Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Matsnu.gen!A

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.05.2013, 19:26   #1
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Hallo ihr Lieben,

leider war ich so doof und machte eine der berühmt berüchtigten Emails auf. -> Angebliche Rechnung; zum anzeigen der Rechnung zipOrdner geöffnet. Passiert ist erstmal nix hab auch gleich Microsoft Security Essential voll durchlaufen lassen, hatte aber nix gefunden. Am nächten Morgen 11 Windwos Updates und das Virenprogramm schlug Alarm Fund: Win32/Matsnu.gen!A ; wurde unter Quarantäne gestellt. Ich lies Antimalwarebytes durch laufen aber der hat nix gefunden:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.21.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
*** :: NETBOOK [Administrator]

21.05.2013 19:01:55
mbam-log-2013-05-21 (19-01-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199582
Laufzeit: 12 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Ich bin jetzt auch nicht sehr Pc erfahren, aber hoffe das ihr mir vielleicht helfen könnt.
Der Lappi lahmt extrem beim hochfahren und es dauert ewig bis sich Programme öffnen..

Search results from Spybot - Search & Destroy

21.05.2013 20:13:44
Scan took 00:57:53.
13 items found.

Statcounter: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


DoubleClick: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Log: [SBI $8E73A7FB] Activity: ntbtlog.txt (File, nothing done)
C:\Windows\ntbtlog.txt
Properties.size=15142
Properties.md5=E3EED7DF711533176EB0FFFC2FE3625D
Properties.filedate=1369155287
Properties.filedatetext=2013-05-21 18:54:46

Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=56
Properties.md5=D74E3C688AA4F552EB9F55CB8EA67170
Properties.filedate=1369154561
Properties.filedatetext=2013-05-21 18:42:40

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Cache: [SBI $49804B54] Browser: Cache (4) (Browser: Cache, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (222) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

Alt 22.05.2013, 09:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Hallo und


Zitat:
und das Virenprogramm schlug Alarm Fund: Win32/Matsnu.gen!A
Wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 22.05.2013, 10:45   #3
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Ähhhm, ist mir jetzt recht peinlich weiß nicht wo ich das bei MSE finde

Vom Matnu Trojaner steht da auch nirgenswo was mehr was jetzt neu ist as ich grad gesehen hab:

Code:
ATTFilter
Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
containerfile:D:\Recycled\INFO.EXE
file:D:\Recycled\INFO.EXE->(Upack)
         


Hoffe das ist so richtig???? Bin wirklich sehr unbeholfen mit solchen Sachen
lieben Gruß Ellen
__________________

Alt 22.05.2013, 10:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2013, 18:15   #5
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2013 18:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellen&Falko\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,95 Mb Total Physical Memory | 256,41 Mb Available Physical Memory | 25,29% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 111,99 Gb Free Space | 81,78% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16478A67-B4FA-468E-BB87-0A8AFE8B5654}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3761706F-686E-4D3A-8E0E-2CD3C6ECBDF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{460890D0-36B6-48AB-BD3C-D047D181FB49}" = rport=137 | protocol=17 | dir=out | app=system | 
"{52ED89F1-9113-44C8-BE8D-4E5AADA2ACCD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{592A051A-E3BA-4FFF-B07D-F8D4D9EEA44C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5BDCEE4D-1E31-42F7-BA30-B0D2C42F0FD4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6168A646-E85B-413A-87B8-C01E264CC668}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8A1FAAFF-B648-40CA-8657-6D401E6D2C03}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BBE999DB-F469-4CD6-ADE8-4DDC4AF2B3F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6378B13-9A1F-4205-8993-766C309A6F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6FEC05C-B9F8-4920-BF64-A85F2F37AE35}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8D0F047-5325-41BF-8EAB-DA25CD60EC3C}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75F61BC4-9F28-4F99-B342-BC488BD7CF92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8C8B8631-409E-449C-90DA-2C6F7B122542}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A51DE423-E4A0-44EA-A44E-D5997D634015}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CF669F38-918A-4E88-B1BE-78064C16392B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1F4D6F5-691B-47BE-A3E0-BCCD86C78948}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{4AD139A2-A880-4353-95B5-BA56717C82DC}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | 
"UDP Query User{A2F0B9C9-8AD6-4E72-A9A8-957B1E972E8F}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"Intelli-studio" = SAMSUNG Intelli-studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"PhotoScape" = PhotoScape
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 07:34:23 | Computer Name = Netbook | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 16.05.2013 09:09:02 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2013 10:14:54 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2013 10:14:55 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 05:41:33 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Spybot - Search and Destroy Events ]
Error - 17.05.2013 11:14:14 | Computer Name = Netbook | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 21.05.2013 07:00:37 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.05.2013 07:52:20 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.05.2013 07:55:18 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.05.2013 12:43:05 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 21.05.2013 12:43:33 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.05.2013 05:28:07 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 22.05.2013 05:28:14 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.05.2013 05:28:22 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 22.05.2013 12:48:18 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 22.05.2013 12:48:25 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
OTL.Txt
Code:
ATTFilter
OTL logfile created on: 22.05.2013 18:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellen&Falko\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,95 Mb Total Physical Memory | 256,41 Mb Available Physical Memory | 25,29% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 111,99 Gb Free Space | 81,78% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ellen&Falko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Greg_Service) -- C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (DCamUSBSTK016) -- C:\Windows\System32\drivers\STK016W2.sys (Syntek Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=431&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/$22/ [binary data]
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.gamehitzone.com/?utm_source=FreightTrainSimulator&utm_medium=start
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes,DefaultScope = {2195EA02-8567-4C19-B3DF-09A3A2B5BE46}
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=48A9C417FEDDD288
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{2195EA02-8567-4C19-B3DF-09A3A2B5BE46}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=448
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{545D815E-9CDA-41C3-B6D9-FCE02A570083}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3C772EBF-A006-4887-980B-3C8D25ADBFA3&apn_sauid=A1FCA485-D739-438C-944D-2E54EC65AA2B
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_de___DE375
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={CB531157-40CF-4994-A9F7-AEC0084FA3DA}&mid=8d5e5709925b47d09890a113f0a5ca63-5ddb3140b8d38e5207bd049a7021adb2abe4bda6&lang=de&ds=AVG&pr=pr&d=2012-05-12 17:38:24&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=431&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ellen&Falko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.05 14:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.17 14:55:47 | 000,000,000 | ---D | M]
 
