Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan infection. Emotet v3 / Tinba or similar


  • This topic is locked This topic is locked
18 replies to this topic

#1 mastu

mastu

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 03 June 2015 - 06:13 PM

Hello,

the infection occurred on 02.06.2015 approximately between 22:35 and 22:45.
PC hasn't been rebooted / shutdown since.
It went into standby exactly once because of the energy management profile.

The following chain of information is available

02.06.2015
1) A fake DHL delivery e-mail was opened
2) A link in e-mail to "DHL PDF" was clicked
3) The link pointed at: http://vrian.nl/04FhGPd3mwD2
4) From that URL a file with the following name was downloaded: Dhl_20227630794.zip
-- VirusTotal: https://www.virustotal.com/de/file/f2017f618681f82f269fe243896826837abb32745d17c98da239c9bc22e6926b/analysis/
5) An attempt was made to open the file
6) It's unknown if the actual file maybe had a hidden .exe extension
7) Supposedly the: "File didn't open but some error got displayed which then closed"
8) This was where the infection occurred I suppose
9) It's unknown if actually the file inside the zip - an executable disguised with a PDF logo - file was executed instead
10) File inside the zip file (according to VirusTotal) was:
-- Dhl_Status_zu_Sendung_915485886690_____GH01_J_M06__GMS02__06__2015___PPA23_21_15.exe
-- VirusTotal: https://www.virustotal.com/de/file/3cee9993da964f60c0162baa885ab6b249e7f98f79b68e4fa035cebd0aa8666c/analysis/
11) A file with this exact name was found twice on the PC under
-- C:\Users\[redacted]\AppData\Local\Temp\7zOA9C4.tmp
-- C:\Users\[redacted]\AppData\Local\Temp\7zO8005.tmp
12) A suspicious file (matching also by creation date) was found under
-- C:\Users\[redacted]\AppData\Local\97c1bd653e12c9919ec7f7d428e90db9.exe
13) A suspicious registry entry matching the file from "12)" was found under
-- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
-- Key: 97c1bd653e12c9919ec7f7d428e90db9
-- Value: C:\Users\[redacted]\AppData\Local\97c1bd653e12c9919ec7f7d428e90db9.exe
14) The following steps were taken
-- Dhl_20227630794.zip was deleted
-- Folders/files mentioned under "11)" were deleted
-- File 97c1bd653e12c9919ec7f7d428e90db9.exe (from "12)") was deleted
-- Registry entry from "13)" was deleted
15) Microsoft Security Essentials + ClamWin was run overnight

03.06.2015
16) MSE didn't find anything. ClamWin had 3 false positives but lots of files it couldn't open in TEMP folders
17) PC was put online for a brief period to download FRST
18) FRST was run
19) PC was put online in order to register/post to bleepingcomputer.com
20) This took longer then planned as bleepingcomputer.com rejects too many e-mail-providers on registration
21) 03.06.2015 21:46 during this period of time the trojan created/downloaded more files/executables and spawned (at least) two new processes
22) 03.06.2015 21:50 PC was put offline
23) Two obvious trojan processes were suspended with Process Explorer
24) The deleted registry entry has been recreated
25) FRST was run again

Current situation:
- Obviously infected
- C:\Users\[redacted]\AppData\Local\Temp\ holds
-- many tmp files with random 4 character names (letters and numbers)
-- 4 exe files (1E86~.exe, 1E85~.exe, 1E72~.exe, 1E73~.exe)
- Two suspended processes (1E86~.exe, 1E85~.exe)
VirusTotal for both processes: https://www.virustotal.com/de/file/712425044bcf82af417151f372b52f96d0c0aaaf73909a5d1674fa1254ee9dcd/analysis/
- One of the suspended process uses ~1GB of RAM
- Also noticed but maybe unrelated: "System" process every ~15min uses 25% CPU for ~30-50s. Process Explorer -> Threads shows "ntkrnlpa.exe!KeInsertQueueDpc+0x261" as "culprit"

The following is the FRST log for the second run (only differences to previous run are the new trojan exe files)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by [redacted] (administrator) on [redacted] on 03-06-2015 23:27:14
Running from C:\Users\[redacted]\Downloads
Loaded Profiles: [redacted] (Available Profiles: [redacted])
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\BrownyInd\Brother\BrIndicator.exe
(Google Inc.) C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Sysinternals - www.sysinternals.com) C:\Users\[redacted]\Desktop\procexp.exe
() C:\Users\[redacted]\AppData\Local\Temp\1E86~.exe
() C:\Users\[redacted]\AppData\Local\Temp\1E85~.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2009-10-10] (ASUS)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] => C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [338096 2009-09-30] (ASUSTeK Computer Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsInd00] => C:\Program Files\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\Run: [Google Update] => C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\MountPoints2: F - F:\MENU.EXE
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\MountPoints2: {60cdfcf5-d364-11e1-a8b9-e0cb4e65b827} - E:\AutoRun.exe
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\MountPoints2: {86d0c958-e617-11e2-b536-e0cb4e65b827} - E:\AutoRun.exe
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\MountPoints2: {d6715308-bef1-11e1-92a9-e0cb4e65b827} - E:\AutoRun.exe
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\MountPoints2: {d6715316-bef1-11e1-92a9-e0cb4e65b827} - E:\AutoRun.exe
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012-10-05] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> DefaultScope {0CD67DF9-31DE-42EC-9058-729F49A8A774} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> 98503FA3310340BA8FFFC240C77C3079 URL = http://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> {0CD67DF9-31DE-42EC-9058-729F49A8A774} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072313&q={searchTerms}&src=IE-SearchBox
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: 127.0.0.1 zalando.at
Tcpip\Parameters: [DhcpNameServer] 151.236.6.6 185.27.253.92 8.8.4.4
Tcpip\..\Interfaces\{5610F468-7A0D-4F35-BCCA-E1D451108895}: [NameServer] 194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{7E37382C-138F-480D-9A6B-4A373DF31482}: [NameServer] 194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{C0AA2026-861E-4563-8947-C3ACA4CC288E}: [NameServer] 194.24.128.100 81.3.216.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2114684848-714399144-433452792-1000: @tools.google.com/Google Update;version=3 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2114684848-714399144-433452792-1000: @tools.google.com/Google Update;version=9 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-26]
CHR Extension: (Bookmark Manager) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
S4 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [218624 2012-07-09] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl3ad6a2cd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FE1A0C9-7005-49CB-82E0-081ADF70EBD9}\MpKsl3ad6a2cd.sys [39464 2015-06-03] (Microsoft Corporation)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [477240 2012-10-05] (Duplex Secure Ltd.)
S1 archlp; system32\drivers\archlp.sys [X]
S4 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 23:27 - 2015-06-03 23:27 - 00010886 _____ () C:\Users\[redacted]\Downloads\FRST.txt
2015-06-03 20:26 - 2015-06-03 20:28 - 00047044 _____ () C:\Users\[redacted]\Downloads\_Addition.txt
2015-06-03 20:23 - 2015-06-03 20:28 - 00025996 _____ () C:\Users\[redacted]\Downloads\_FRST.txt
2015-06-03 20:22 - 2015-06-03 23:27 - 00000000 ____D () C:\FRST
2015-06-03 20:20 - 2015-06-03 20:21 - 01147392 _____ (Farbar) C:\Users\[redacted]\Downloads\FRST.exe
2015-05-13 19:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:16 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-13 18:16 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-13 18:13 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 18:13 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 18:13 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 18:13 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:13 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 18:13 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 18:13 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 18:13 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 18:13 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 18:13 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 18:13 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 18:13 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 18:13 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 18:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 18:13 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 18:13 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 18:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 18:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 18:10 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 18:10 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 18:10 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 18:10 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 18:10 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 18:10 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 18:10 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 18:10 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 18:10 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 18:10 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 18:10 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 18:10 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 18:10 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 18:10 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 18:10 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 18:10 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 18:10 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 18:10 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 18:10 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 18:10 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 18:10 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 18:10 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 18:10 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 18:10 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 18:10 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 18:10 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 18:10 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 18:10 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 18:10 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 18:10 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 18:10 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 18:10 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 18:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 18:09 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 18:09 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 18:09 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 18:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 23:12 - 2014-06-10 18:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 22:52 - 2014-12-26 18:18 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 21:50 - 2010-04-08 14:32 - 01474206 _____ () C:\windows\WindowsUpdate.log
2015-06-03 12:25 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-06-03 11:18 - 2010-12-08 20:39 - 00001064 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000Core.job
2015-06-03 06:52 - 2014-12-26 18:18 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 02:55 - 2009-07-26 23:56 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2015-06-01 10:15 - 2010-05-12 10:16 - 00000000 ____D () C:\Users\[redacted]\AppData\Roaming\Canon
2015-05-31 21:59 - 2015-03-06 22:13 - 00001978 _____ () C:\windows\setupact.log
2015-05-28 22:27 - 2010-04-08 09:58 - 00000000 ____D () C:\Users\[redacted]\AppData\Roaming\Skype
2015-05-25 18:21 - 2009-07-14 06:34 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 18:21 - 2009-07-14 06:34 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 18:14 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-19 11:13 - 2010-12-08 20:39 - 00001116 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000UA.job
2015-05-13 21:00 - 2014-10-16 16:56 - 00000000 ____D () C:\Users\[redacted]\AppData\Local\Adobe
2015-05-13 21:00 - 2012-04-25 18:48 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-13 21:00 - 2011-05-23 09:23 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-13 20:14 - 2009-07-14 09:49 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 20:12 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-13 19:45 - 2011-06-16 13:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:45 - 2009-07-14 06:33 - 00782504 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-13 19:42 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-05-13 19:42 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-13 19:36 - 2012-05-01 13:12 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:36 - 2010-12-31 18:33 - 00002155 _____ () C:\windows\epplauncher.mif
2015-05-13 19:35 - 2010-12-31 18:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 19:33 - 2009-10-10 00:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:27 - 2013-08-16 09:38 - 00000000 ____D () C:\windows\system32\MRT
2015-05-13 19:11 - 2010-04-08 12:12 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 19:02 - 2011-06-16 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:16 - 2011-09-10 20:44 - 00000000 ____D () C:\ProgramData\tmp

==================== Files in the root of some directories =======

2010-12-25 14:06 - 2014-11-30 01:35 - 0009728 _____ () C:\Users\[redacted]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-08 00:18 - 2010-11-09 20:26 - 0007633 _____ () C:\Users\[redacted]\AppData\Local\Resmon.ResmonCfg
2010-04-10 11:57 - 2010-04-10 11:57 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2009-10-10 00:54 - 2009-08-18 18:09 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\[redacted]\AppData\Local\Temp\1E72~.exe
C:\Users\[redacted]\AppData\Local\Temp\1E73~.exe
C:\Users\[redacted]\AppData\Local\Temp\1E85~.exe
C:\Users\[redacted]\AppData\Local\Temp\1E86~.exe
C:\Users\[redacted]\AppData\Local\Temp\SkypeSetup.exe
C:\Users\[redacted]\AppData\Local\Temp\_isF8C6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 12:18

==================== End of log ============================

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 04 June 2015 - 03:24 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 04 June 2015 - 05:35 AM

Hi Jürgen,

 

thanks for your answer. This is the TDSS report log

 

