DE7BCDB14FB18279F09DCA07954, 94944F996F2F73233A96F8E766606EA5CCC7142EA2AF4BCEFD2603578F2B4A4A ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 08:34:55.0311 0x0804 SQLWriter - ok 08:34:55.0484 0x0804 [ 48FD53FED3C81726001E438A2201E9FF, 96CC81F74917960382101AD839D86DEA8B48BE7211A00BCC2AB400BA1E4CBCB1 ] SRTSP C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS 08:34:55.0557 0x0804 SRTSP - ok 08:34:55.0603 0x0804 [ 63199A936D9BDEA578DFB8F5E9A40095, B38593311A6ACCA1F3EE3F441A533DCB7639E6E6FCA4A83A5B11696A355CD533 ] SRTSPX C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS 08:34:55.0629 0x0804 SRTSPX - ok 08:34:55.0715 0x0804 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 08:34:55.0752 0x0804 srv - ok 08:34:55.0846 0x0804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 08:34:55.0889 0x0804 srv2 - ok 08:34:55.0965 0x0804 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 08:34:55.0984 0x0804 srvnet - ok 08:34:56.0084 0x0804 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 08:34:56.0102 0x0804 SSDPSRV - ok 08:34:56.0122 0x0804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 08:34:56.0141 0x0804 SstpSvc - ok 08:34:56.0218 0x0804 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 08:34:56.0231 0x0804 stexstor - ok 08:34:56.0438 0x0804 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 08:34:56.0490 0x0804 stisvc - ok 08:34:56.0528 0x0804 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 08:34:56.0574 0x0804 storflt - ok 08:34:56.0611 0x0804 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll 08:34:56.0640 0x0804 StorSvc - ok 08:34:56.0697 0x0804 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 08:34:56.0720 0x0804 storvsc - ok 08:34:56.0754 0x0804 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 08:34:56.0760 0x0804 swenum - ok 08:34:56.0813 0x0804 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 08:34:56.0834 0x0804 swprv - ok 08:34:56.0918 0x0804 [ F017987B177F7BBC989318D59309D091, 3ED316AC86FB1F871B36ABA65E5B164B22D255B7509574A2CA8FC878A1142266 ] SymDS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS 08:34:56.0946 0x0804 SymDS - ok 08:34:57.0072 0x0804 [ E7F25D768EE0CDF69D8B752398C262BB, D401B892EB4C7CFCEDBFB228EA8918513674A26516CA733F4777050F4F425D2A ] SymEFA C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS 08:34:57.0134 0x0804 SymEFA - ok 08:34:57.0239 0x0804 [ 36B77F5C9E21F88A8C8EC67AD5415819, 0ECB96799F614C1C17F2D705A3C17E83078225A2350F3048A11F5C3164F7894A ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 08:34:57.0277 0x0804 SymEvent - ok 08:34:57.0363 0x0804 [ 1611FA7A95A48387DF22757FA81B46A9, B32C4D9FB9D35B5A37D9BF321F6BE2964EE536BADFFEB23C3D8693C08B35A795 ] SymIRON C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS 08:34:57.0384 0x0804 SymIRON - ok 08:34:57.0495 0x0804 [ D41557715C1C792D1391DB5AA81A00DF, D08013347ED5F3CD62BF48075A2A5C71E2EE5E95A7BDB43F2435D5F0F19880D8 ] SYMNETS C:\Windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS 08:34:57.0518 0x0804 SYMNETS - ok 08:34:57.0885 0x0804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 08:34:57.0983 0x0804 SysMain - ok 08:34:58.0019 0x0804 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 08:34:58.0024 0x0804 TabletInputService - ok 08:34:58.0088 0x0804 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 08:34:58.0112 0x0804 TapiSrv - ok 08:34:58.0133 0x0804 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 08:34:58.0143 0x0804 TBS - ok 08:34:58.0497 0x0804 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 08:34:58.0578 0x0804 Tcpip - ok 08:34:58.0938 0x0804 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 08:34:58.0974 0x0804 TCPIP6 - ok 08:34:59.0029 0x0804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 08:34:59.0059 0x0804 tcpipreg - ok 08:34:59.0127 0x0804 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 08:34:59.0129 0x0804 TDPIPE - ok 08:34:59.0181 0x0804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 08:34:59.0192 0x0804 TDTCP - ok 08:34:59.0268 0x0804 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 08:34:59.0275 0x0804 tdx - ok 08:34:59.0855 0x0804 [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 08:35:00.0086 0x0804 TeamViewer - ok 08:35:00.0130 0x0804 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 08:35:00.0160 0x0804 TermDD - ok 08:35:00.0285 0x0804 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 08:35:00.0338 0x0804 TermService - ok 08:35:00.0392 0x0804 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 08:35:00.0401 0x0804 Themes - ok 08:35:00.0426 0x0804 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 08:35:00.0428 0x0804 THREADORDER - ok 08:35:00.0491 0x0804 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 08:35:00.0502 0x0804 TrkWks - ok 08:35:00.0595 0x0804 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 08:35:00.0609 0x0804 TrustedInstaller - ok 08:35:00.0660 0x0804 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 08:35:00.0664 0x0804 tssecsrv - ok 08:35:00.0710 0x0804 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 08:35:00.0745 0x0804 TsUsbFlt - ok 08:35:00.0782 0x0804 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 08:35:00.0785 0x0804 TsUsbGD - ok 08:35:00.0899 0x0804 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 08:35:00.0907 0x0804 tunnel - ok 08:35:00.0942 0x0804 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 08:35:00.0977 0x0804 uagp35 - ok 08:35:01.0053 0x0804 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 08:35:01.0088 0x0804 udfs - ok 08:35:01.0134 0x0804 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 08:35:01.0142 0x0804 UI0Detect - ok 08:35:01.0200 0x0804 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 08:35:01.0234 0x0804 uliagpkx - ok 08:35:01.0267 0x0804 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 08:35:01.0271 0x0804 umbus - ok 08:35:01.0296 0x0804 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 08:35:01.0306 0x0804 UmPass - ok 08:35:01.0396 0x0804 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 08:35:01.0426 0x0804 UmRdpService - ok 08:35:01.0477 0x0804 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 08:35:01.0492 0x0804 upnphost - ok 08:35:01.0555 0x0804 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 08:35:01.0561 0x0804 usbccgp - ok 08:35:01.0627 0x0804 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 08:35:01.0646 0x0804 usbcir - ok 08:35:01.0713 0x0804 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 08:35:01.0729 0x0804 usbehci - ok 08:35:01.0864 0x0804 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 08:35:01.0889 0x0804 usbhub - ok 08:35:01.0919 0x0804 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 08:35:01.0929 0x0804 usbohci - ok 08:35:01.0988 0x0804 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 08:35:02.0001 0x0804 usbprint - ok 08:35:02.0092 0x0804 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 08:35:02.0108 0x0804 usbscan - ok 08:35:02.0177 0x0804 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:35:02.0196 0x0804 USBSTOR - ok 08:35:02.0271 0x0804 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 08:35:02.0325 0x0804 usbuhci - ok 08:35:02.0385 0x0804 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 08:35:02.0409 0x0804 UxSms - ok 08:35:02.0432 0x0804 [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] VaultSvc C:\Windows\system32\lsass.exe 08:35:02.0435 0x0804 VaultSvc - ok 08:35:02.0502 0x0804 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 08:35:02.0510 0x0804 vdrvroot - ok 08:35:02.0673 0x0804 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 08:35:02.0705 0x0804 vds - ok 08:35:02.0765 0x0804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 08:35:02.0786 0x0804 vga - ok 08:35:02.0810 0x0804 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 08:35:02.0842 0x0804 VgaSave - ok 08:35:02.0913 0x0804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 08:35:02.0927 0x0804 vhdmp - ok 08:35:03.0004 0x0804 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 08:35:03.0025 0x0804 viaide - ok 08:35:03.0093 0x0804 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 08:35:03.0101 0x0804 vmbus - ok 08:35:03.0126 0x0804 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 08:35:03.0137 0x0804 VMBusHID - ok 08:35:03.0157 0x0804 vmci - ok 08:35:03.0164 0x0804 VMnetAdapter - ok 08:35:03.0195 0x0804 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 08:35:03.0198 0x0804 volmgr - ok 08:35:03.0267 0x0804 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 08:35:03.0301 0x0804 volmgrx - ok 08:35:03.0327 0x0804 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 08:35:03.0360 0x0804 volsnap - ok 08:35:03.0414 0x0804 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 08:35:03.0420 0x0804 vsmraid - ok 08:35:03.0685 0x0804 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 