[2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions
[2010.09.20 17:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Sunbird\Profiles\csl13q1y.default\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: chrome://newtab
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\
CHR - Extension: Adblock Plus = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D0B155-91EA-43C5-A360-B4DBE54D561E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A1D608-002F-4B99-B008-B7D6ACCA6463}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.09 19:36:50 | 000,000,116 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell - "" = AutoRun
O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell\AutoRun\command - "" = D:\iLinker.exe
O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell - "" = AutoRun
O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell\AutoRun\command - "" = D:\NPSAI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.21 19:41:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe
[2013.05.21 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\Documents\ProcAlyzer Dumps
[2013.05.17 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Local\NPE
[2013.05.17 16:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.17 16:06:19 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.05.17 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.05.16 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.16 17:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.16 17:34:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.16 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.16 15:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.05.16 15:18:45 | 000,000,000 | --SD | C] -- C:\Users\Ellen&Falko\Desktop\Documents\Passwords Database
[2013.05.16 13:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.16 13:12:20 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\QuickScan
[2013.05.16 12:45:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 12:45:15 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 12:45:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 12:45:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 12:45:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 12:45:10 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 12:45:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 12:45:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 12:45:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 12:16:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 12:16:53 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 12:16:51 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 12:16:34 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.16 12:16:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\Ccwmcwpyk
[2013.05.15 12:21:04 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.04.28 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Posteriza
[2013.04.23 16:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.23 16:17:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2009.11.13 23:32:00 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 18:55:24 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 18:55:24 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 18:49:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 18:48:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 18:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 18:47:43 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 13:34:01 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000UA.job
[2013.05.22 13:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.21 20:19:21 | 000,000,064 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan
[2013.05.21 19:41:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe
[2013.05.21 19:34:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000Core.job
[2013.05.21 18:42:45 | 000,353,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.21 13:02:29 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Ellen&Falko\Desktop\mbar.exe
[2013.05.21 11:47:05 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.21 11:47:05 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.21 11:47:04 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.21 11:47:04 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.20 16:15:08 | 000,012,416 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat
[2013.05.17 16:06:39 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.17 11:09:00 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.16 20:24:12 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.16 17:36:37 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.16 15:25:21 | 000,002,102 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk
[2013.05.16 15:12:21 | 000,056,832 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Rechnungen.xlr
[2013.05.15 12:21:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:21:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 12:21:10 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.03 14:59:35 | 000,000,922 | ---- | M] () -- C:\Windows\posteriza.INI
[2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.21 20:19:21 | 000,000,064 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan
[2013.05.21 18:42:24 | 000,353,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 16:06:39 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.17 16:06:39 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.16 17:36:37 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.16 15:25:21 | 000,002,102 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk
[2012.12.15 15:24:08 | 000,002,809 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2012.12.12 14:33:07 | 000,010,495 | ---- | C] () -- C:\Users\Ellen&Falko\Ellen_elster_2048.pfx
[2012.08.04 23:15:51 | 000,002,681 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\recently-used.xbel
[2012.08.04 22:00:50 | 000,003,072 | -H-- | C] () -- C:\Users\Ellen&Falko\photothumb.db
[2011.11.26 13:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{2E8D49FE-3B5B-49EC-AAEF-957531246A7A}
[2011.09.30 11:55:27 | 000,000,022 | -HS- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.09.09 16:45:10 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI
[2011.06.29 17:12:04 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{983F738C-1125-48D5-9E06-0F6AAB090992}
[2010.05.16 12:49:46 | 000,007,598 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\Resmon.ResmonCfg
[2010.04.23 13:04:52 | 000,057,856 | ---- | C] () -- C:\Users\Ellen&Falko\Rechnungen.xlr
[2010.04.23 13:04:08 | 000,012,416 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838

< End of report >
         


Alt 22.05.2013, 20:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Matsnu.gen!A

Alt 22.05.2013, 22:45   #7
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-22 23:09:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PBBO 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ELLEN&~1\AppData\Local\Temp\ffldqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwRollbackEnlistment + 140D                             820809A9 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                               820A04F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?      C:\Users\ELLEN&~1\AppData\Local\Temp\ffldqpoc.sys                    Das System kann den angegebenen Pfad nicht finden. !

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources  MSDMine?DfSdk
Reg    HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources      MSDMine?DfSdk

---- EOF - GMER 2.1 ----
         
Malwarebtes Rootkit:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Ellen&Falko :: NETBOOK [administrator]

22.05.2013 23:43:06
mbar-log-2013-05-22 (23-43-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 25493
Time elapsed: 21 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Danke für die Mühe!!!!!!