12:20:25.0141 0x0a00  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:20:28.0901 0x0a00  ============================================================
12:20:28.0901 0x0a00  Current date / time: 2015/06/04 12:20:28.0901
12:20:28.0901 0x0a00  SystemInfo:
12:20:28.0901 0x0a00  
12:20:28.0901 0x0a00  OS Version: 6.1.7601 ServicePack: 1.0
12:20:28.0901 0x0a00  Product type: Workstation
12:20:28.0901 0x0a00  ComputerName: [redacted]
12:20:28.0901 0x0a00  UserName: [redacted]
12:20:28.0901 0x0a00  Windows directory: C:\windows
12:20:28.0901 0x0a00  System windows directory: C:\windows
12:20:28.0901 0x0a00  Processor architecture: Intel x86
12:20:28.0901 0x0a00  Number of processors: 4
12:20:28.0901 0x0a00  Page size: 0x1000
12:20:28.0901 0x0a00  Boot type: Normal boot
12:20:28.0901 0x0a00  ============================================================
12:20:32.0863 0x0a00  KLMD registered as C:\windows\system32\drivers\42475986.sys
12:20:33.0831 0x0a00  System UUID: {86E64E13-9D04-0CC2-B0D9-952AA3CDCB43}
12:20:36.0498 0x0a00  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:20:36.0498 0x0a00  ============================================================
12:20:36.0498 0x0a00  \Device\Harddisk0\DR0:
12:20:36.0498 0x0a00  MBR partitions:
12:20:36.0498 0x0a00  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
12:20:36.0498 0x0a00  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xF5BC000
12:20:36.0498 0x0a00  ============================================================
12:20:36.0529 0x0a00  C: <-> \Device\Harddisk0\DR0\Partition1
12:20:36.0561 0x0a00  D: <-> \Device\Harddisk0\DR0\Partition2
12:20:36.0561 0x0a00  ============================================================
12:20:36.0561 0x0a00  Initialize success
12:20:36.0561 0x0a00  ============================================================
12:20:54.0641 0x1454  ============================================================
12:20:54.0641 0x1454  Scan started
12:20:54.0641 0x1454  Mode: Manual; SigCheck; TDLFS; 
12:20:54.0641 0x1454  ============================================================
12:20:54.0641 0x1454  KSN ping started
12:20:54.0766 0x1454  KSN ping finished: false
12:20:56.0326 0x1454  ================ Scan system memory ========================
12:20:56.0326 0x1454  System memory - ok
12:20:56.0326 0x1454  ================ Scan services =============================
12:20:56.0591 0x1454  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
12:20:56.0794 0x1454  1394ohci - ok
12:20:56.0887 0x1454  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\windows\system32\drivers\ACPI.sys
12:20:56.0950 0x1454  ACPI - ok
12:20:56.0981 0x1454  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
12:20:57.0059 0x1454  AcpiPmi - ok
12:20:57.0184 0x1454  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:20:57.0246 0x1454  AdobeFlashPlayerUpdateSvc - ok
12:20:57.0340 0x1454  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
12:20:57.0402 0x1454  adp94xx - ok
12:20:57.0449 0x1454  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
12:20:57.0527 0x1454  adpahci - ok
12:20:57.0558 0x1454  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
12:20:57.0621 0x1454  adpu320 - ok
12:20:57.0667 0x1454  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
12:20:57.0761 0x1454  AeLookupSvc - ok
12:20:57.0823 0x1454  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\windows\system32\drivers\afd.sys
12:20:57.0901 0x1454  AFD - ok
12:20:57.0948 0x1454  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\windows\system32\drivers\agp440.sys
12:20:57.0995 0x1454  agp440 - ok
12:20:58.0042 0x1454  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
12:20:58.0089 0x1454  aic78xx - ok
12:20:58.0151 0x1454  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\windows\System32\alg.exe
12:20:58.0229 0x1454  ALG - ok
12:20:58.0276 0x1454  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\windows\system32\drivers\aliide.sys
12:20:58.0307 0x1454  aliide - ok
12:20:58.0338 0x1454  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\windows\system32\drivers\amdagp.sys
12:20:58.0385 0x1454  amdagp - ok
12:20:58.0479 0x1454  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\windows\system32\drivers\amdide.sys
12:20:58.0557 0x1454  amdide - ok
12:20:58.0635 0x1454  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
12:20:58.0713 0x1454  AmdK8 - ok
12:20:58.0759 0x1454  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
12:20:58.0822 0x1454  AmdPPM - ok
12:20:58.0869 0x1454  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\windows\system32\drivers\amdsata.sys
12:20:58.0931 0x1454  amdsata - ok
12:20:58.0962 0x1454  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
12:20:59.0040 0x1454  amdsbs - ok
12:20:59.0071 0x1454  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
12:20:59.0134 0x1454  amdxata - ok
12:20:59.0196 0x1454  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\windows\system32\drivers\appid.sys
12:20:59.0243 0x1454  AppID - ok
12:20:59.0290 0x1454  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\windows\System32\appidsvc.dll
12:20:59.0337 0x1454  AppIDSvc - ok
12:20:59.0383 0x1454  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\windows\System32\appinfo.dll
12:20:59.0477 0x1454  Appinfo - ok
12:20:59.0524 0x1454  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\windows\system32\DRIVERS\arc.sys
12:20:59.0602 0x1454  arc - ok
12:20:59.0649 0x1454  archlp - ok
12:20:59.0680 0x1454  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
12:20:59.0742 0x1454  arcsas - ok
12:20:59.0883 0x1454  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:20:59.0961 0x1454  aspnet_state - ok
12:21:00.0007 0x1454  [ E67493490466B5F04B58C22D2590E8CA, 5E6B448A26FD735A962703FFB3C61D5A14A0B71CEFA999BA7879F5B05FD5FC73 ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
12:21:00.0070 0x1454  AsUpIO - ok
12:21:00.0132 0x1454  [ C4FB2613D3C75364BB159B9C23A00E7A, 945AD13620BBEFFC382EDC3B3337975D158C7EDB4E3782021FCBE3B49A8A1F57 ] AsusService     C:\Windows\System32\AsusService.exe
12:21:00.0195 0x1454  AsusService - detected UnsignedFile.Multi.Generic ( 1 )
12:21:00.0834 0x1454  AsusService ( UnsignedFile.Multi.Generic ) - warning
12:21:00.0834 0x1454  Force sending object to P2P due to detect: AsusService
12:21:00.0850 0x1454  Object send P2P result: false
12:21:00.0912 0x1454  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
12:21:01.0006 0x1454  AsyncMac - ok
12:21:01.0068 0x1454  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\windows\system32\drivers\atapi.sys
12:21:01.0115 0x1454  atapi - ok
12:21:01.0255 0x1454  [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr            C:\windows\system32\DRIVERS\athr.sys
12:21:01.0411 0x1454  athr - ok
12:21:01.0505 0x1454  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:21:01.0614 0x1454  AudioEndpointBuilder - ok
12:21:01.0661 0x1454  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\windows\System32\Audiosrv.dll
12:21:01.0770 0x1454  Audiosrv - ok
12:21:01.0833 0x1454  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\windows\System32\AxInstSV.dll
12:21:01.0895 0x1454  AxInstSV - ok
12:21:01.0957 0x1454  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
12:21:02.0051 0x1454  b06bdrv - ok
12:21:02.0113 0x1454  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
12:21:02.0191 0x1454  b57nd60x - ok
12:21:02.0254 0x1454  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\windows\System32\bdesvc.dll
12:21:02.0316 0x1454  BDESVC - ok
12:21:02.0332 0x1454  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\windows\system32\drivers\Beep.sys
12:21:02.0410 0x1454  Beep - ok
12:21:02.0503 0x1454  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\windows\System32\bfe.dll
12:21:02.0597 0x1454  BFE - ok
12:21:02.0691 0x1454  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\windows\System32\qmgr.dll
12:21:02.0940 0x1454  BITS - ok
12:21:02.0971 0x1454  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
12:21:03.0018 0x1454  blbdrive - ok
12:21:03.0065 0x1454  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
12:21:03.0143 0x1454  bowser - ok
12:21:03.0190 0x1454  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
12:21:03.0252 0x1454  BrFiltLo - ok
12:21:03.0283 0x1454  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
12:21:03.0361 0x1454  BrFiltUp - ok
12:21:03.0424 0x1454  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\windows\System32\browser.dll
12:21:03.0502 0x1454  Browser - ok
12:21:03.0549 0x1454  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\windows\System32\Drivers\Brserid.sys
12:21:03.0673 0x1454  Brserid - ok
12:21:03.0736 0x1454  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
12:21:03.0829 0x1454  BrSerWdm - ok
12:21:03.0861 0x1454  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
12:21:03.0907 0x1454  BrUsbMdm - ok
12:21:03.0923 0x1454  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
12:21:04.0001 0x1454  BrUsbSer - ok
12:21:04.0095 0x1454  [ 0E03E300CB28F30843F40069563CE2AD, 8D1E78A847B548F32E15573A39E403E6A65838C77628B9F9BFBDED527BAE9054 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
12:21:04.0157 0x1454  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:21:04.0157 0x1454  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
12:21:04.0157 0x1454  Force sending object to P2P due to detect: BrYNSvc
12:21:04.0173 0x1454  Object send P2P result: false
12:21:04.0219 0x1454  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
12:21:04.0282 0x1454  BthEnum - ok
12:21:04.0329 0x1454  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
12:21:04.0391 0x1454  BTHMODEM - ok
12:21:04.0422 0x1454  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
12:21:04.0485 0x1454  BthPan - ok
12:21:04.0547 0x1454  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
12:21:04.0625 0x1454  BTHPORT - ok
12:21:04.0687 0x1454  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\windows\system32\bthserv.dll
12:21:04.0781 0x1454  bthserv - ok
12:21:04.0812 0x1454  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
12:21:04.0875 0x1454  BTHUSB - ok
12:21:04.0906 0x1454  [ 92C5B845803F3662637EB691AC0B250F, FD5807316C548D858B48C91E2BCEAF61B6F5D4361ED0751BBF6AA66B00AF51D5 ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
12:21:04.0968 0x1454  btusbflt - ok
12:21:05.0015 0x1454  [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
12:21:05.0062 0x1454  btwaudio - ok
12:21:05.0093 0x1454  [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
12:21:05.0140 0x1454  btwavdt - ok
12:21:05.0249 0x1454  [ 13F2E3BF60FC1EB4E02912582C0B1E3E, 886B2D3F8C2A0C3A869D613AE81F9452184D911EBA62F47CE63D62A430BF1508 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:21:05.0343 0x1454  btwdins - ok
12:21:05.0389 0x1454  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
12:21:05.0421 0x1454  btwl2cap - ok
12:21:05.0452 0x1454  [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
12:21:05.0499 0x1454  btwrchid - ok
12:21:05.0545 0x1454  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
12:21:05.0655 0x1454  cdfs - ok
12:21:05.0733 0x1454  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
12:21:05.0811 0x1454  cdrom - ok
12:21:05.0873 0x1454  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\windows\System32\certprop.dll
12:21:05.0982 0x1454  CertPropSvc - ok
12:21:06.0029 0x1454  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
12:21:06.0091 0x1454  circlass - ok
12:21:06.0154 0x1454  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\windows\system32\CLFS.sys
12:21:06.0216 0x1454  CLFS - ok
12:21:06.0279 0x1454  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:21:06.0341 0x1454  clr_optimization_v2.0.50727_32 - ok
12:21:06.0403 0x1454  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:21:06.0497 0x1454  clr_optimization_v4.0.30319_32 - ok
12:21:06.0544 0x1454  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
12:21:06.0591 0x1454  CmBatt - ok
12:21:06.0637 0x1454  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\windows\system32\drivers\cmdide.sys
12:21:06.0684 0x1454  cmdide - ok
12:21:06.0762 0x1454  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\windows\system32\Drivers\cng.sys
12:21:06.0871 0x1454  CNG - ok
12:21:06.0887 0x1454  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
12:21:06.0934 0x1454  Compbatt - ok
12:21:06.0996 0x1454  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
12:21:07.0074 0x1454  CompositeBus - ok
12:21:07.0090 0x1454  COMSysApp - ok
12:21:07.0152 0x1454  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
12:21:07.0199 0x1454  crcdisk - ok
12:21:07.0277 0x1454  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\windows\system32\cryptsvc.dll
12:21:07.0339 0x1454  CryptSvc - ok
12:21:07.0417 0x1454  [ 7CAAF4AF453EF3582FEF65DD72CAA0AA, 4298235DE7B9F4702CC1A1155256D845F2F23EED20201A6CA946DC28C49EED76 ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
12:21:07.0495 0x1454  dc3d - ok
12:21:07.0573 0x1454  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\windows\system32\rpcss.dll
12:21:07.0729 0x1454  DcomLaunch - ok
12:21:07.0792 0x1454  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\windows\System32\defragsvc.dll
12:21:07.0917 0x1454  defragsvc - ok
12:21:07.0979 0x1454  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
12:21:08.0104 0x1454  DfsC - ok
12:21:08.0197 0x1454  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\windows\system32\dhcpcore.dll
12:21:08.0275 0x1454  Dhcp - ok
12:21:08.0416 0x1454  [ E95DE5B790B2D16706DAC8472E51F31A, 9D7A72742D369B9F0E4ACEC9C1850D0D60E975AEBEFF5BA06B954EA3AB3E9FF6 ] DiagTrack       C:\windows\system32\diagtrack.dll
12:21:08.0775 0x1454  DiagTrack - ok
12:21:08.0837 0x1454  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\windows\system32\drivers\discache.sys
12:21:08.0962 0x1454  discache - ok
12:21:09.0040 0x1454  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\windows\system32\DRIVERS\disk.sys
12:21:09.0087 0x1454  Disk - ok
12:21:09.0149 0x1454  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\windows\System32\dnsrslvr.dll
12:21:09.0243 0x1454  Dnscache - ok
12:21:09.0305 0x1454  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\windows\System32\dot3svc.dll
12:21:09.0461 0x1454  dot3svc - ok
12:21:09.0539 0x1454  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\windows\system32\dps.dll
12:21:09.0726 0x1454  DPS - ok
12:21:09.0789 0x1454  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
12:21:09.0898 0x1454  drmkaud - ok
12:21:09.0976 0x1454  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
12:21:10.0085 0x1454  DXGKrnl - ok
12:21:10.0225 0x1454  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\windows\System32\eapsvc.dll
12:21:10.0319 0x1454  EapHost - ok
12:21:10.0584 0x1454  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
12:21:10.0865 0x1454  ebdrv - ok
12:21:10.0927 0x1454  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] EFS             C:\windows\System32\lsass.exe
12:21:11.0021 0x1454  EFS - ok
12:21:11.0130 0x1454  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\windows\ehome\ehRecvr.exe
12:21:11.0224 0x1454  ehRecvr - ok
12:21:11.0271 0x1454  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\windows\ehome\ehsched.exe
12:21:11.0364 0x1454  ehSched - ok
12:21:11.0458 0x1454  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
12:21:11.0536 0x1454  elxstor - ok
12:21:11.0567 0x1454  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\windows\system32\drivers\errdev.sys
12:21:11.0629 0x1454  ErrDev - ok
12:21:11.0707 0x1454  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\windows\system32\es.dll
12:21:11.0848 0x1454  EventSystem - ok
12:21:11.0926 0x1454  [ 95BCB4321962028799EB2EA53319BB0C, 66DD8C10D4CE0DADAAF6F726374CE6AE178A6C8C7E372E5689CB8C7EA682080E ] ewusbnet        C:\windows\system32\DRIVERS\ewusbnet.sys
12:21:11.0988 0x1454  ewusbnet - ok
12:21:12.0035 0x1454  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev     C:\windows\system32\DRIVERS\ew_hwusbdev.sys
12:21:12.0097 0x1454  ew_hwusbdev - ok
12:21:12.0160 0x1454  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\windows\system32\drivers\exfat.sys