08:35:03.0753 0x0804 VSS - ok 08:35:03.0779 0x0804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 08:35:03.0781 0x0804 vwifibus - ok 08:35:03.0851 0x0804 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 08:35:03.0901 0x0804 W32Time - ok 08:35:03.0921 0x0804 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 08:35:03.0937 0x0804 WacomPen - ok 08:35:03.0978 0x0804 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 08:35:03.0981 0x0804 WANARP - ok 08:35:03.0998 0x0804 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 08:35:04.0000 0x0804 Wanarpv6 - ok 08:35:04.0143 0x0804 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 08:35:04.0221 0x0804 wbengine - ok 08:35:04.0250 0x0804 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 08:35:04.0258 0x0804 WbioSrvc - ok 08:35:04.0336 0x0804 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 08:35:04.0352 0x0804 wcncsvc - ok 08:35:04.0371 0x0804 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 08:35:04.0382 0x0804 WcsPlugInService - ok 08:35:04.0413 0x0804 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 08:35:04.0415 0x0804 Wd - ok 08:35:04.0536 0x0804 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 08:35:04.0577 0x0804 Wdf01000 - ok 08:35:04.0615 0x0804 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 08:35:04.0622 0x0804 WdiServiceHost - ok 08:35:04.0629 0x0804 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 08:35:04.0633 0x0804 WdiSystemHost - ok 08:35:04.0692 0x0804 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 08:35:04.0701 0x0804 WebClient - ok 08:35:04.0749 0x0804 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 08:35:04.0757 0x0804 Wecsvc - ok 08:35:04.0784 0x0804 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 08:35:04.0787 0x0804 wercplsupport - ok 08:35:04.0813 0x0804 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 08:35:04.0818 0x0804 WerSvc - ok 08:35:04.0835 0x0804 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 08:35:04.0836 0x0804 WfpLwf - ok 08:35:04.0859 0x0804 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 08:35:04.0878 0x0804 WIMMount - ok 08:35:04.0915 0x0804 WinDefend - ok 08:35:04.0933 0x0804 WinHttpAutoProxySvc - ok 08:35:05.0003 0x0804 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 08:35:05.0029 0x0804 Winmgmt - ok 08:35:05.0161 0x0804 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 08:35:05.0276 0x0804 WinRM - ok 08:35:05.0375 0x0804 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 08:35:05.0397 0x0804 WinUsb - ok 08:35:05.0599 0x0804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 08:35:05.0650 0x0804 Wlansvc - ok 08:35:05.0672 0x0804 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 08:35:05.0699 0x0804 WmiAcpi - ok 08:35:05.0796 0x0804 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 08:35:05.0809 0x0804 wmiApSrv - ok 08:35:05.0879 0x0804 WMPNetworkSvc - ok 08:35:05.0927 0x0804 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 08:35:05.0952 0x0804 WPCSvc - ok 08:35:05.0985 0x0804 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 08:35:05.0999 0x0804 WPDBusEnum - ok 08:35:06.0053 0x0804 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 08:35:06.0068 0x0804 ws2ifsl - ok 08:35:06.0117 0x0804 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 08:35:06.0131 0x0804 wscsvc - ok 08:35:06.0141 0x0804 WSearch - ok 08:35:06.0789 0x0804 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 08:35:06.0917 0x0804 wuauserv - ok 08:35:06.0978 0x0804 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 08:35:06.0988 0x0804 WudfPf - ok 08:35:07.0094 0x0804 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 08:35:07.0119 0x0804 WUDFRd - ok 08:35:07.0165 0x0804 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 08:35:07.0192 0x0804 wudfsvc - ok 08:35:07.0276 0x0804 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 08:35:07.0310 0x0804 WwanSvc - ok 08:35:07.0320 0x0804 ================ Scan global =============================== 08:35:07.0382 0x0804 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 08:35:07.0504 0x0804 [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll 08:35:07.0563 0x0804 [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll 08:35:07.0621 0x0804 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 08:35:07.0716 0x0804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 08:35:07.0779 0x0804 [ Global ] - ok 08:35:07.0780 