Alt 22.05.2013, 22:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.05.2013, 09:05   #9
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-23 09:16:43
-----------------------------
09:16:43.136    OS Version: Windows 6.1.7601 Service Pack 1
09:16:43.137    Number of processors: 2 586 0x1C02
09:16:43.141    ComputerName: NETBOOK  UserName: 
09:16:45.888    Initialize success
09:28:31.712    AVAST engine defs: 13052201
09:29:25.005    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:29:25.012    Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
09:29:25.218    Disk 0 MBR read successfully
09:29:25.226    Disk 0 MBR scan
09:29:25.315    Disk 0 Windows 7 default MBR code
09:29:25.325    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
09:29:25.402    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855
09:29:25.497    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       140232 MB offset 25382700
09:29:25.563    Disk 0 scanning sectors +312579760
09:29:25.817    Disk 0 scanning C:\Windows\system32\drivers
09:30:08.866    Service scanning
09:30:46.214    Service MpKsl269d15e6 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2202B0F2-9AD4-40B1-8EF9-9144F39B802E}\MpKsl269d15e6.sys **LOCKED** 32
09:31:31.781    Modules scanning
09:31:41.859    Disk 0 trace - called modules:
09:31:41.906    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
09:31:41.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851637c8]
09:31:41.937    3 CLASSPNP.SYS[87ba559e] -> nt!IofCallDriver -> [0x8476c388]
09:31:41.968    5 ACPI.sys[872433d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84721028]
09:31:43.980    AVAST engine scan C:\Windows
09:31:50.704    AVAST engine scan C:\Windows\system32
09:41:01.915    AVAST engine scan C:\Windows\system32\drivers
09:41:50.354    AVAST engine scan C:\Users\Ellen&Falko
09:51:57.661    AVAST engine scan C:\ProgramData
09:52:48.845    Scan finished successfully
09:54:08.329    Disk 0 MBR has been saved successfully to "C:\Users\Ellen&Falko\Desktop\MBR.dat"
09:54:08.360    The log file has been saved successfully to "C:\Users\Ellen&Falko\Desktop\aswMBR.txt"
         