12:21:12.0269 0x1454  exfat - ok
12:21:12.0378 0x1454  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\windows\system32\drivers\fastfat.sys
12:21:12.0487 0x1454  fastfat - ok
12:21:12.0581 0x1454  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\windows\system32\fxssvc.exe
12:21:12.0659 0x1454  Fax - ok
12:21:12.0690 0x1454  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
12:21:12.0753 0x1454  fdc - ok
12:21:12.0784 0x1454  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\windows\system32\fdPHost.dll
12:21:12.0877 0x1454  fdPHost - ok
12:21:12.0909 0x1454  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\windows\system32\fdrespub.dll
12:21:13.0002 0x1454  FDResPub - ok
12:21:13.0018 0x1454  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
12:21:13.0065 0x1454  FileInfo - ok
12:21:13.0111 0x1454  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
12:21:13.0252 0x1454  Filetrace - ok
12:21:13.0267 0x1454  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
12:21:13.0330 0x1454  flpydisk - ok
12:21:13.0392 0x1454  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
12:21:13.0455 0x1454  FltMgr - ok
12:21:13.0579 0x1454  [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache       C:\windows\system32\FntCache.dll
12:21:13.0735 0x1454  FontCache - ok
12:21:13.0813 0x1454  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:21:13.0876 0x1454  FontCache3.0.0.0 - ok
12:21:13.0923 0x1454  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
12:21:13.0969 0x1454  FsDepends - ok
12:21:14.0016 0x1454  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
12:21:14.0063 0x1454  Fs_Rec - ok
12:21:14.0141 0x1454  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
12:21:14.0203 0x1454  fvevol - ok
12:21:14.0250 0x1454  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
12:21:14.0328 0x1454  gagp30kx - ok
12:21:14.0453 0x1454  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\windows\System32\gpsvc.dll
12:21:14.0593 0x1454  gpsvc - ok
12:21:14.0734 0x1454  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:21:14.0781 0x1454  gupdate - ok
12:21:14.0812 0x1454  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:21:14.0843 0x1454  gupdatem - ok
12:21:14.0890 0x1454  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:21:14.0937 0x1454  gusvc - ok
12:21:14.0983 0x1454  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
12:21:15.0046 0x1454  hcw85cir - ok
12:21:15.0124 0x1454  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:21:15.0186 0x1454  HdAudAddService - ok
12:21:15.0233 0x1454  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
12:21:15.0327 0x1454  HDAudBus - ok
12:21:15.0373 0x1454  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
12:21:15.0436 0x1454  HidBatt - ok
12:21:15.0498 0x1454  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
12:21:15.0592 0x1454  HidBth - ok
12:21:15.0623 0x1454  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
12:21:15.0685 0x1454  HidIr - ok
12:21:15.0732 0x1454  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\windows\system32\hidserv.dll
12:21:15.0841 0x1454  hidserv - ok
12:21:15.0904 0x1454  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
12:21:16.0013 0x1454  HidUsb - ok
12:21:16.0060 0x1454  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\windows\system32\kmsvc.dll
12:21:16.0169 0x1454  hkmsvc - ok
12:21:16.0216 0x1454  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:21:16.0294 0x1454  HomeGroupListener - ok
12:21:16.0356 0x1454  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:21:16.0419 0x1454  HomeGroupProvider - ok
12:21:16.0497 0x1454  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
12:21:16.0559 0x1454  HpSAMD - ok
12:21:16.0668 0x1454  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\windows\system32\drivers\HTTP.sys
12:21:16.0777 0x1454  HTTP - ok
12:21:16.0824 0x1454  [ BED3A9F86A637CC6C2C5296CD82423D8, 1D42C7131F477336C24A676D1B366713FF045169FE3815D9B5928EB2C2DD2ED9 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
12:21:16.0871 0x1454  huawei_enumerator - ok
12:21:16.0933 0x1454  [ A89423D0132C8AB69BA621B6CE191714, 6C3DD1B115411014F7B0B33817A53F09CCF4B2956C4C152AD59C4E24636BE79E ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
12:21:17.0011 0x1454  hwdatacard - ok
12:21:17.0074 0x1454  HWDeviceService.exe - ok
12:21:17.0121 0x1454  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
12:21:17.0152 0x1454  hwpolicy - ok
12:21:17.0230 0x1454  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
12:21:17.0277 0x1454  i8042prt - ok
12:21:17.0339 0x1454  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
12:21:17.0401 0x1454  iaStorV - ok
12:21:17.0511 0x1454  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:21:17.0651 0x1454  idsvc - ok
12:21:17.0729 0x1454  IEEtwCollectorService - ok
12:21:18.0181 0x1454  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
12:21:18.0665 0x1454  igfx - ok
12:21:18.0743 0x1454  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
12:21:18.0790 0x1454  iirsp - ok
12:21:18.0899 0x1454  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\windows\System32\ikeext.dll
12:21:19.0008 0x1454  IKEEXT - ok
12:21:19.0258 0x1454  [ DB96B8BD676BB24BD4F1DC53CA1F182C, 42E8A43E35520793A3A34BA6F70A631D629194C8C882EB62BBF296D9F731D6CD ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
12:21:19.0492 0x1454  IntcAzAudAddService - ok
12:21:19.0554 0x1454  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\windows\system32\drivers\intelide.sys
12:21:19.0601 0x1454  intelide - ok
12:21:19.0648 0x1454  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
12:21:19.0695 0x1454  intelppm - ok
12:21:19.0741 0x1454  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
12:21:19.0851 0x1454  IPBusEnum - ok
12:21:19.0882 0x1454  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
12:21:19.0991 0x1454  IpFilterDriver - ok
12:21:20.0069 0x1454  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
12:21:20.0209 0x1454  iphlpsvc - ok
12:21:20.0256 0x1454  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
12:21:20.0319 0x1454  IPMIDRV - ok
12:21:20.0365 0x1454  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
12:21:20.0506 0x1454  IPNAT - ok
12:21:20.0537 0x1454  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\windows\system32\drivers\irenum.sys
12:21:20.0599 0x1454  IRENUM - ok
12:21:20.0631 0x1454  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\windows\system32\drivers\isapnp.sys
12:21:20.0677 0x1454  isapnp - ok
12:21:20.0740 0x1454  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
12:21:20.0802 0x1454  iScsiPrt - ok
12:21:20.0833 0x1454  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
12:21:20.0896 0x1454  kbdclass - ok
12:21:20.0943 0x1454  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
12:21:21.0021 0x1454  kbdhid - ok
12:21:21.0083 0x1454  [ 3EB803312987FF44265C87CB960DF6AB, D6F44702F92089A0C847044A3933F7311D6A72C4647C3FECB35CDBF96A913A40 ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
12:21:21.0130 0x1454  kbfiltr - ok
12:21:21.0161 0x1454  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] KeyIso          C:\windows\system32\lsass.exe
12:21:21.0208 0x1454  KeyIso - ok
12:21:21.0270 0x1454  [ 6DD2A1064DD8AFBED22E71176E2AF59B, 915F36860DAA72DA89E906A7F6F255A854A2A91EEA536A7C2EDB4A63250F66CC ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
12:21:21.0317 0x1454  KSecDD - ok
12:21:21.0348 0x1454  [ 76C0D35167B1369C68388FEDB56A3048, 2788962AB21DBB0A4D130AE5F822E9FDB96D7FF6320E2798714BF18BCB9CAE4F ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
12:21:21.0411 0x1454  KSecPkg - ok
12:21:21.0473 0x1454  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\windows\system32\msdtckrm.dll
12:21:21.0613 0x1454  KtmRm - ok
12:21:21.0660 0x1454  [ A158CEA8644B8A5C1EC0E9A81B70F65A, 70B4726BFB652CB41F06F60AE2A780A521E7B783F0B38BE55E8A566A915929F5 ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
12:21:21.0707 0x1454  L1C - ok
12:21:21.0754 0x1454  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
12:21:21.0879 0x1454  LanmanServer - ok
12:21:21.0925 0x1454  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:21:22.0035 0x1454  LanmanWorkstation - ok
12:21:22.0097 0x1454  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
12:21:22.0206 0x1454  lltdio - ok
12:21:22.0253 0x1454  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\windows\System32\lltdsvc.dll
12:21:22.0378 0x1454  lltdsvc - ok
12:21:22.0409 0x1454  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\windows\System32\lmhsvc.dll
12:21:22.0518 0x1454  lmhosts - ok
12:21:22.0581 0x1454  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
12:21:22.0627 0x1454  LSI_FC - ok
12:21:22.0674 0x1454  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
12:21:22.0721 0x1454  LSI_SAS - ok
12:21:22.0768 0x1454  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
12:21:22.0815 0x1454  LSI_SAS2 - ok
12:21:22.0846 0x1454  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
12:21:22.0893 0x1454  LSI_SCSI - ok
12:21:22.0939 0x1454  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\windows\system32\drivers\luafv.sys
12:21:23.0033 0x1454  luafv - ok
12:21:23.0095 0x1454  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
12:21:23.0173 0x1454  Mcx2Svc - ok
12:21:23.0205 0x1454  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
12:21:23.0267 0x1454  megasas - ok
12:21:23.0345 0x1454  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
12:21:23.0392 0x1454  MegaSR - ok
12:21:23.0439 0x1454  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\windows\system32\mmcss.dll
12:21:23.0517 0x1454  MMCSS - ok
12:21:23.0641 0x1454  [ 38106C7BD34EAE89D2769AC0BA2E846B, 8A33C138C84ED3E6C9408BB66FDEA65E35DD3600AF3ED2C967B8C3D5D54EC3C4 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
12:21:23.0673 0x1454  Mobile Partner. RunOuc - detected UnsignedFile.Multi.Generic ( 1 )
12:21:23.0673 0x1454  Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - warning
12:21:23.0704 0x1454  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\windows\system32\drivers\modem.sys
12:21:23.0813 0x1454  Modem - ok
12:21:23.0875 0x1454  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
12:21:23.0938 0x1454  monitor - ok
12:21:23.0985 0x1454  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
12:21:24.0031 0x1454  mouclass - ok
12:21:24.0078 0x1454  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
12:21:24.0141 0x1454  mouhid - ok
12:21:24.0187 0x1454  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
12:21:24.0234 0x1454  mountmgr - ok
12:21:24.0328 0x1454  [ F112DA773EC3E9D3CDE9221ED300E033, 693C416B281DA3489C096812D0E4E0413C05798D36AF534624C3B29551CE68A4 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
12:21:24.0421 0x1454  MpFilter - ok
12:21:24.0468 0x1454  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\windows\system32\drivers\mpio.sys
12:21:24.0515 0x1454  mpio - ok
12:21:24.0640 0x1454  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl3ad6a2cd   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FE1A0C9-7005-49CB-82E0-081ADF70EBD9}\MpKsl3ad6a2cd.sys
12:21:24.0702 0x1454  MpKsl3ad6a2cd - ok
12:21:24.0765 0x1454  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
12:21:24.0874 0x1454  mpsdrv - ok
12:21:24.0983 0x1454  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\windows\system32\mpssvc.dll
12:21:25.0139 0x1454  MpsSvc - ok
12:21:25.0201 0x1454  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
12:21:25.0279 0x1454  MRxDAV - ok
12:21:25.0342 0x1454  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
12:21:25.0404 0x1454  mrxsmb - ok
12:21:25.0467 0x1454  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
12:21:25.0545 0x1454  mrxsmb10 - ok
12:21:25.0576 0x1454  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
12:21:25.0623 0x1454  mrxsmb20 - ok
12:21:25.0669 0x1454  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\windows\system32\drivers\msahci.sys
12:21:25.0732 0x1454  msahci - ok
12:21:25.0779 0x1454  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\windows\system32\drivers\msdsm.sys
12:21:25.0841 0x1454  msdsm - ok
12:21:25.0888 0x1454  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\windows\System32\msdtc.exe
12:21:25.0950 0x1454  MSDTC - ok
12:21:26.0013 0x1454  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\windows\system32\drivers\Msfs.sys
12:21:26.0091 0x1454  Msfs - ok
12:21:26.0106 0x1454  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
12:21:26.0200 0x1454  mshidkmdf - ok
12:21:26.0231 0x1454  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
12:21:26.0262 0x1454  msisadrv - ok
12:21:26.0340 0x1454  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\windows\system32\iscsiexe.dll
12:21:26.0449 0x1454  MSiSCSI - ok
12:21:26.0481 0x1454  msiserver - ok
12:21:26.0543 0x1454  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
12:21:26.0668 0x1454  MSKSSRV - ok
12:21:26.0761 0x1454  [ CC09BB7FDEFC5763CCB3CF7DAE2D76CF, F8F00900EDBA2F64BF136DD0B6C83CAF07C72F24F3D49C78B7EA24757FDBC6D0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:21:26.0824 0x1454  MsMpSvc - ok
12:21:26.0855 0x1454  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
12:21:26.0964 0x1454  MSPCLOCK - ok
12:21:27.0011 0x1454  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
12:21:27.0105 0x1454  MSPQM - ok
12:21:27.0151 0x1454  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
12:21:27.0198 0x1454  MsRPC - ok
12:21:27.0245 0x1454  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
12:21:27.0323 0x1454  mssmbios - ok
12:21:27.0370 0x1454  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
12:21:27.0448 0x1454  MSTEE - ok
12:21:27.0479 0x1454  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
12:21:27.0526 0x1454  MTConfig - ok
12:21:27.0557 0x1454  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\windows\system32\Drivers\mup.sys
12:21:27.0604 0x1454  Mup - ok
12:21:27.0682 0x1454  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\windows\system32\qagentRT.dll
12:21:27.0853 0x1454  napagent - ok
12:21:27.0931 0x1454  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
12:21:28.0009 0x1454  NativeWifiP - ok
12:21:28.0119 0x1454  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\windows\system32\drivers\ndis.sys
12:21:28.0212 0x1454  NDIS - ok
12:21:28.0243 0x1454  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
12:21:28.0337 0x1454  NdisCap - ok
12:21:28.0384 0x1454  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
12:21:28.0462 0x1454  NdisTapi - ok
12:21:28.0524 0x1454  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
12:21:28.0602 0x1454  Ndisuio - ok
12:21:28.0665 0x1454  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
12:21:28.0774 0x1454  NdisWan - ok
12:21:28.0899 0x1454  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
12:21:29.0008 0x1454  NDProxy - ok
12:21:29.0039 0x1454  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
12:21:29.0164 0x1454  NetBIOS - ok
12:21:29.0226 0x1454  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
12:21:29.0335 0x1454  NetBT - ok
12:21:29.0351 0x1454  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] Netlogon        C:\windows\system32\lsass.exe
12:21:29.0429 0x1454  Netlogon - ok
12:21:29.0491 0x1454  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\windows\System32\netman.dll
12:21:29.0616 0x1454  Netman - ok
12:21:29.0694 0x1454  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:21:29.0788 0x1454  NetMsmqActivator - ok
12:21:29.0803 0x1454  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:21:29.0881 0x1454  NetPipeActivator - ok
12:21:29.0959 0x1454  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\windows\System32\netprofm.dll
12:21:30.0100 0x1454  netprofm - ok
12:21:30.0193 0x1454  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:21:30.0240 0x1454  NetTcpActivator - ok
12:21:30.0256 0x1454  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:21:30.0318 0x1454  NetTcpPortSharing - ok
12:21:30.0365 0x1454  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