0x0804 ================ Scan MBR ================================== 08:35:07.0811 0x0804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 08:35:08.0199 0x0804 \Device\Harddisk0\DR0 - ok 08:35:08.0200 0x0804 ================ Scan VBR ================================== 08:35:08.0223 0x0804 [ F769AA0408A7FABB7A0BE02CC2B6057E ] \Device\Harddisk0\DR0\Partition1 08:35:08.0224 0x0804 \Device\Harddisk0\DR0\Partition1 - ok 08:35:08.0233 0x0804 [ 299D461E9AB116841197CF11FCB8C71C ] \Device\Harddisk0\DR0\Partition2 08:35:08.0250 0x0804 \Device\Harddisk0\DR0\Partition2 - ok 08:35:08.0263 0x0804 [ B387B3E85DD46C84BFFF0B66AE451F67 ] \Device\Harddisk0\DR0\Partition3 08:35:08.0264 0x0804 \Device\Harddisk0\DR0\Partition3 - ok 08:35:08.0265 0x0804 ================ Scan generic autorun ====================== 08:35:08.0304 0x0804 [ 92FDB0658CA16974B4AE80E248A5B118, 9E0CF6A9C845C5F9E4B80B9105DBECE15ACC27984FCBFD8774C00EBE20DB652F ] C:\Windows\system32\igfxtray.exe 08:35:08.0309 0x0804 IgfxTray - ok 08:35:08.0357 0x0804 [ 23A6AE66AA4BEF792649736385BB51BA, FC85E38B2F5F52E970EAE5DAFC3B738BCC8BF596AF3766F0EDA03040664E1F08 ] C:\Windows\system32\hkcmd.exe 08:35:08.0382 0x0804 HotKeysCmds - ok 08:35:08.0407 0x0804 [ F6FA1865978214FB7FCD80149BBF1C13, 3CA24827982B521986DBE1E5600316155800C3777BAF415B978C7FE9F3AA3DD2 ] C:\Windows\system32\igfxpers.exe 08:35:08.0417 0x0804 Persistence - ok 08:35:08.0594 0x0804 [ 912993864DE980DE79E2317B109298AE, CD01E488E6331D0F00092A6F5B4B62F3404C9C5F0736887849AD215730C072D2 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 08:35:08.0687 0x0804 CanonMyPrinter - ok 08:35:08.0737 0x0804 glitch_immunity - ok 08:35:08.0812 0x0804 [ 12E54BDE520DC85A611D7245DF44BCE5, 8F90F71AC97CE47D6A4F3491A48E3F857E8DEFD51E2DFDD528666AFC592E3B4E ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe 08:35:08.0828 0x0804 FreePDF Assistant - ok 08:35:08.0962 0x0804 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe 08:35:08.0965 0x0804 BCSSync - ok 08:35:09.0153 0x0804 [ 7B59D1D1F458B322A722E95554BB591E, F184E22D37E013580AB7FD07172C1F662275D39E036CE22DFA62B2A43823E719 ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE 08:35:09.0219 0x0804 CanonSolutionMenuEx - ok 08:35:09.0297 0x0804 [ FB2693E1B53BCEDA1F054FF2C54881E6, 41E25F1EDE25F722F9B73527B2F8B05F38EC87964DBBDEA4F1306E207A78E894 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe 08:35:09.0313 0x0804 IJNetworkScannerSelectorEX - ok 08:35:09.0393 0x0804 [ 755DB0FABD639DE8D9FA6D446BA90D36, 144A3975545311270825E64FE564F16A8895573ABF0B4C0AD07A766D4E8D86DC ] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe 08:35:09.0405 0x0804 Gadwin PrintScreen - ok 08:35:09.0873 0x0804 [ E6C60E153524E8C18E06C643B11D5AD3, 834FAEB4AE15C3F197816B0CEF7A45FE361FBDB9ED958C81584ED15751A9AE91 ] C:\Program Files\CCleaner\CCleaner64.exe 08:35:10.0047 0x0804 ccleaner - ok 08:35:10.0138 0x0804 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 08:35:10.0220 0x0804 Sidebar - ok 08:35:10.0249 0x0804 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 08:35:10.0262 0x0804 mctadmin - ok 08:35:10.0264 0x0804 Waiting for KSN requests completion. In queue: 190 08:35:11.0264 0x0804 Waiting for KSN requests completion. In queue: 190 08:35:12.0264 0x0804 Waiting for KSN requests completion. In queue: 190 08:35:13.0362 0x0804 AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WSCSavNotifier.exe ( 12.1.1000.157 ), 0x71000 ( enabled : updated ) 08:35:13.0408 0x0804 Win FW state via NFP2: enabled ( trusted ) 08:35:15.0801 0x0804 ============================================================ 08:35:15.0801 0x0804 Scan finished 08:35:15.0801 0x0804 ============================================================ 08:35:15.0814 0x08f8 Detected object count: 0 08:35:15.0814 0x08f8 Actual detected object count: 0 Geändert von Gift (30.10.2015 um 08:39 Uhr) Grund: Hab das Lob vergessen! |
|
30.10.2015, 21:20
| #21 |
| /// the machine /// TB-Ausbilder | Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ --> Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( |
|
| Themen zu Mein Symantec bringt mir div. Trojaner u. Viren Warnungen, auch Optionen zum bereinigen, aber die dinger sind immer noch da :-( |
| bereinige, bereinigen, confused, dinger, frst.txt, gen, helft, hoffe, immer wieder, langsam, spring, springt, symantec, troja, trojaner, unendlich, viren, warnungen, weiterhelfen, woche |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