tdsskiller:
Code:
ATTFilter
09:58:19.0202 1264  AcpiPmi - ok
09:58:19.0327 1264  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:58:19.0373 1264  AdobeARMservice - ok
09:58:19.0451 1264  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:19.0498 1264  AdobeFlashPlayerUpdateSvc - ok
09:58:19.0545 1264  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:19.0623 1264  adp94xx - ok
09:58:19.0654 1264  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:58:19.0701 1264  adpahci - ok
09:58:19.0732 1264  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:58:19.0763 1264  adpu320 - ok
09:58:19.0826 1264  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:58:19.0935 1264  AeLookupSvc - ok
09:58:19.0982 1264  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
09:58:20.0107 1264  AFD - ok
09:58:20.0138 1264  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
09:58:20.0169 1264  agp440 - ok
09:58:20.0216 1264  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
09:58:20.0247 1264  aic78xx - ok
09:58:20.0294 1264  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
09:58:20.0387 1264  ALG - ok
09:58:20.0403 1264  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:58:20.0450 1264  aliide - ok
09:58:20.0465 1264  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:58:20.0512 1264  amdagp - ok
09:58:20.0543 1264  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:58:20.0575 1264  amdide - ok
09:58:20.0606 1264  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:58:20.0731 1264  AmdK8 - ok
09:58:20.0746 1264  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:58:20.0824 1264  AmdPPM - ok
09:58:20.0887 1264  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:58:20.0918 1264  amdsata - ok
09:58:20.0949 1264  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:20.0980 1264  amdsbs - ok
09:58:21.0011 1264  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:58:21.0043 1264  amdxata - ok
09:58:21.0074 1264  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
09:58:21.0261 1264  AppID - ok
09:58:21.0292 1264  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:58:21.0386 1264  AppIDSvc - ok
09:58:21.0433 1264  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
09:58:21.0573 1264  Appinfo - ok
09:58:21.0604 1264  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:58:21.0651 1264  arc - ok
09:58:21.0682 1264  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:58:21.0713 1264  arcsas - ok
09:58:21.0745 1264  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:21.0947 1264  AsyncMac - ok
09:58:21.0979 1264  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
09:58:22.0010 1264  atapi - ok
09:58:22.0103 1264  [ AC4ADAC154563AB41CC79B0257BC685A ] athr            C:\Windows\system32\DRIVERS\athr.sys
09:58:22.0244 1264  athr - ok
09:58:22.0275 1264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:22.0400 1264  AudioEndpointBuilder - ok
09:58:22.0415 1264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:58:22.0493 1264  Audiosrv - ok
09:58:22.0556 1264  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:58:22.0712 1264  AxInstSV - ok
09:58:22.0759 1264  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
09:58:22.0915 1264  b06bdrv - ok
09:58:22.0946 1264  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
09:58:23.0008 1264  b57nd60x - ok
09:58:23.0149 1264  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
09:58:23.0305 1264  BCM43XX - ok
09:58:23.0351 1264  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:58:23.0507 1264  BDESVC - ok
09:58:23.0539 1264  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:58:23.0601 1264  Beep - ok
09:58:23.0663 1264  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
09:58:23.0788 1264  BFE - ok
09:58:23.0866 1264  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
09:58:23.0991 1264  BITS - ok
09:58:24.0038 1264  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:24.0085 1264  blbdrive - ok
09:58:24.0131 1264  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:58:24.0241 1264  bowser - ok
09:58:24.0256 1264  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:24.0334 1264  BrFiltLo - ok
09:58:24.0381 1264  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:24.0443 1264  BrFiltUp - ok
09:58:24.0490 1264  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
09:58:24.0631 1264  Browser - ok
09:58:24.0662 1264  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:58:24.0818 1264  Brserid - ok
09:58:24.0849 1264  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:24.0927 1264  BrSerWdm - ok
09:58:24.0958 1264  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:25.0036 1264  BrUsbMdm - ok
09:58:25.0067 1264  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:25.0130 1264  BrUsbSer - ok
09:58:25.0161 1264  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:25.0239 1264  BTHMODEM - ok
09:58:25.0317 1264  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
09:58:25.0411 1264  bthserv - ok
09:58:25.0457 1264  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:58:25.0582 1264  cdfs - ok
09:58:25.0645 1264  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:58:25.0707 1264  cdrom - ok
09:58:25.0769 1264  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:58:25.0879 1264  CertPropSvc - ok
09:58:25.0910 1264  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:58:25.0988 1264  circlass - ok
09:58:26.0050 1264  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
09:58:26.0113 1264  CLFS - ok
09:58:26.0191 1264  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:26.0222 1264  clr_optimization_v2.0.50727_32 - ok
09:58:26.0300 1264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:26.0362 1264  clr_optimization_v4.0.30319_32 - ok
09:58:26.0393 1264  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:26.0456 1264  CmBatt - ok
09:58:26.0518 1264  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:58:26.0549 1264  cmdide - ok
09:58:26.0596 1264  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:58:26.0674 1264  CNG - ok
09:58:26.0690 1264  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:58:26.0721 1264  Compbatt - ok
09:58:26.0768 1264  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:58:26.0830 1264  CompositeBus - ok
09:58:26.0846 1264  COMSysApp - ok
09:58:26.0893 1264  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:26.0924 1264  crcdisk - ok
09:58:26.0986 1264  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:58:27.0095 1264  CryptSvc - ok
09:58:27.0127 1264  [ 91BCE28C8E5F657F1EAEA93A4C68A9FF ] DCamUSBSTK016   C:\Windows\system32\DRIVERS\STK016W2.sys
09:58:27.0189 1264  DCamUSBSTK016 - ok
09:58:27.0236 1264  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:58:27.0329 1264  DcomLaunch - ok
09:58:27.0361 1264  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:58:27.0485 1264  defragsvc - ok
09:58:27.0532 1264  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:58:27.0641 1264  DfsC - ok
09:58:27.0688 1264  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:58:27.0813 1264  Dhcp - ok
09:58:27.0844 1264  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
09:58:27.0953 1264  discache - ok
09:58:28.0000 1264  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:58:28.0047 1264  Disk - ok
09:58:28.0078 1264  [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
09:58:28.0109 1264  DKbFltr - ok
09:58:28.0156 1264  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:58:28.0250 1264  Dnscache - ok
09:58:28.0312 1264  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:58:28.0406 1264  dot3svc - ok
09:58:28.0468 1264  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
09:58:28.0531 1264  DPS - ok
09:58:28.0562 1264  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:58:28.0609 1264  drmkaud - ok
09:58:28.0655 1264  [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService   C:\Program Files\Launch Manager\dsiwmis.exe
09:58:28.0687 1264  DsiWMIService - ok
09:58:28.0749 1264  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:58:28.0811 1264  DXGKrnl - ok
09:58:28.0843 1264  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
09:58:28.0952 1264  EapHost - ok
09:58:29.0108 1264  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
09:58:29.0326 1264  ebdrv - ok
09:58:29.0404 1264  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
09:58:29.0482 1264  EFS - ok