12:21:30.0412 0x1454  nfrd960 - ok
12:21:30.0474 0x1454  [ 780FF28BCD8470C5FDDEEF69982AA295, 1ED386E87E0AA733F23D554D2BF4EF4168DB9A419B7BA0BA8FBA20F118BE21DF ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
12:21:30.0537 0x1454  NisDrv - ok
12:21:30.0599 0x1454  [ 3FF257F54649D4F19E39263C5D581CD1, 1F201EEE770A452AA30C6270AAA456A77F9F3A102F473E12C22D3B8809932C1B ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
12:21:30.0661 0x1454  NisSrv - ok
12:21:30.0724 0x1454  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\windows\System32\nlasvc.dll
12:21:30.0817 0x1454  NlaSvc - ok
12:21:30.0849 0x1454  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\windows\system32\drivers\Npfs.sys
12:21:30.0958 0x1454  Npfs - ok
12:21:30.0989 0x1454  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\windows\system32\nsisvc.dll
12:21:31.0161 0x1454  nsi - ok
12:21:31.0207 0x1454  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
12:21:31.0301 0x1454  nsiproxy - ok
12:21:31.0441 0x1454  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
12:21:31.0613 0x1454  Ntfs - ok
12:21:31.0675 0x1454  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\windows\system32\drivers\Null.sys
12:21:31.0769 0x1454  Null - ok
12:21:31.0847 0x1454  [ 79E97CDAE5449A59A4798FC5B006C58F, 332274595439CFCD497CACEF38FDEA57C27FE44E48D768B17FE940AF511141F2 ] NVHDA           C:\windows\system32\drivers\nvhda32v.sys
12:21:31.0894 0x1454  NVHDA - ok
12:21:32.0783 0x1454  [ 747AB0334B95E5CF91B7CF63F9005530, 0F0BEF9B2D1CC8DEBCA681370532C664D114FC6F93D83EAE79B694EC4D5699C4 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
12:21:33.0906 0x1454  nvlddmkm - ok
12:21:34.0015 0x1454  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\windows\system32\drivers\nvraid.sys
12:21:34.0062 0x1454  nvraid - ok
12:21:34.0109 0x1454  [ F13618F0CB1E95232F4C2401592A59E9, 119C8075536D4C3602754E680574B0E18C813E9FE5555B2B854F3A6E768C22D0 ] nvsmu           C:\windows\system32\DRIVERS\nvsmu.sys
12:21:34.0171 0x1454  nvsmu - ok
12:21:34.0218 0x1454  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
12:21:34.0281 0x1454  nvstor - ok
12:21:34.0327 0x1454  [ E724B9B2BA640652C6FA0BDF502A1F72, F6BB1FAE0852D75FF02F50EE8F60193EC1647FB61F3EDD17D024936B671B8089 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:21:34.0405 0x1454  nvsvc - ok
12:21:34.0437 0x1454  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
12:21:34.0483 0x1454  nv_agp - ok
12:21:34.0608 0x1454  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:21:34.0686 0x1454  odserv - ok
12:21:34.0717 0x1454  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
12:21:34.0780 0x1454  ohci1394 - ok
12:21:34.0842 0x1454  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:21:34.0889 0x1454  ose - ok
12:21:34.0936 0x1454  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
12:21:35.0029 0x1454  p2pimsvc - ok
12:21:35.0076 0x1454  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\windows\system32\p2psvc.dll
12:21:35.0154 0x1454  p2psvc - ok
12:21:35.0201 0x1454  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\windows\system32\DRIVERS\parport.sys
12:21:35.0248 0x1454  Parport - ok
12:21:35.0310 0x1454  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\windows\system32\drivers\partmgr.sys
12:21:35.0357 0x1454  partmgr - ok
12:21:35.0388 0x1454  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
12:21:35.0451 0x1454  Parvdm - ok
12:21:35.0529 0x1454  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\windows\System32\pcasvc.dll
12:21:35.0638 0x1454  PcaSvc - ok
12:21:35.0700 0x1454  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\windows\system32\drivers\pci.sys
12:21:35.0747 0x1454  pci - ok
12:21:35.0794 0x1454  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\windows\system32\drivers\pciide.sys
12:21:35.0841 0x1454  pciide - ok
12:21:35.0903 0x1454  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
12:21:35.0965 0x1454  pcmcia - ok
12:21:35.0981 0x1454  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\windows\system32\drivers\pcw.sys
12:21:36.0043 0x1454  pcw - ok
12:21:36.0153 0x1454  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
12:21:36.0246 0x1454  PEAUTH - ok
12:21:36.0511 0x1454  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\windows\system32\pla.dll
12:21:36.0761 0x1454  pla - ok
12:21:36.0839 0x1454  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\windows\system32\umpnpmgr.dll
12:21:36.0933 0x1454  PlugPlay - ok
12:21:36.0964 0x1454  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
12:21:37.0026 0x1454  PNRPAutoReg - ok
12:21:37.0073 0x1454  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
12:21:37.0151 0x1454  PNRPsvc - ok
12:21:37.0229 0x1454  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
12:21:37.0354 0x1454  PolicyAgent - ok
12:21:37.0432 0x1454  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\windows\system32\umpo.dll
12:21:37.0572 0x1454  Power - ok
12:21:37.0681 0x1454  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
12:21:37.0806 0x1454  PptpMiniport - ok
12:21:37.0837 0x1454  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\windows\system32\DRIVERS\processr.sys
12:21:37.0900 0x1454  Processor - ok
12:21:38.0025 0x1454  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\windows\system32\profsvc.dll
12:21:38.0118 0x1454  ProfSvc - ok
12:21:38.0149 0x1454  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] ProtectedStorage C:\windows\system32\lsass.exe
12:21:38.0212 0x1454  ProtectedStorage - ok
12:21:38.0259 0x1454  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
12:21:38.0383 0x1454  Psched - ok
12:21:38.0524 0x1454  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
12:21:38.0680 0x1454  ql2300 - ok
12:21:38.0820 0x1454  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
12:21:38.0883 0x1454  ql40xx - ok
12:21:38.0929 0x1454  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\windows\system32\qwave.dll
12:21:39.0007 0x1454  QWAVE - ok
12:21:39.0039 0x1454  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
12:21:39.0101 0x1454  QWAVEdrv - ok
12:21:39.0132 0x1454  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
12:21:39.0226 0x1454  RasAcd - ok
12:21:39.0288 0x1454  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
12:21:39.0382 0x1454  RasAgileVpn - ok
12:21:39.0444 0x1454  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\windows\System32\rasauto.dll
12:21:39.0553 0x1454  RasAuto - ok
12:21:39.0600 0x1454  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
12:21:39.0709 0x1454  Rasl2tp - ok
12:21:39.0787 0x1454  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\windows\System32\rasmans.dll
12:21:39.0959 0x1454  RasMan - ok
12:21:40.0006 0x1454  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
12:21:40.0084 0x1454  RasPppoe - ok
12:21:40.0131 0x1454  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
12:21:40.0224 0x1454  RasSstp - ok
12:21:40.0271 0x1454  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
12:21:40.0411 0x1454  rdbss - ok
12:21:40.0458 0x1454  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
12:21:40.0521 0x1454  rdpbus - ok
12:21:40.0552 0x1454  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
12:21:40.0661 0x1454  RDPCDD - ok
12:21:40.0708 0x1454  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
12:21:40.0801 0x1454  RDPENCDD - ok
12:21:40.0848 0x1454  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
12:21:40.0973 0x1454  RDPREFMP - ok
12:21:41.0176 0x1454  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
12:21:41.0254 0x1454  RdpVideoMiniport - ok
12:21:41.0285 0x1454  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
12:21:41.0363 0x1454  RDPWD - ok
12:21:41.0441 0x1454  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
12:21:41.0488 0x1454  rdyboost - ok
12:21:41.0519 0x1454  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\windows\System32\mprdim.dll
12:21:41.0644 0x1454  RemoteAccess - ok
12:21:41.0691 0x1454  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\windows\system32\regsvc.dll
12:21:41.0815 0x1454  RemoteRegistry - ok
12:21:41.0878 0x1454  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
12:21:41.0956 0x1454  RFCOMM - ok
12:21:42.0003 0x1454  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
12:21:42.0143 0x1454  RpcEptMapper - ok
12:21:42.0174 0x1454  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\windows\system32\locator.exe
12:21:42.0252 0x1454  RpcLocator - ok
12:21:42.0315 0x1454  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\windows\system32\rpcss.dll
12:21:42.0455 0x1454  RpcSs - ok
12:21:42.0502 0x1454  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
12:21:42.0611 0x1454  rspndr - ok
12:21:42.0751 0x1454  [ 44B7739F2D623AD6FB46755BB60351A4, A11C60BC9DFB212A3F40ED881A361207AFC38BE99276BA7B7FD01B94D2FF9936 ] rtl8192se       C:\windows\system32\DRIVERS\rtl8192se.sys
12:21:42.0876 0x1454  rtl8192se - ok
12:21:42.0907 0x1454  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] SamSs           C:\windows\system32\lsass.exe
12:21:42.0970 0x1454  SamSs - ok
12:21:43.0032 0x1454  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
12:21:43.0079 0x1454  sbp2port - ok
12:21:43.0141 0x1454  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\windows\System32\SCardSvr.dll
12:21:43.0282 0x1454  SCardSvr - ok
12:21:43.0313 0x1454  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
12:21:43.0407 0x1454  scfilter - ok
12:21:43.0516 0x1454  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\windows\system32\schedsvc.dll
12:21:43.0656 0x1454  Schedule - ok
12:21:43.0703 0x1454  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\windows\System32\certprop.dll
12:21:43.0812 0x1454  SCPolicySvc - ok
12:21:43.0843 0x1454  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\windows\System32\SDRSVC.dll
12:21:43.0921 0x1454  SDRSVC - ok
12:21:44.0031 0x1454  [ 4A5809A1D796E2675AC0332BF7B0CB11, 7EEEC85A397F04A9460DC37A070D115E19114D9A3E5D9D7E8021F60A7986C8C1 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:21:44.0124 0x1454  SeaPort - ok
12:21:44.0171 0x1454  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\windows\system32\drivers\secdrv.sys
12:21:44.0265 0x1454  secdrv - ok
12:21:44.0389 0x1454  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\windows\system32\seclogon.dll
12:21:44.0499 0x1454  seclogon - ok
12:21:44.0545 0x1454  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\windows\System32\sens.dll
12:21:44.0670 0x1454  SENS - ok
12:21:44.0764 0x1454  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\windows\system32\sensrsvc.dll
12:21:44.0857 0x1454  SensrSvc - ok
12:21:44.0904 0x1454  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
12:21:44.0967 0x1454  Serenum - ok
12:21:44.0998 0x1454  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\windows\system32\DRIVERS\serial.sys
12:21:45.0060 0x1454  Serial - ok
12:21:45.0107 0x1454  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
12:21:45.0169 0x1454  sermouse - ok
12:21:45.0247 0x1454  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\windows\system32\sessenv.dll
12:21:45.0372 0x1454  SessionEnv - ok
12:21:45.0435 0x1454  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
12:21:45.0481 0x1454  sffdisk - ok
12:21:45.0513 0x1454  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
12:21:45.0575 0x1454  sffp_mmc - ok
12:21:45.0591 0x1454  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
12:21:45.0653 0x1454  sffp_sd - ok
12:21:45.0700 0x1454  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
12:21:45.0747 0x1454  sfloppy - ok
12:21:45.0809 0x1454  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\windows\System32\ipnathlp.dll
12:21:45.0918 0x1454  SharedAccess - ok
12:21:45.0996 0x1454  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:21:46.0121 0x1454  ShellHWDetection - ok
12:21:46.0152 0x1454  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\windows\system32\drivers\sisagp.sys
12:21:46.0215 0x1454  sisagp - ok
12:21:46.0277 0x1454  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
12:21:46.0324 0x1454  SiSRaid2 - ok
12:21:46.0355 0x1454  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
12:21:46.0402 0x1454  SiSRaid4 - ok
12:21:46.0527 0x1454  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:21:46.0605 0x1454  SkypeUpdate - ok
12:21:46.0667 0x1454  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\windows\system32\DRIVERS\smb.sys
12:21:46.0792 0x1454  Smb - ok
12:21:46.0870 0x1454  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
12:21:46.0948 0x1454  SNMPTRAP - ok
12:21:46.0963 0x1454  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\windows\system32\drivers\spldr.sys
12:21:47.0010 0x1454  spldr - ok
12:21:47.0073 0x1454  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\windows\System32\spoolsv.exe
12:21:47.0197 0x1454  Spooler - ok
12:21:47.0478 0x1454  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\windows\system32\sppsvc.exe
12:21:47.0899 0x1454  sppsvc - ok
12:21:47.0977 0x1454  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\windows\system32\sppuinotify.dll
12:21:48.0102 0x1454  sppuinotify - ok
12:21:48.0211 0x1454  [ 0022CFFF1A41E5CE3A764050A7DDF22A, A5B3DE389043E60A677CF807F19EDFE2B07A849E83BA23E89E05AE85B43AECAE ] sptd            C:\windows\System32\Drivers\sptd.sys
12:21:48.0305 0x1454  sptd - ok
12:21:48.0383 0x1454  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\windows\system32\DRIVERS\srv.sys
12:21:48.0461 0x1454  srv - ok
12:21:48.0508 0x1454  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
12:21:48.0586 0x1454  srv2 - ok
12:21:48.0633 0x1454  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
12:21:48.0711 0x1454  srvnet - ok
12:21:48.0789 0x1454  [ 48F44A1BE434830B7C90FB730745F65A, 0D055575DD4258F7D83DEF032C890FC3170B00D77278DAEE08E78D439B8FF3E2 ] ssadbus         C:\windows\system32\DRIVERS\ssadbus.sys
12:21:48.0898 0x1454  ssadbus - ok
12:21:48.0929 0x1454  [ 9630B486B62CC0ADB0A89152ED0218D7, 793D523ED510905FB83D12F41134F6E001652B4FD8BF5E19358AEF24233F4E27 ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys
12:21:48.0991 0x1454  ssadmdfl - ok
12:21:49.0038 0x1454  [ 9AFAA23421622C392B55508FA9613949, D77F8938C89F495580BAB2BA690AE5C20FEEB60DA78381DE28259AD28E2D3AAC ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys
12:21:49.0116 0x1454  ssadmdm - ok
12:21:49.0147 0x1454  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
12:21:49.0272 0x1454  SSDPSRV - ok
12:21:49.0319 0x1454  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\windows\system32\sstpsvc.dll
12:21:49.0428 0x1454  SstpSvc - ok
12:21:49.0491 0x1454  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
12:21:49.0537 0x1454  stexstor - ok
12:21:49.0615 0x1454  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\windows\System32\wiaservc.dll
12:21:49.0725 0x1454  StiSvc - ok
12:21:49.0803 0x1454  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\windows\system32\drivers\swenum.sys
12:21:49.0849 0x1454  swenum - ok
12:21:49.0912 0x1454  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\windows\System32\swprv.dll
12:21:50.0021 0x1454  swprv - ok
12:21:50.0099 0x1454  [ 8BD10DC8809DC69A1C5A795CB10ADD76, 92ED1BC580DC2BE539296D69775368C974FBB0145A5114BA250261E49E073960 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
12:21:50.0161 0x1454  SynTP - ok
12:21:50.0302 0x1454  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\windows\system32\sysmain.dll
12:21:50.0489 0x1454  SysMain - ok
12:21:50.0598 0x1454  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\windows\System32\TabSvc.dll
12:21:50.0676 0x1454  TabletInputService - ok
12:21:50.0739 0x1454  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\windows\System32\tapisrv.dll
12:21:50.0863 0x1454  TapiSrv - ok
12:21:50.0926 0x1454  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\windows\System32\tbssvc.dll
12:21:51.0066 0x1454  TBS - ok
12:21:51.0222 0x1454  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
12:21:51.0363 0x1454  Tcpip - ok
12:21:51.0487 0x1454  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
12:21:51.0628 0x1454  TCPIP6 - ok
12:21:51.0721 0x1454  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
12:21:51.0768 0x1454  tcpipreg - ok
12:21:51.0815 0x1454  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
12:21:51.0893 0x1454  TDPIPE - ok
12:21:51.0940 0x1454  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
12:21:51.0987 0x1454  TDTCP - ok
12:21:52.0033 0x1454  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\windows\system32\DRIVERS\tdx.sys
12:21:52.0111 0x1454  tdx - ok
12:21:52.0143 0x1454  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\windows\system32\drivers\termdd.sys
12:21:52.0189 0x1454  TermDD - ok
12:21:52.0252 0x1454  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\windows\System32\termsrv.dll
12:21:52.0392 0x1454  TermService - ok
12:21:52.0423 0x1454  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\windows\system32\themeservice.dll
12:21:52.0501 0x1454  Themes - ok
12:21:52.0533 0x1454  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\windows\system32\mmcss.dll
12:21:52.0657 0x1454  THREADORDER - ok
12:21:52.0704 0x1454  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\windows\System32\trkwks.dll
12:21:52.0813 0x1454  TrkWks - ok
12:21:52.0907 0x1454  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:21:53.0047 0x1454  TrustedInstaller - ok
12:21:53.0110 0x1454  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
12:21:53.0172 0x1454  tssecsrv - ok
12:21:53.0235 0x1454  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
12:21:53.0297 0x1454  TsUsbFlt - ok
12:21:53.0375 0x1454  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
12:21:53.0469 0x1454  tunnel - ok
12:21:53.0515 0x1454  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
12:21:53.0578 0x1454  uagp35 - ok
12:21:53.0640 0x1454  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
12:21:53.0749 0x1454  udfs - ok
12:21:53.0812 0x1454  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\windows\system32\UI0Detect.exe
12:21:53.0890 0x1454  UI0Detect - ok
12:21:53.0952 0x1454  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
12:21:53.0999 0x1454  uliagpkx - ok
12:21:54.0046 0x1454  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\windows\system32\drivers\umbus.sys
12:21:54.0093 0x1454  umbus - ok
12:21:54.0139 0x1454  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
12:21:54.0186 0x1454  UmPass - ok
12:21:54.0264 0x1454  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\windows\System32\upnphost.dll
12:21:54.0389 0x1454  upnphost - ok
12:21:54.0451 0x1454  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
12:21:54.0514 0x1454  usbccgp - ok
12:21:54.0561 0x1454  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\windows\system32\drivers\usbcir.sys
12:21:54.0654 0x1454  usbcir - ok
12:21:54.0701 0x1454  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
12:21:54.0763 0x1454  usbehci - ok
12:21:54.0810 0x1454  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
12:21:54.0873 0x1454  usbhub - ok
12:21:54.0919 0x1454  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
12:21:54.0982 0x1454  usbohci - ok
12:21:55.0029 0x1454  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
12:21:55.0075 0x1454  usbprint - ok
12:21:55.0153 0x1454  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\windows\system32\drivers\usbscan.sys
12:21:55.0231 0x1454  usbscan - ok
12:21:55.0263 0x1454  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
12:21:55.0325 0x1454  USBSTOR - ok
12:21:55.0419 0x1454  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
12:21:55.0481 0x1454  usbuhci - ok
12:21:55.0559 0x1454  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
12:21:55.0606 0x1454  usbvideo - ok
12:21:55.0668 0x1454  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\windows\System32\uxsms.dll
12:21:55.0777 0x1454  UxSms - ok
12:21:55.0809 0x1454  [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] VaultSvc        C:\windows\system32\lsass.exe
12:21:55.0871 0x1454  VaultSvc - ok
12:21:55.0902 0x1454  VBoxNetFlt - ok
12:21:55.0949 0x1454  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone          C:\windows\system32\DRIVERS\VClone.sys
12:21:56.0011 0x1454  VClone - ok
12:21:56.0043 0x1454  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
12:21:56.0089 0x1454  vdrvroot - ok
12:21:56.0167 0x1454  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\windows\System32\vds.exe
12:21:56.0277 0x1454  vds - ok
12:21:56.0323 0x1454  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
12:21:56.0386 0x1454  vga - ok
12:21:56.0417 0x1454  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\windows\System32\drivers\vga.sys
12:21:56.0557 0x1454  VgaSave - ok
12:21:56.0604 0x1454  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
12:21:56.0667 0x1454  vhdmp - ok
12:21:56.0713 0x1454  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\windows\system32\drivers\viaagp.sys
12:21:56.0776 0x1454  viaagp - ok
12:21:56.0807 0x1454  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
12:21:56.0869 0x1454  ViaC7 - ok
12:21:56.0932 0x1454  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\windows\system32\drivers\viaide.sys
12:21:56.0979 0x1454  viaide - ok
12:21:57.0025 0x1454  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\windows\system32\drivers\volmgr.sys
12:21:57.0072 0x1454  volmgr - ok
12:21:57.0150 0x1454  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
12:21:57.0213 0x1454  volmgrx - ok
12:21:57.0259 0x1454  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\windows\system32\drivers\volsnap.sys
12:21:57.0337 0x1454  volsnap - ok
12:21:57.0400 0x1454  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
12:21:57.0447 0x1454  vsmraid - ok
12:21:57.0603 0x1454  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\windows\system32\vssvc.exe
12:21:57.0821 0x1454  VSS - ok
12:21:57.0868 0x1454  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
12:21:57.0946 0x1454  vwifibus - ok
12:21:57.0993 0x1454  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
12:21:58.0071 0x1454  vwififlt - ok
12:21:58.0117 0x1454  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
12:21:58.0164 0x1454  vwifimp - ok
12:21:58.0227 0x1454  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\windows\system32\w32time.dll
12:21:58.0351 0x1454  W32Time - ok
12:21:58.0398 0x1454  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
12:21:58.0445 0x1454  WacomPen - ok
12:21:58.0492 0x1454  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
12:21:58.0570 0x1454  WANARP - ok
12:21:58.0601 0x1454  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
12:21:58.0710 0x1454  Wanarpv6 - ok
12:21:58.0866 0x1454  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
12:21:59.0053 0x1454  WatAdminSvc - ok
12:21:59.0163 0x1454  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\windows\system32\wbengine.exe
12:21:59.0334 0x1454  wbengine - ok
12:21:59.0397 0x1454  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
12:21:59.0506 0x1454  WbioSrvc - ok
12:21:59.0568 0x1454  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\windows\System32\wcncsvc.dll
12:21:59.0662 0x1454  wcncsvc - ok
12:21:59.0693 0x1454  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:21:59.0771 0x1454  WcsPlugInService - ok
12:21:59.0833 0x1454  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\windows\system32\DRIVERS\wd.sys
12:21:59.0880 0x1454  Wd - ok
12:21:59.0974 0x1454  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
12:22:00.0067 0x1454  Wdf01000 - ok
12:22:00.0114 0x1454  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\windows\system32\wdi.dll
12:22:00.0208 0x1454  WdiServiceHost - ok
12:22:00.0223 0x1454  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\windows\system32\wdi.dll
12:22:00.0286 0x1454  WdiSystemHost - ok
12:22:00.0348 0x1454  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\windows\System32\webclnt.dll
12:22:00.0442 0x1454  WebClient - ok
12:22:00.0504 0x1454  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\windows\system32\wecsvc.dll
12:22:00.0613 0x1454  Wecsvc - ok
12:22:00.0629 0x1454  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\windows\System32\wercplsupport.dll
12:22:00.0738 0x1454  wercplsupport - ok
12:22:00.0785 0x1454  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\windows\System32\WerSvc.dll
12:22:00.0910 0x1454  WerSvc - ok
12:22:00.0957 0x1454  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
12:22:01.0081 0x1454  WfpLwf - ok
12:22:01.0144 0x1454  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\windows\system32\drivers\wimmount.sys
12:22:01.0191 0x1454  WIMMount - ok
12:22:01.0315 0x1454  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:22:01.0440 0x1454  WinDefend - ok
12:22:01.0503 0x1454  WinHttpAutoProxySvc - ok
12:22:01.0612 0x1454  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
12:22:01.0705 0x1454  Winmgmt - ok
12:22:01.0830 0x1454  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\windows\system32\WsmSvc.dll
12:22:02.0033 0x1454  WinRM - ok
12:22:02.0189 0x1454  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
12:22:02.0251 0x1454  WinUsb - ok
12:22:02.0345 0x1454  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\windows\System32\wlansvc.dll
12:22:02.0470 0x1454  Wlansvc - ok
12:22:02.0595 0x1454  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
12:22:02.0641 0x1454  WmiAcpi - ok
12:22:02.0704 0x1454  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
12:22:02.0751 0x1454  wmiApSrv - ok
12:22:02.0922 0x1454  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:22:03.0125 0x1454  WMPNetworkSvc - ok
12:22:03.0187 0x1454  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\windows\System32\wpcsvc.dll
12:22:03.0265 0x1454  WPCSvc - ok
12:22:03.0312 0x1454  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
12:22:03.0375 0x1454  WPDBusEnum - ok
12:22:03.0421 0x1454  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
12:22:03.0531 0x1454  ws2ifsl - ok
12:22:03.0562 0x1454  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\windows\System32\wscsvc.dll
12:22:03.0655 0x1454  wscsvc - ok
12:22:03.0687 0x1454  WSearch - ok
12:22:03.0921 0x1454  [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv        C:\windows\system32\wuaueng.dll
12:22:04.0217 0x1454  wuauserv - ok
12:22:04.0295 0x1454  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
12:22:04.0357 0x1454  WudfPf - ok
12:22:04.0435 0x1454  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\windows\system32\drivers\WUDFRd.sys
12:22:04.0482 0x1454  WUDFRd - ok
12:22:04.0529 0x1454  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
12:22:04.0607 0x1454  wudfsvc - ok
12:22:04.0669 0x1454  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\windows\System32\wwansvc.dll
12:22:04.0747 0x1454  WwanSvc - ok
12:22:04.0872 0x1454  ================ Scan global ===============================
12:22:04.0935 0x1454  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\windows\system32\basesrv.dll
12:22:04.0981 0x1454  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
12:22:05.0028 0x1454  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\windows\system32\winsrv.dll
12:22:05.0091 0x1454  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\windows\system32\sxssrv.dll
12:22:05.0169 0x1454  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\windows\system32\services.exe
12:22:05.0184 0x1454  [ Global ] - ok
12:22:05.0200 0x1454  ================ Scan MBR ==================================
12:22:05.0200 0x1454  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:22:05.0668 0x1454  \Device\Harddisk0\DR0 - ok
12:22:05.0668 0x1454  ================ Scan VBR ==================================
12:22:05.0683 0x1454  [ 9A1D5FAD3A36E5A840A4870DFAD36A31 ] \Device\Harddisk0\DR0\Partition1
12:22:05.0683 0x1454  \Device\Harddisk0\DR0\Partition1 - ok
12:22:05.0699 0x1454  [ 5F96C63F5B99AFD0E831DA788B779498 ] \Device\Harddisk0\DR0\Partition2
12:22:05.0699 0x1454  \Device\Harddisk0\DR0\Partition2 - ok
12:22:05.0715 0x1454  ================ Scan generic autorun ======================
12:22:05.0917 0x1454  [ 778B2333591E9D28063D491456DA18BE, B6EE1FDE2CC137C075E2AA5A588C9356F79690525B0587A97D63127768247717 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
12:22:06.0073 0x1454  SynTPEnh - ok
12:22:06.0089 0x1454  SuperHybridEngine - ok
12:22:06.0339 0x1454  [ ABF1DD9EE48F545B40B7C05C117B410A, EEDF1FD6228A48C8C13C7B753579438C7A2D939FF6DEB4B5D0363BD0C8271953 ] C:\Windows\AsScrPro.exe
12:22:06.0604 0x1454  ASUS Screen Saver Protector - ok
12:22:06.0666 0x1454  [ 822E6029CE5B3EBF31016860E81E2415, BE31A7F6A1F4601A8FC9E6C87C1762849829CA2ABBE1BE5B41E945648C662EC1 ] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
12:22:06.0697 0x1454  SynAsusAcpi - ok
12:22:06.0713 0x1454  HotkeyMon - ok
12:22:06.0729 0x1454  HotkeyService - ok
12:22:07.0306 0x1454  [ 93190A2F166DB15FF8A9D7C260F2806F, 1FD555DE9690C9176BA1BCBE97893C01FA03425244E376FC83A72BAAA2A5AB07 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
12:22:08.0008 0x1454  RtHDVCpl - ok
12:22:08.0164 0x1454  [ 931C846D34DF28C6B158281710FCB8A7, 05A0DB0D9412214139C2E46354C79EE09B7BFB1733E0AB1EEE614422B3FB765E ] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe
12:22:08.0211 0x1454  OOBESetup - detected UnsignedFile.Multi.Generic ( 1 )
12:22:08.0211 0x1454  OOBESetup ( UnsignedFile.Multi.Generic ) - warning
12:22:08.0304 0x1454  [ 20DE1CDD37A5D3D4177B8D9FEF907D81, F6CE80984852595A677C92B8C555F9B0D398BAE36768E0D6FC7F8C7211D962D2 ] C:\Program Files\Microsoft Security Client\msseces.exe
12:22:08.0429 0x1454  MSC - ok
12:22:08.0897 0x1454  [ F5281FA7188154C928ED27911B0BA6FD, 6CBF1F4E0D04986EF60A42A8A826FDB9681370EB30DB37958716FBB717757DEA ] C:\Program Files\Browny02\Brother\BrStMonW.exe
12:22:09.0349 0x1454  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
12:22:09.0349 0x1454  BrStsMon00 ( UnsignedFile.Multi.Generic ) - warning
12:22:09.0521 0x1454  [ 9DEF1B844FF294FE5900711764F82B72, 155BC2F63E395D4A20073329044A9D6AB13CCC6CA14DF63B43DE34C5F5ED035F ] C:\Program Files\BrownyInd\Brother\BrIndicator.exe
12:22:09.0708 0x1454  BrStsInd00 - detected UnsignedFile.Multi.Generic ( 1 )
12:22:09.0708 0x1454  BrStsInd00 ( UnsignedFile.Multi.Generic ) - warning
12:22:09.0989 0x1454  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:22:10.0145 0x1454  Sidebar - ok
12:22:10.0192 0x1454  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:22:10.0254 0x1454  mctadmin - ok
12:22:10.0348 0x1454  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:22:10.0488 0x1454  Sidebar - ok
12:22:10.0519 0x1454  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:22:10.0597 0x1454  mctadmin - ok
12:22:10.0707 0x1454  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe
12:22:10.0753 0x1454  Google Update - ok
12:22:10.0785 0x1454  Skype - ok
12:22:10.0847 0x1454  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
12:22:10.0894 0x1454  Win FW state via NFP2: enabled
12:22:10.0909 0x1454  ============================================================
12:22:10.0909 0x1454  Scan finished
12:22:10.0909 0x1454  ============================================================
12:22:11.0019 0x1040  Detected object count: 6
12:22:11.0019 0x1040  Actual detected object count: 6
12:22:56.0633 0x1040  AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:56.0633 0x1040  AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:22:56.0633 0x1040  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:56.0633 0x1040  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:22:56.0649 0x1040  Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:56.0649 0x1040  Mobile Partner. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:22:56.0649 0x1040  OOBESetup ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:56.0649 0x1040  OOBESetup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:22:56.0664 0x1040  BrStsMon00 ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:56.0664 0x1040  BrStsMon00 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:22:56.0664 0x1040  BrStsInd00 ( UnsignedFile.Multi.Generic ) - skipped by user
12:22:56.0664 0x1040  BrStsInd00 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 04 June 2015 - 09:51 AM