09:58:29.0529 1264  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:58:29.0591 1264  elxstor - ok
09:58:29.0669 1264  [ 7FC5C35144B2FF94FD65576D8C129D2B ] ePowerSvc       C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
09:58:29.0732 1264  ePowerSvc - ok
09:58:29.0747 1264  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:58:29.0810 1264  ErrDev - ok
09:58:29.0903 1264  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
09:58:30.0013 1264  EventSystem - ok
09:58:30.0075 1264  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
09:58:30.0169 1264  exfat - ok
09:58:30.0215 1264  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:58:30.0325 1264  fastfat - ok
09:58:30.0403 1264  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
09:58:30.0559 1264  Fax - ok
09:58:30.0590 1264  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:58:30.0668 1264  fdc - ok
09:58:30.0715 1264  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
09:58:30.0793 1264  fdPHost - ok
09:58:30.0808 1264  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
09:58:30.0917 1264  FDResPub - ok
09:58:30.0964 1264  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:58:30.0995 1264  FileInfo - ok
09:58:31.0011 1264  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:58:31.0089 1264  Filetrace - ok
09:58:31.0136 1264  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:31.0214 1264  flpydisk - ok
09:58:31.0245 1264  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:58:31.0292 1264  FltMgr - ok
09:58:31.0370 1264  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
09:58:31.0526 1264  FontCache - ok
09:58:31.0619 1264  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:58:31.0651 1264  FontCache3.0.0.0 - ok
09:58:31.0697 1264  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:58:31.0729 1264  FsDepends - ok
09:58:31.0760 1264  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:58:31.0791 1264  Fs_Rec - ok
09:58:31.0838 1264  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:58:31.0885 1264  fvevol - ok
09:58:31.0916 1264  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:31.0947 1264  gagp30kx - ok
09:58:32.0009 1264  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:58:32.0119 1264  gpsvc - ok
09:58:32.0228 1264  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files\eMachines\Registration\GregHSRW.exe
09:58:32.0306 1264  Greg_Service - ok
09:58:32.0353 1264  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0384 1264  gupdate - ok
09:58:32.0399 1264  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0431 1264  gupdatem - ok
09:58:32.0477 1264  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:58:32.0649 1264  hcw85cir - ok
09:58:32.0680 1264  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:32.0743 1264  HdAudAddService - ok
09:58:32.0774 1264  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:58:32.0836 1264  HDAudBus - ok
09:58:32.0899 1264  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:32.0961 1264  HidBatt - ok
09:58:33.0008 1264  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:58:33.0086 1264  HidBth - ok
09:58:33.0117 1264  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:58:33.0195 1264  HidIr - ok
09:58:33.0242 1264  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
09:58:33.0351 1264  hidserv - ok
09:58:33.0398 1264  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:58:33.0445 1264  HidUsb - ok
09:58:33.0491 1264  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:58:33.0585 1264  hkmsvc - ok
09:58:33.0647 1264  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:33.0788 1264  HomeGroupListener - ok
09:58:33.0835 1264  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:33.0913 1264  HomeGroupProvider - ok
09:58:33.0959 1264  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:58:33.0991 1264  HpSAMD - ok
09:58:34.0053 1264  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:58:34.0131 1264  HTTP - ok
09:58:34.0178 1264  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:58:34.0225 1264  hwpolicy - ok
09:58:34.0256 1264  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:58:34.0318 1264  i8042prt - ok
09:58:34.0396 1264  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:58:34.0443 1264  IAANTMON - ok
09:58:34.0490 1264  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:58:34.0521 1264  iaStor - ok
09:58:34.0568 1264  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:58:34.0615 1264  iaStorV - ok
09:58:34.0693 1264  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:58:34.0771 1264  idsvc - ok
09:58:34.0942 1264  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
09:58:35.0254 1264  igfx - ok
09:58:35.0285 1264  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:58:35.0332 1264  iirsp - ok
09:58:35.0379 1264  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:58:35.0504 1264  IKEEXT - ok
09:58:35.0644 1264  [ F2BAA4FF548F7F0317F7638951C1CD9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:58:35.0785 1264  IntcAzAudAddService - ok
09:58:35.0894 1264  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:58:35.0925 1264  intelide - ok
09:58:35.0972 1264  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:58:36.0034 1264  intelppm - ok
09:58:36.0097 1264  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:58:36.0206 1264  IPBusEnum - ok
09:58:36.0237 1264  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:36.0346 1264  IpFilterDriver - ok
09:58:36.0409 1264  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:58:36.0549 1264  iphlpsvc - ok
09:58:36.0596 1264  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:58:36.0643 1264  IPMIDRV - ok
09:58:36.0674 1264  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:58:36.0783 1264  IPNAT - ok
09:58:36.0814 1264  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:58:36.0939 1264  IRENUM - ok
09:58:36.0970 1264  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:58:37.0001 1264  isapnp - ok
09:58:37.0048 1264  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:58:37.0095 1264  iScsiPrt - ok
09:58:37.0126 1264  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:58:37.0157 1264  kbdclass - ok
09:58:37.0189 1264  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:58:37.0251 1264  kbdhid - ok
09:58:37.0298 1264  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
09:58:37.0329 1264  KeyIso - ok
09:58:37.0345 1264  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:58:37.0391 1264  KSecDD - ok
09:58:37.0438 1264  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:58:37.0485 1264  KSecPkg - ok
09:58:37.0532 1264  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:58:37.0641 1264  KtmRm - ok
09:58:37.0703 1264  [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
09:58:37.0781 1264  L1C - ok
09:58:37.0844 1264  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:58:37.0937 1264  LanmanServer - ok
09:58:38.0000 1264  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:38.0093 1264  LanmanWorkstation - ok
09:58:38.0171 1264  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:58:38.0265 1264  lltdio - ok
09:58:38.0327 1264  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:58:38.0437 1264  lltdsvc - ok
09:58:38.0452 1264  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:58:38.0530 1264  lmhosts - ok
09:58:38.0561 1264  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:58:38.0608 1264  LSI_FC - ok
09:58:38.0639 1264  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:58:38.0671 1264  LSI_SAS - ok
09:58:38.0702 1264  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:58:38.0733 1264  LSI_SAS2 - ok
09:58:38.0780 1264  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:58:38.0811 1264  LSI_SCSI - ok
09:58:38.0842 1264  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
09:58:38.0936 1264  luafv - ok
09:58:39.0029 1264  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:58:39.0076 1264  MBAMProtector - ok
09:58:39.0154 1264  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:58:39.0201 1264  MBAMScheduler - ok
09:58:39.0263 1264  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:58:39.0326 1264  MBAMService - ok
09:58:39.0357 1264  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:58:39.0404 1264  megasas - ok
09:58:39.0419 1264  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:58:39.0466 1264  MegaSR - ok