Hi,
bist Du deutsch?

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 04 June 2015 - 01:15 PM

Hallo,

 

ja bin ich. Soll ich auf deutsch weiterschreiben?

 

Additional information:

 

After running ComboFix I re-enabled the real time check of Microsoft Security Essentials and noticed an entry in the history tab under quarantined elements, which for some reason previously wasn't there. It says:

 

"Trojan:Win32/Peals.E!plock" 03.06.2015 21:50

Quarantined file original path: C:\Users\[redacted]\AppData\Local\Temp\1E74~.exe

 

So the same "temp"-directory of the four "new" trojan executables mentioned in the opening post, but not one of them.

Yesterday I did briefly see a "popup" which looked like it could be from MSE. It said something has been blocked and no further action was necessary.

This was at the same time I noticed the new trojan processes and where I cut of internet access again.

Afterwards I immediately checked the MSE history tab but there was no entry, so I had assumed it to have been displayed by the trojan e.g. as start of a scareware scheme.

 

ComboFix 15-05-31.01 - [redacted] 04.06.2015  19:08:35.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.1791.924 [GMT 2:00]
ausgeführt von:: d:\cleanup\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-04 bis 2015-06-04  ))))))))))))))))))))))))))))))
.
.
2015-06-04 17:24 . 2015-06-04 17:24 -------- d-----w- c:\users\[redacted]\AppData\Local\temp
2015-06-04 17:24 . 2015-06-04 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-03 18:22 . 2015-06-03 21:30 -------- d-----w- C:\FRST
2015-06-03 02:10 . 2015-06-03 02:10 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FE1A0C9-7005-49CB-82E0-081ADF70EBD9}\MpKsl3ad6a2cd.sys
2015-06-02 20:47 . 2015-06-02 20:47 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FE1A0C9-7005-49CB-82E0-081ADF70EBD9}\offreg.868.dll
2015-06-02 20:39 . 2015-03-23 09:40 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA2B266-E9F2-4E94-AF6A-987E0E3D3360}\gapaengine.dll
2015-06-02 20:38 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FE1A0C9-7005-49CB-82E0-081ADF70EBD9}\mpengine.dll
2015-06-01 19:54 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-25 16:33 . 2015-03-23 09:40 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E399D754-914F-48C0-A0E9-680C52AD81FE}\gapaengine.dll
2015-05-22 16:52 . 2015-03-23 09:40 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D21D46A-875B-42CE-A9A3-DD927612FEEB}\gapaengine.dll
2015-05-13 17:33 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:16 . 2015-03-14 03:04 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-05-13 16:16 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-05-13 16:10 . 2015-04-21 16:16 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-05-13 16:09 . 2015-04-13 03:19 259072 ----a-w- c:\windows\system32\services.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 19:00 . 2012-04-25 16:48 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-13 19:00 . 2011-05-23 07:23 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-25 03:00 . 2015-04-15 09:02 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 09:02 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 09:02 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 09:02 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 09:02 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 09:02 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 09:02 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 09:02 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 09:02 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 09:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 09:02 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 09:40 . 2011-03-26 18:00 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-23 03:06 . 2015-04-15 09:04 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 09:04 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 09:04 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 09:04 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 09:04 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 09:04 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:06 . 2015-04-15 09:04 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 02:59 . 2015-04-15 09:04 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08 . 2015-04-15 09:01 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 09:01 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-03-25 31682144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-10-09 3058304]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-12-27 4509184]
"BrStsInd00"="c:\program files\BrownyInd\Brother\BrIndicator.exe" [2012-12-18 1885184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-09-29 10:28 7744032 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-09 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-07-09 208896]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-29 284504]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [2012-07-09 218624]
R4 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 MpKsl3ad6a2cd;MpKsl3ad6a2cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FE1A0C9-7005-49CB-82E0-081ADF70EBD9}\MpKsl3ad6a2cd.sys [2015-06-03 39464]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2012-10-26 282112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-09 72576]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 57099190
*NewlyCreated* - MPKSL3AD6A2CD
*Deregistered* - 57099190
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ   DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 19:00]
.
2015-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-26 16:17]
.
2015-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-26 16:17]
.
2015-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000Core.job
- c:\users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-08 18:00]
.
2015-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000UA.job
- c:\users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-08 18:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:Tabs
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 151.236.6.6 185.27.253.92 8.8.4.4
TCP: Interfaces\{5610F468-7A0D-4F35-BCCA-E1D451108895}: NameServer = 194.48.128.199 194.48.139.254
TCP: Interfaces\{7E37382C-138F-480D-9A6B-4A373DF31482}: NameServer = 194.48.128.199 194.48.139.254
TCP: Interfaces\{C0AA2026-861E-4563-8947-C3ACA4CC288E}: NameServer = 194.24.128.100 81.3.216.100
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,
   26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98
"{4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE}"=hex:51,66,7a,6c,4c,1d,38,12,ca,ea,0b,
   4a,81,db,e5,0a,d1,2d,e8,34,7d,80,d6,fa
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:20,c9,9f,ef,bf,a2,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,60,9c,c3,8e,7c,42,47,86,18,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,60,9c,c3,8e,7c,42,47,86,18,f2,\
.
[HKEY_USERS\S-1-5-21-2114684848-714399144-433452792-1000\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-04  19:29:00
ComboFix-quarantined-files.txt  2015-06-04 17:28
.
Vor Suchlauf: 10 Verzeichnis(se), 39.280.201.728 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 39.851.671.552 Bytes frei
.
- - End Of File - - F9826B840CA66BED049A065E7E6583A0
A36C5E4F47E84449FF07ED3517B43A31
 


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 04 June 2015 - 01:22 PM

Nö, kannst schon weiter auf Englisch schreiben.
Ist klar, dass mit dem PC Onlinebanking etc. erstmal tabu ist. Zudem solltest auch wichtig Online-Passwörter von einem anderen PC
ändern.

 

 

ausgeführt von:: d:\cleanup\ComboFix.exe

 

Bitte Anweisungen befolgen. :)

 

Next steps are:

 

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png

  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

 

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 04 June 2015 - 03:46 PM

Ja, das mit Online Banking und Passwörtern ist klar. PC wurde seit Infektion nicht benutzt. Die wichtigsten Passwörter wurden schon von einem anderem PC aus geändert.

"save it to your Desktop". Ooops. Das Detail habe ich unabsichtlich nicht befolgt.

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 04.06.2015
Scan Time: 21:10:45
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.28.05
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: [redacted]
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323235
Time Elapsed: 48 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
--
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by [redacted] (administrator) on [redacted] on 04-06-2015 22:11:17
Running from C:\Users\[redacted]\Downloads
Loaded Profiles: [redacted] (Available Profiles: [redacted])
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Sysinternals - www.sysinternals.com) C:\Users\[redacted]\Desktop\procexp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2009-10-10] (ASUS)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] => C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [338096 2009-09-30] (ASUSTeK Computer Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsInd00] => C:\Program Files\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012-10-05] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2114684848-714399144-433452792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> DefaultScope {0CD67DF9-31DE-42EC-9058-729F49A8A774} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> 98503FA3310340BA8FFFC240C77C3079 URL = http://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> {0CD67DF9-31DE-42EC-9058-729F49A8A774} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072313&q={searchTerms}&src=IE-SearchBox
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 151.236.6.6 185.27.253.92 8.8.4.4
Tcpip\..\Interfaces\{5610F468-7A0D-4F35-BCCA-E1D451108895}: [NameServer] 194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{7E37382C-138F-480D-9A6B-4A373DF31482}: [NameServer] 194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{C0AA2026-861E-4563-8947-C3ACA4CC288E}: [NameServer] 194.24.128.100 81.3.216.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2114684848-714399144-433452792-1000: @tools.google.com/Google Update;version=3 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2114684848-714399144-433452792-1000: @tools.google.com/Google Update;version=9 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-26]
CHR Extension: (Bookmark Manager) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [218624 2012-07-09] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [477240 2012-10-05] (Duplex Secure Ltd.)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 archlp; system32\drivers\archlp.sys [X]
U3 catchme; \??\C:\Users\[redacted]\AppData\Local\Temp\catchme.sys [X]
S4 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 21:05 - 2015-06-04 21:10 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 21:05 - 2015-06-04 21:05 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 21:05 - 2015-06-04 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 21:04 - 2015-06-04 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-04 21:04 - 2015-06-04 21:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-04 21:04 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-04 21:04 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-04 21:04 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-04 19:29 - 2015-06-04 19:29 - 00016112 _____ C:\ComboFix.txt
2015-06-04 19:04 - 2015-06-04 19:29 - 00000000 ____D C:\Qoobox
2015-06-04 19:04 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-04 19:04 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-04 19:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-04 19:03 - 2015-06-04 19:26 - 00000000 ____D C:\windows\erdnt
2015-06-03 20:22 - 2015-06-04 22:11 - 00000000 ____D C:\FRST
2015-05-13 19:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:16 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-13 18:16 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-13 18:13 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 18:13 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 18:13 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 18:13 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:13 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 18:13 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 18:13 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 18:13 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 18:13 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 18:13 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 18:13 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 18:13 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 18:13 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 18:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 18:13 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 18:13 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 18:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 18:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 18:10 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 18:10 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 18:10 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 18:10 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 18:10 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 18:10 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 18:10 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 18:10 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 18:10 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 18:10 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 18:10 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 18:10 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 18:10 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 18:10 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 18:10 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 18:10 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 18:10 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 18:10 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 18:10 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 18:10 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 18:10 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 18:10 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 18:10 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 18:10 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 18:10 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 18:10 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 18:10 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 18:10 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 18:10 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 18:10 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 18:10 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 18:10 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 18:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 18:09 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 18:09 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 18:09 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 18:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 22:12 - 2014-06-10 18:37 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 21:53 - 2014-12-26 18:18 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 21:04 - 2009-07-26 23:56 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-04 19:29 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-06-04 19:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-06-04 19:24 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2015-06-04 11:18 - 2010-12-08 20:39 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000Core.job
2015-06-04 06:52 - 2014-12-26 18:18 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 06:47 - 2010-04-08 14:32 - 01476921 _____ C:\windows\WindowsUpdate.log
2015-06-03 12:25 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2015-06-01 10:15 - 2010-05-12 10:16 - 00000000 ____D C:\Users\[redacted]\AppData\Roaming\Canon
2015-05-31 21:59 - 2015-03-06 22:13 - 00001978 _____ C:\windows\setupact.log
2015-05-28 22:27 - 2010-04-08 09:58 - 00000000 ____D C:\Users\[redacted]\AppData\Roaming\Skype
2015-05-25 18:21 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 18:21 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 18:14 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-05-19 11:13 - 2010-12-08 20:39 - 00001116 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000UA.job
2015-05-13 21:00 - 2014-10-16 16:56 - 00000000 ____D C:\Users\[redacted]\AppData\Local\Adobe
2015-05-13 21:00 - 2012-04-25 18:48 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-13 21:00 - 2011-05-23 09:23 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-13 20:14 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 20:12 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-05-13 19:45 - 2011-06-16 13:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 19:45 - 2009-07-14 06:33 - 00782504 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-13 19:42 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2015-05-13 19:42 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-13 19:36 - 2012-05-01 13:12 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:36 - 2010-12-31 18:33 - 00002155 _____ C:\windows\epplauncher.mif
2015-05-13 19:35 - 2010-12-31 18:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-13 19:33 - 2009-10-10 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 19:27 - 2013-08-16 09:38 - 00000000 ____D C:\windows\system32\MRT
2015-05-13 19:11 - 2010-04-08 12:12 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 19:02 - 2011-06-16 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:16 - 2011-09-10 20:44 - 00000000 ____D C:\ProgramData\tmp
 
==================== Files in the root of some directories =======
 
2010-12-25 14:06 - 2014-11-30 01:35 - 0009728 _____ () C:\Users\[redacted]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-08 00:18 - 2010-11-09 20:26 - 0007633 _____ () C:\Users\[redacted]\AppData\Local\Resmon.ResmonCfg
2010-04-10 11:57 - 2010-04-10 11:57 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2009-10-10 00:54 - 2009-08-18 18:09 - 0131368 _____ () C:\ProgramData\FullRemove.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 12:18
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by [redacted] at 2015-06-04 22:13:35
Running from C:\Users\[redacted]\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2114684848-714399144-433452792-500 - Administrator - Disabled)
Gast (S-1-5-21-2114684848-714399144-433452792-501 - Limited - Disabled)
[redacted] (S-1-5-21-2114684848-714399144-433452792-1000 - Administrator - Enabled) => C:\Users\[redacted]
HomeGroupUser$ (S-1-5-21-2114684848-714399144-433452792-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
ArcSoft TotalMedia Theatre 3 (HKLM\...\{67F04A32-38FA-4F77-AEDA-1EBA551605EC}) (Version: 3.0.18.153 - ArcSoft)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.170 - Ecareme, Inc.)
ASUS_EeePC1201N_Screensaver_DE (HKLM\...\ASUS_EeePC1201N_Screensaver_DE) (Version:  - )
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.04 - ASUSTeK Computer Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Digital Zoom Control (HKLM\...\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}) (Version: 1.0.6 - ASUS)
Eee Docking 3.3.0 (HKLM\...\Eee Docking_is1) (Version: 3.3.0 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0004 - ASUS)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
FontResizer (HKLM\...\{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}) (Version: 1.01.0007 - ASUS)
Google Chrome (HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HL-1110 series (HKLM\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.15 - AsusTek Computer)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
ISO Recorder (HKLM\...\{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}) (Version: 3.0.0 - Alex Feinman)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.19 - Asus)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.003.28.00.152 - Huawei Technologies Co.,Ltd)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9716 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OOBERegBackup (HKLM\...\OOBERegBackup_is1) (Version:  - ASUSTeK Computer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0130 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.1.11053_66 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.1.11053_66 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1800 - SRS Labs, Inc.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.09 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{17FE9752-0B5A-4665-84CD-569794602F5C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{1FAE2D88-A78E-4F03-909F-BE818A3C1CE6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7ZipPortable\App\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{3D1975AF-48C6-4F8E-A182-BE0E08FA86A9}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{591209C7-767B-42B2-9FBA-44EE4615F2C7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\[redacted]\AppData\Local\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{603D3801-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> C:\windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{6B9228DA-9C15-419E-856C-19E768A13BDC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{7B4A83B6-F704-4B77-8E3D-C6087E3A21D2}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{A70C977A-BF00-412C-90B7-034C51DA2439}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{B1B96B20-DA1D-4A3C-92C1-7229B32F2325}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{CDC82860-468D-4D4E-B7E7-C298FF23AB2C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{ECF03A32-103D-11D2-854D-006008059367}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{F46316E4-FB1B-46EB-AEDF-9520BFBB916A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{FE25455D-B4C2-4E32-97D2-92632EC1C224}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2114684848-714399144-433452792-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No Filepath
 
==================== Restore Points =========================
 
13-05-2015 20:13:38 Windows Update
03-06-2015 12:25:06 Geplanter Prüfpunkt
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2015-06-04 19:24 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03912C4C-49E5-496F-83F2-0BB497A9AFE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-26] (Google Inc.)
Task: {11B506A5-FCDA-491E-9863-6058A8D6DAB7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2F614507-8F71-410B-8553-F1E42BECB0CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {55E9D9CE-1CB8-4F4F-AB15-16E28E32AA61} - System32\Tasks\{223AF888-631C-4631-8145-BE80E4BE1CDA} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?page=tsMain
Task: {677D372E-B57F-430E-A231-D108F39D8096} - System32\Tasks\{5662EB6A-22C1-405E-BFC3-ACDE13D97BCA} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?page=tsMain
Task: {82FE989D-B726-4353-8B78-259BFE87D186} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8314B680-F7A8-4C05-A488-F80FD6083467} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000UA => C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {8888B924-F0DD-4BAF-9CC0-EBB10816A981} - System32\Tasks\{2806F27F-DE92-4926-8E28-F28817A65513} => Iexplore.exe http://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {A08CC2FA-1508-43BF-A50A-07E5F8A4121C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000Core => C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A5CCFE66-95BE-4825-B226-FAE84C777829} - System32\Tasks\{69C69605-35DD-479C-B9A7-096EFA1CE7BA} => pcalua.exe -a C:\Users\[redacted]\Desktop\irfanview_plugins_425_setup.exe -d C:\Users\[redacted]\Desktop
Task: {A6649760-D160-471A-99B7-D1191937401F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
Task: {D41F93B4-0ADB-43EF-A88C-697AB5774B9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-26] (Google Inc.)
Task: {DD476A30-3ED0-40FF-9D3F-76761B3E79AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000Core.job => C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000UA.job => C:\Users\[redacted]\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-05-06 21:35 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\[redacted]\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EF9E804B-81E9-475C-B637-D0301F1654DD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8C1BC132-FB75-4694-9509-0B1E3B8ECF7A}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{C8FDA32D-6F08-4BA3-8473-2BD2C9BDE83B}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{58ECB1F7-9D15-4DB7-9725-90978FA3B193}D:\portables\java\bin\java.exe] => (Block) D:\portables\java\bin\java.exe
FirewallRules: [UDP Query User{BA0F7BC3-09EE-4C63-8A8F-DD4431461E4E}D:\portables\java\bin\java.exe] => (Block) D:\portables\java\bin\java.exe
FirewallRules: [{3911649E-AD8D-4C0D-A387-E77A9650AD68}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{286B232D-DA13-408B-A27D-7FDD38580496}C:\users\[redacted]\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\[redacted]\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E64757CD-7EB6-43CC-9D8B-5C7BD1B1C503}C:\users\[redacted]\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\[redacted]\appdata\roaming\dropbox\bin\dropbox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/03/2015 09:28:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17728 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 17a4
 