09:58:39.0513 1264  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
09:58:39.0622 1264  MMCSS - ok
09:58:39.0653 1264  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
09:58:39.0763 1264  Modem - ok
09:58:39.0809 1264  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:58:39.0872 1264  monitor - ok
09:58:39.0934 1264  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:58:39.0965 1264  mouclass - ok
09:58:39.0981 1264  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:58:40.0059 1264  mouhid - ok
09:58:40.0106 1264  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:58:40.0153 1264  mountmgr - ok
09:58:40.0199 1264  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:58:40.0262 1264  MpFilter - ok
09:58:40.0277 1264  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:58:40.0324 1264  mpio - ok
09:58:40.0465 1264  [ A69630D039C38018689190234F866D77 ] MpKsl269d15e6   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2202B0F2-9AD4-40B1-8EF9-9144F39B802E}\MpKsl269d15e6.sys
09:58:40.0496 1264  MpKsl269d15e6 - ok
09:58:40.0543 1264  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:58:40.0636 1264  mpsdrv - ok
09:58:40.0699 1264  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:58:40.0839 1264  MpsSvc - ok
09:58:40.0886 1264  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:58:40.0964 1264  MRxDAV - ok
09:58:41.0011 1264  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:41.0120 1264  mrxsmb - ok
09:58:41.0167 1264  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:41.0245 1264  mrxsmb10 - ok
09:58:41.0291 1264  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:41.0354 1264  mrxsmb20 - ok
09:58:41.0416 1264  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
09:58:41.0447 1264  msahci - ok
09:58:41.0494 1264  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:58:41.0525 1264  msdsm - ok
09:58:41.0557 1264  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
09:58:41.0619 1264  MSDTC - ok
09:58:41.0697 1264  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:58:41.0775 1264  Msfs - ok
09:58:41.0791 1264  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:58:41.0869 1264  mshidkmdf - ok
09:58:41.0900 1264  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:58:41.0931 1264  msisadrv - ok
09:58:41.0978 1264  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:58:42.0087 1264  MSiSCSI - ok
09:58:42.0087 1264  msiserver - ok
09:58:42.0134 1264  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:58:42.0212 1264  MSKSSRV - ok
09:58:42.0290 1264  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:58:42.0321 1264  MsMpSvc - ok
09:58:42.0352 1264  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:42.0461 1264  MSPCLOCK - ok
09:58:42.0508 1264  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:58:42.0617 1264  MSPQM - ok
09:58:42.0649 1264  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:58:42.0695 1264  MsRPC - ok
09:58:42.0727 1264  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:58:42.0773 1264  mssmbios - ok
09:58:42.0773 1264  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:58:42.0851 1264  MSTEE - ok
09:58:42.0883 1264  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:58:42.0914 1264  MTConfig - ok
09:58:42.0945 1264  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:58:42.0976 1264  Mup - ok
09:58:43.0039 1264  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
09:58:43.0117 1264  napagent - ok
09:58:43.0163 1264  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:58:43.0226 1264  NativeWifiP - ok
09:58:43.0288 1264  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:58:43.0366 1264  NDIS - ok
09:58:43.0413 1264  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:43.0522 1264  NdisCap - ok
09:58:43.0553 1264  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:43.0663 1264  NdisTapi - ok
09:58:43.0725 1264  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:43.0819 1264  Ndisuio - ok
09:58:43.0897 1264  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:43.0990 1264  NdisWan - ok
09:58:44.0037 1264  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:58:44.0146 1264  NDProxy - ok
09:58:44.0193 1264  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:58:44.0302 1264  NetBIOS - ok
09:58:44.0365 1264  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:58:44.0474 1264  NetBT - ok
09:58:44.0521 1264  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
09:58:44.0552 1264  Netlogon - ok
09:58:44.0614 1264  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
09:58:44.0723 1264  Netman - ok
09:58:44.0786 1264  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
09:58:44.0895 1264  netprofm - ok
09:58:44.0957 1264  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:44.0989 1264  NetTcpPortSharing - ok
09:58:45.0020 1264  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:58:45.0051 1264  nfrd960 - ok
09:58:45.0129 1264  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:58:45.0176 1264  NisDrv - ok
09:58:45.0223 1264  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
09:58:45.0269 1264  NisSrv - ok
09:58:45.0316 1264  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:58:45.0394 1264  NlaSvc - ok
09:58:45.0441 1264  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:58:45.0519 1264  Npfs - ok
09:58:45.0550 1264  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
09:58:45.0628 1264  nsi - ok
09:58:45.0675 1264  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:58:45.0769 1264  nsiproxy - ok
09:58:45.0862 1264  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:58:45.0956 1264  Ntfs - ok
09:58:46.0003 1264  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
09:58:46.0096 1264  Null - ok
09:58:46.0143 1264  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:58:46.0190 1264  nvraid - ok
09:58:46.0221 1264  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:58:46.0268 1264  nvstor - ok
09:58:46.0299 1264  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:58:46.0346 1264  nv_agp - ok
09:58:46.0377 1264  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:58:46.0424 1264  ohci1394 - ok
09:58:46.0471 1264  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:58:46.0611 1264  p2pimsvc - ok
09:58:46.0658 1264  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:58:46.0736 1264  p2psvc - ok
09:58:46.0783 1264  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:58:46.0861 1264  Parport - ok
09:58:46.0907 1264  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:58:46.0939 1264  partmgr - ok
09:58:46.0970 1264  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:58:47.0032 1264  Parvdm - ok
09:58:47.0079 1264  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:58:47.0141 1264  PcaSvc - ok
09:58:47.0173 1264  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
09:58:47.0219 1264  pci - ok
09:58:47.0251 1264  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
09:58:47.0282 1264  pciide - ok
09:58:47.0344 1264  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:58:47.0375 1264  pcmcia - ok
09:58:47.0407 1264  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
09:58:47.0453 1264  pcw - ok
09:58:47.0500 1264  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:58:47.0625 1264  PEAUTH - ok
09:58:47.0750 1264  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
09:58:47.0890 1264  pla - ok
09:58:47.0984 1264  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:58:48.0109 1264  PlugPlay - ok
09:58:48.0171 1264  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:58:48.0233 1264  PNRPAutoReg - ok
09:58:48.0280 1264  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:58:48.0327 1264  PNRPsvc - ok
09:58:48.0374 1264  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:58:48.0499 1264  PolicyAgent - ok
09:58:48.0577 1264  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
09:58:48.0655 1264  Power - ok
09:58:48.0701 1264  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:58:48.0779 1264  PptpMiniport - ok
09:58:48.0811 1264  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:58:48.0889 1264  Processor - ok
09:58:48.0951 1264  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
09:58:49.0060 1264  ProfSvc - ok
09:58:49.0091 1264  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:58:49.0123 1264  ProtectedStorage - ok
09:58:49.0154 1264  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:58:49.0247 1264  Psched - ok
09:58:49.0325 1264  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:58:49.0435 1264  ql2300 - ok
09:58:49.0466 1264  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:58:49.0513 1264  ql40xx - ok
09:58:49.0559 1264  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
09:58:49.0622 1264  QWAVE - ok
09:58:49.0637 1264  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:58:49.0684 1264  QWAVEdrv - ok
09:58:49.0731 1264  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:58:49.0809 1264  RasAcd - ok
09:58:49.0840 1264  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:58:49.0903 1264  RasAgileVpn - ok
09:58:49.0918 1264  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
09:58:50.0012 1264  RasAuto - ok
09:58:50.0027 1264  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:50.0137 1264  Rasl2tp - ok
09:58:50.0183 1264  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
09:58:50.0293 1264  RasMan - ok
09:58:50.0339 1264  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:50.0417 1264  RasPppoe - ok
09:58:50.0449 1264  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:58:50.0573 1264  RasSstp - ok
09:58:50.0620 1264  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:58:50.0729 1264  rdbss - ok
09:58:50.0761 1264  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:58:50.0823 1264  rdpbus - ok
09:58:50.0885 1264  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:50.0979 1264  RDPCDD - ok
09:58:51.0026 1264  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:58:51.0135 1264  RDPENCDD - ok
09:58:51.0182 1264  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:58:51.0291 1264  RDPREFMP - ok
09:58:51.0369 1264  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:58:51.0494 1264  RdpVideoMiniport - ok
09:58:51.0541 1264  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:58:51.0665 1264  RDPWD - ok
09:58:51.0712 1264  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:58:51.0759 1264  rdyboost - ok
09:58:51.0806 1264  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:58:51.0915 1264  RemoteAccess - ok
09:58:51.0977 1264  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:58:52.0087 1264  RemoteRegistry - ok
09:58:52.0133 1264  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:58:52.0243 1264  RpcEptMapper - ok
09:58:52.0305 1264  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
09:58:52.0336 1264  RpcLocator - ok
09:58:52.0383 1264  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
09:58:52.0461 1264  RpcSs - ok
09:58:52.0508 1264  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:58:52.0633 1264  rspndr - ok
09:58:52.0695 1264  [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
09:58:52.0789 1264  RSUSBSTOR - ok
09:58:52.0835 1264  [ 325590E7E9587459643BA24D2CF73BF2 ] RTL8187         C:\Windows\system32\DRIVERS\rtl8187.sys
09:58:52.0913 1264  RTL8187 - ok
09:58:52.0929 1264  RtsUIR - ok
09:58:52.0960 1264  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
09:58:52.0991 1264  s0016bus - ok
09:58:53.0023 1264  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
09:58:53.0054 1264  s0016mdfl - ok
09:58:53.0085 1264  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
09:58:53.0116 1264  s0016mdm - ok
09:58:53.0147 1264  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
09:58:53.0179 1264  s0016mgmt - ok
09:58:53.0194 1264  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
09:58:53.0225 1264  s0016obex - ok
09:58:53.0257 1264  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
09:58:53.0288 1264  SamSs - ok
09:58:53.0335 1264  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:58:53.0381 1264  sbp2port - ok
09:58:53.0428 1264  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:58:53.0522 1264  SCardSvr - ok
09:58:53.0569 1264  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:58:53.0662 1264  scfilter - ok
09:58:53.0709 1264  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
09:58:53.0850 1264  Schedule - ok
09:58:53.0881 1264  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:58:53.0959 1264  SCPolicySvc - ok
09:58:54.0006 1264  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:58:54.0130 1264  SDRSVC - ok
09:58:54.0255 1264  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:58:54.0318 1264  SDScannerService - ok
09:58:54.0411 1264  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:58:54.0505 1264  SDUpdateService - ok
09:58:54.0567 1264  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:58:54.0598 1264  SDWSCService - ok
09:58:54.0645 1264  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:58:54.0754 1264  secdrv - ok
09:58:54.0801 1264  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
09:58:54.0910 1264  seclogon - ok
09:58:54.0942 1264  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
09:58:55.0051 1264  SENS - ok
09:58:55.0098 1264  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:58:55.0176 1264  Serenum - ok
09:58:55.0222 1264  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:58:55.0269 1264  Serial - ok
09:58:55.0300 1264  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:58:55.0363 1264  sermouse - ok
09:58:55.0456 1264  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:58:55.0550 1264  SessionEnv - ok
09:58:55.0612 1264  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:58:55.0706 1264  sffdisk - ok
09:58:55.0737 1264  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:58:55.0784 1264  sffp_mmc - ok
09:58:55.0800 1264  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:58:55.0846 1264  sffp_sd - ok
09:58:55.0878 1264  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:55.0940 1264  sfloppy - ok
09:58:56.0034 1264  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:58:56.0127 1264  SharedAccess - ok
09:58:56.0158 1264  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:58:56.0268 1264  ShellHWDetection - ok
09:58:56.0314 1264  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:58:56.0346 1264  sisagp - ok
09:58:56.0392 1264  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:58:56.0424 1264  SiSRaid2 - ok
09:58:56.0455 1264  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:58:56.0486 1264  SiSRaid4 - ok
09:58:56.0517 1264  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:58:56.0611 1264  Smb - ok
09:58:56.0658 1264  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:58:56.0689 1264  SNMPTRAP - ok
09:58:56.0720 1264  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:58:56.0767 1264  spldr - ok
09:58:56.0814 1264  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
09:58:56.0954 1264  Spooler - ok
09:58:57.0094 1264  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
09:58:57.0344 1264  sppsvc - ok
09:58:57.0422 1264  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:58:57.0484 1264  sppuinotify - ok
09:58:57.0562 1264  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:58:57.0672 1264  srv - ok
09:58:57.0734 1264  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:58:57.0812 1264  srv2 - ok
09:58:57.0843 1264  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:58:57.0906 1264  srvnet - ok
09:58:57.0968 1264  [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
09:58:58.0062 1264  sscdbus - ok
09:58:58.0093 1264  [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:58:58.0171 1264  sscdmdfl - ok
09:58:58.0218 1264  [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
09:58:58.0280 1264  sscdmdm - ok
09:58:58.0327 1264  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:58:58.0452 1264  SSDPSRV - ok
09:58:58.0498 1264  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:58:58.0576 1264  SstpSvc - ok
09:58:58.0623 1264  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:58:58.0654 1264  stexstor - ok
09:58:58.0717 1264  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
09:58:58.0810 1264  StiSvc - ok
09:58:58.0857 1264  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:58:58.0888 1264  swenum - ok
09:58:58.0935 1264  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
09:58:59.0044 1264  swprv - ok
09:58:59.0138 1264  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
09:58:59.0232 1264  SysMain - ok
09:58:59.0263 1264  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:58:59.0356 1264  TabletInputService - ok
09:58:59.0434 1264  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:58:59.0544 1264  TapiSrv - ok