Startzeit: 01d085d6df9dca20
 
Endzeit: 0
 
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
 
Berichts-ID:
 
Error: (04/20/2015 07:31:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 554
 
Startzeit: 01d0784d62bc60c0
 
Endzeit: 1903
 
Anwendungspfad: C:\windows\Explorer.EXE
 
Berichts-ID: fc389991-e782-11e4-8818-e0cb4e65b827
 
Error: (04/16/2015 08:13:12 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
 
Kontext:  Anwendung, SystemIndex Katalog
 
Error: (04/14/2015 04:25:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wmplayer.exe, Version 12.0.7601.18741 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 17d8
 
Startzeit: 01d076bdd2782ca0
 
Endzeit: 110
 
Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe
 
Berichts-ID: 139b5301-e2b2-11e4-bb90-e0cb4e65b827
 
Error: (04/13/2015 07:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wmplayer.exe, Version 12.0.7601.18741 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 7f0
 
Startzeit: 01d0760e1e110520
 
Endzeit: 160
 
Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe
 
Berichts-ID: d0c01761-e201-11e4-bb90-e0cb4e65b827
 
Error: (03/21/2015 00:04:19 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
 
Error: (03/13/2015 07:56:33 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
 
Kontext:  Anwendung, SystemIndex Katalog
 
Error: (02/11/2015 11:12:47 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
 
Kontext:  Anwendung, SystemIndex Katalog
 
Error: (12/10/2014 01:51:15 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
 
Kontext:  Anwendung, SystemIndex Katalog
 
 
System errors:
=============
Error: (06/04/2015 09:03:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error: (06/04/2015 09:03:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error: (06/04/2015 09:03:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error: (06/04/2015 07:41:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (06/04/2015 07:40:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
 
Error: (06/04/2015 07:40:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
 
Error: (06/04/2015 07:40:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
 
Error: (06/04/2015 07:24:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error: (06/04/2015 07:15:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error: (06/04/2015 07:08:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
Microsoft Office:
=========================
Error: (11/02/2014 02:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 315742 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error: (06/16/2014 00:03:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5756 seconds with 4080 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU 330 @ 1.60GHz
Percentage of memory in use: 39%
Total physical RAM: 1791.18 MB
Available physical RAM: 1092.16 MB
Total Pagefile: 3591.88 MB
Available Pagefile: 2470.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:37.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:119.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A973691C)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=122.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
 
==================== End of log ============================

 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 05 June 2015 - 01:05 PM

Sieht ja schon gut aus. Letzter Test:

 

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:


settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.


esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 05 June 2015 - 03:50 PM

Übrigens wurde der PC noch nicht neugestartet seit der Infektion.
Sollte ich das mal tun?
 
Hier das ESET log:
 
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=init
# utc_time=2015-06-05 06:55:15
# local_time=2015-06-05 08:55:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24194
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=updated
# utc_time=2015-06-05 06:57:17
# local_time=2015-06-05 08:57:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# engine=24194
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-05 08:17:20
# local_time=2015-06-05 10:17:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1996919 127716644 0 0
# scanned=136859
# found=1
# cleaned=0
# scan_time=4802
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Emotet.AD trojan" ac=I fn="${Memory}"


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 05 June 2015 - 03:52 PM

PC bitte mal neustarten und nach dem Reboot einen neuen FRST-Scan:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 05 June 2015 - 04:51 PM

Addition.txt wurde auch wieder mit generiert, kann ich noch posten falls gewünscht.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by [redacted] (administrator) on [redacted] on 05-06-2015 23:22:36
Running from C:\Users\[redacted]\Downloads
Loaded Profiles: [redacted] (Available Profiles: [redacted])
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Brother Industries, Ltd.) C:\Program Files\BrownyInd\Brother\BrIndicator.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Sysinternals - www.sysinternals.com) C:\Users\[redacted]\Desktop\procexp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2009-10-10] (ASUS)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] => C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [338096 2009-09-30] (ASUSTeK Computer Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsInd00] => C:\Program Files\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKU\S-1-5-21-2114684848-714399144-433452792-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012-10-05] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2114684848-714399144-433452792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2114684848-714399144-433452792-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> DefaultScope {0CD67DF9-31DE-42EC-9058-729F49A8A774} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> 98503FA3310340BA8FFFC240C77C3079 URL = http://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> {0CD67DF9-31DE-42EC-9058-729F49A8A774} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072313&q={searchTerms}&src=IE-SearchBox
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{5610F468-7A0D-4F35-BCCA-E1D451108895}: [NameServer] 194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{7E37382C-138F-480D-9A6B-4A373DF31482}: [NameServer] 194.48.128.199 194.48.139.254
Tcpip\..\Interfaces\{C0AA2026-861E-4563-8947-C3ACA4CC288E}: [NameServer] 194.24.128.100 81.3.216.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2114684848-714399144-433452792-1000: @tools.google.com/Google Update;version=3 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2114684848-714399144-433452792-1000: @tools.google.com/Google Update;version=9 -> C:\Users\[redacted]\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-26]
CHR Extension: (Bookmark Manager) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\[redacted]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [218624 2012-07-09] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
S3 eapihdrv; C:\Users\[redacted]\AppData\Local\Temp\ehdrv.sys [135760 2015-06-05] (ESET)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [477240 2012-10-05] (Duplex Secure Ltd.)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 archlp; system32\drivers\archlp.sys [X]
S3 catchme; \??\C:\Users\[redacted]\AppData\Local\Temp\catchme.sys [X]
S4 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-05 23:22 - 2015-06-05 23:23 - 00011327 _____ C:\Users\[redacted]\Downloads\FRST.txt
2015-06-05 23:13 - 2015-06-05 23:12 - 01147392 _____ (Farbar) C:\Users\[redacted]\Downloads\FRST.exe
2015-06-05 20:54 - 2015-06-05 20:54 - 00000000 ____D C:\Program Files\ESET
2015-06-05 20:50 - 2015-06-05 20:34 - 02870984 _____ (ESET) C:\Users\[redacted]\Desktop\esetsmartinstaller_enu.exe
2015-06-04 21:05 - 2015-06-05 23:16 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 21:05 - 2015-06-04 21:05 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 21:05 - 2015-06-04 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 21:04 - 2015-06-04 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-04 21:04 - 2015-06-04 21:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-04 21:04 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-04 21:04 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-04 21:04 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-04 19:29 - 2015-06-04 19:29 - 00016112 _____ C:\ComboFix.txt
2015-06-04 19:04 - 2015-06-04 19:29 - 00000000 ____D C:\Qoobox
2015-06-04 19:04 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-04 19:04 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-04 19:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-04 19:04 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-04 19:03 - 2015-06-04 19:26 - 00000000 ____D C:\windows\erdnt
2015-06-03 20:22 - 2015-06-05 23:22 - 00000000 ____D C:\FRST
2015-05-13 19:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:16 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-13 18:16 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-13 18:13 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 18:13 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 18:13 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 18:13 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:13 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 18:13 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 18:13 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 18:13 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 18:13 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 18:13 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 18:13 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 18:13 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 18:13 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 18:13 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 18:13 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 18:13 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 18:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 18:13 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 18:13 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 18:13 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 18:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 18:10 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 18:10 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 18:10 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 18:10 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 18:10 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 18:10 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 18:10 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 18:10 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 18:10 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 18:10 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 18:10 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 18:10 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 18:10 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 18:10 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 18:10 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 18:10 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 18:10 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 18:10 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 18:10 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 18:10 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 18:10 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 18:10 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 18:10 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 18:10 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 18:10 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 18:10 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 18:10 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 18:10 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 18:10 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 18:10 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 18:10 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 18:10 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 18:10 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 18:10 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 18:09 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 18:09 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 18:09 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 18:09 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-05 23:23 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 23:23 - 2009-07-14 06:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 23:20 - 2009-07-26 23:56 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-05 23:19 - 2010-04-08 14:32 - 01488727 _____ C:\windows\WindowsUpdate.log
2015-06-05 23:18 - 2010-04-08 09:58 - 00000000 ____D C:\Users\[redacted]\AppData\Roaming\Skype
2015-06-05 23:15 - 2015-03-06 22:13 - 00002034 _____ C:\windows\setupact.log
2015-06-05 23:15 - 2014-12-26 18:18 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 23:15 - 2009-10-10 00:55 - 00101794 _____ C:\windows\PFRO.log
2015-06-05 23:15 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-05 23:13 - 2010-12-08 20:39 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000Core.job
2015-06-05 23:12 - 2014-06-10 18:37 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 22:52 - 2014-12-26 18:18 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 19:29 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-06-04 19:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-06-04 19:24 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2015-06-03 12:25 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2015-06-01 10:15 - 2010-05-12 10:16 - 00000000 ____D C:\Users\[redacted]\AppData\Roaming\Canon
2015-05-19 11:13 - 2010-12-08 20:39 - 00001116 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114684848-714399144-433452792-1000UA.job
2015-05-13 21:00 - 2014-10-16 16:56 - 00000000 ____D C:\Users\[redacted]\AppData\Local\Adobe
2015-05-13 21:00 - 2012-04-25 18:48 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-13 21:00 - 2011-05-23 09:23 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-13 20:14 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 20:12 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2015-05-13 19:45 - 2011-06-16 13:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 19:45 - 2009-07-14 06:33 - 00782504 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-13 19:42 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2015-05-13 19:42 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-13 19:36 - 2012-05-01 13:12 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 19:36 - 2010-12-31 18:33 - 00002155 _____ C:\windows\epplauncher.mif
2015-05-13 19:35 - 2010-12-31 18:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-13 19:33 - 2009-10-10 00:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 19:27 - 2013-08-16 09:38 - 00000000 ____D C:\windows\system32\MRT
2015-05-13 19:11 - 2010-04-08 12:12 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 19:02 - 2011-06-16 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:16 - 2011-09-10 20:44 - 00000000 ____D C:\ProgramData\tmp
 
==================== Files in the root of some directories =======
 
2010-12-25 14:06 - 2014-11-30 01:35 - 0009728 _____ () C:\Users\[redacted]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-08 00:18 - 2010-11-09 20:26 - 0007633 _____ () C:\Users\[redacted]\AppData\Local\Resmon.ResmonCfg
2010-04-10 11:57 - 2010-04-10 11:57 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2009-10-10 00:54 - 2009-08-18 18:09 - 0131368 _____ () C:\ProgramData\FullRemove.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 12:18
 
==================== End of log ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 05 June 2015 - 04:58 PM

Starte ESET bitte nochmal, ändere die Sucheinstellungen und wähle nur Arbeitsspeicher aus.
Poste bitte das Log.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 05 June 2015 - 05:11 PM

Hab ich gemacht. Hat nichts gefunden. Logfile ist glaub ich das von vorhin + ein paar Zeile hintendran

 

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=init
# utc_time=2015-06-05 06:55:15
# local_time=2015-06-05 08:55:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24194
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=updated
# utc_time=2015-06-05 06:57:17
# local_time=2015-06-05 08:57:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# engine=24194
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-05 08:17:20
# local_time=2015-06-05 10:17:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1996919 127716644 0 0
# scanned=136859
# found=1
# cleaned=0
# scan_time=4802
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Emotet.AD trojan" ac=I fn="${Memory}"
Update Init
Update Download
Update Finalize
Updated modules version: 24197


#14 mastu

mastu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 05 June 2015 - 05:18 PM

Da mich das mit dem Logfile gewundert hat, hab ich ESET nochmal mit den von dir gewünschten Einstellungen (nur Arbeitsspeicher) ausgeführt. Wieder kein Fund, aber dieses Mal schaut das Logfile wie erwartet aus.

 

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=init
# utc_time=2015-06-05 06:55:15
# local_time=2015-06-05 08:55:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24194
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=updated
# utc_time=2015-06-05 06:57:17
# local_time=2015-06-05 08:57:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# engine=24194
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-05 08:17:20
# local_time=2015-06-05 10:17:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1996919 127716644 0 0
# scanned=136859
# found=1
# cleaned=0
# scan_time=4802
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Emotet.AD trojan" ac=I fn="${Memory}"
Update Init
Update Download
Update Finalize
Updated modules version: 24197
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=init
# utc_time=2015-06-05 10:14:04
# local_time=2015-06-06 12:14:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24197
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# end=updated
# utc_time=2015-06-05 10:14:34
# local_time=2015-06-06 12:14:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b2c16f0d299f1f44822e170334afb264
# engine=24197
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-05 10:15:10
# local_time=2015-06-06 12:15:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2003989 127723714 0 0
# scanned=1
# found=0
# cleaned=0
# scan_time=36


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 PM

Posted 06 June 2015 - 01:25 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-2114684848-714399144-433452792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    Toolbar: HKU\S-1-5-21-2114684848-714399144-433452792-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


lesestoff.png

Can you please tell me which problems still persist now?

Edited by deeprybka, 06 June 2015 - 01:25 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users