09:58:59.0606 1264  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
09:58:59.0715 1264  TBS - ok
09:58:59.0809 1264  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:58:59.0902 1264  Tcpip - ok
09:58:59.0949 1264  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:59:00.0027 1264  TCPIP6 - ok
09:59:00.0090 1264  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:59:00.0152 1264  tcpipreg - ok
09:59:00.0214 1264  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:59:00.0324 1264  TDPIPE - ok
09:59:00.0370 1264  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:59:00.0433 1264  TDTCP - ok
09:59:00.0495 1264  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:59:00.0589 1264  tdx - ok
09:59:00.0651 1264  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:59:00.0682 1264  TermDD - ok
09:59:00.0760 1264  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
09:59:00.0870 1264  TermService - ok
09:59:00.0901 1264  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
09:59:00.0948 1264  Themes - ok
09:59:00.0979 1264  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:59:01.0057 1264  THREADORDER - ok
09:59:01.0088 1264  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
09:59:01.0197 1264  TrkWks - ok
09:59:01.0291 1264  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:01.0400 1264  TrustedInstaller - ok
09:59:01.0478 1264  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:01.0556 1264  tssecsrv - ok
09:59:01.0603 1264  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:59:01.0665 1264  TsUsbFlt - ok
09:59:01.0696 1264  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:59:01.0806 1264  tunnel - ok
09:59:01.0852 1264  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:59:01.0899 1264  uagp35 - ok
09:59:01.0930 1264  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:59:02.0040 1264  udfs - ok
09:59:02.0102 1264  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:59:02.0180 1264  UI0Detect - ok
09:59:02.0227 1264  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:59:02.0258 1264  uliagpkx - ok
09:59:02.0305 1264  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
09:59:02.0336 1264  umbus - ok
09:59:02.0383 1264  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:59:02.0445 1264  UmPass - ok
09:59:02.0523 1264  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
09:59:02.0554 1264  Updater Service - ok
09:59:02.0601 1264  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
09:59:02.0695 1264  upnphost - ok
09:59:02.0742 1264  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:02.0851 1264  usbccgp - ok
09:59:02.0866 1264  USBCCID - ok
09:59:02.0929 1264  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:59:02.0976 1264  usbcir - ok
09:59:03.0007 1264  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:59:03.0038 1264  usbehci - ok
09:59:03.0069 1264  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:59:03.0147 1264  usbhub - ok
09:59:03.0210 1264  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:59:03.0256 1264  usbohci - ok
09:59:03.0319 1264  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:59:03.0350 1264  usbprint - ok
09:59:03.0397 1264  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:59:03.0459 1264  usbscan - ok
09:59:03.0522 1264  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:03.0631 1264  USBSTOR - ok
09:59:03.0678 1264  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:59:03.0709 1264  usbuhci - ok
09:59:03.0756 1264  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:59:03.0834 1264  usbvideo - ok
09:59:03.0880 1264  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
09:59:03.0974 1264  UxSms - ok
09:59:04.0005 1264  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
09:59:04.0052 1264  VaultSvc - ok
09:59:04.0068 1264  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:59:04.0099 1264  vdrvroot - ok
09:59:04.0161 1264  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
09:59:04.0286 1264  vds - ok
09:59:04.0333 1264  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:04.0395 1264  vga - ok
09:59:04.0426 1264  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:59:04.0536 1264  VgaSave - ok
09:59:04.0598 1264  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:59:04.0629 1264  vhdmp - ok
09:59:04.0660 1264  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:59:04.0692 1264  viaagp - ok
09:59:04.0723 1264  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
09:59:04.0816 1264  ViaC7 - ok
09:59:04.0848 1264  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
09:59:04.0894 1264  viaide - ok
09:59:04.0910 1264  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:59:04.0941 1264  volmgr - ok
09:59:04.0972 1264  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:59:05.0035 1264  volmgrx - ok
09:59:05.0066 1264  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:59:05.0113 1264  volsnap - ok
09:59:05.0144 1264  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:59:05.0175 1264  vsmraid - ok
09:59:05.0253 1264  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
09:59:05.0394 1264  VSS - ok
09:59:05.0456 1264  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:05.0518 1264  vwifibus - ok
09:59:05.0550 1264  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:05.0596 1264  vwififlt - ok
09:59:05.0628 1264  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:59:05.0674 1264  vwifimp - ok
09:59:05.0721 1264  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
09:59:05.0846 1264  W32Time - ok
09:59:05.0908 1264  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:59:05.0971 1264  WacomPen - ok
09:59:06.0033 1264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0096 1264  WANARP - ok
09:59:06.0111 1264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0189 1264  Wanarpv6 - ok
09:59:06.0267 1264  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
09:59:06.0423 1264  wbengine - ok
09:59:06.0470 1264  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:59:06.0532 1264  WbioSrvc - ok
09:59:06.0595 1264  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:59:06.0688 1264  wcncsvc - ok
09:59:06.0720 1264  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:06.0860 1264  WcsPlugInService - ok
09:59:06.0907 1264  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:59:06.0938 1264  Wd - ok
09:59:07.0000 1264  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:59:07.0078 1264  Wdf01000 - ok
09:59:07.0110 1264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:59:07.0250 1264  WdiServiceHost - ok
09:59:07.0266 1264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:59:07.0328 1264  WdiSystemHost - ok
09:59:07.0375 1264  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
09:59:07.0453 1264  WebClient - ok
09:59:07.0515 1264  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:59:07.0609 1264  Wecsvc - ok
09:59:07.0624 1264  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:59:07.0734 1264  wercplsupport - ok
09:59:07.0765 1264  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:59:07.0874 1264  WerSvc - ok
09:59:07.0921 1264  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:08.0014 1264  WfpLwf - ok
09:59:08.0030 1264  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:59:08.0077 1264  WIMMount - ok
09:59:08.0155 1264  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:59:08.0248 1264  WinDefend - ok
09:59:08.0280 1264  WinHttpAutoProxySvc - ok
09:59:08.0358 1264  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:59:08.0451 1264  Winmgmt - ok
09:59:08.0545 1264  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
09:59:08.0701 1264  WinRM - ok
09:59:08.0748 1264  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:08.0826 1264  WinUsb - ok
09:59:08.0888 1264  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:59:08.0997 1264  Wlansvc - ok
09:59:09.0044 1264  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:59:09.0122 1264  WmiAcpi - ok
09:59:09.0184 1264  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:59:09.0247 1264  wmiApSrv - ok
09:59:09.0356 1264  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:09.0481 1264  WMPNetworkSvc - ok
09:59:09.0512 1264  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:59:09.0652 1264  WPCSvc - ok
09:59:09.0699 1264  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:59:09.0808 1264  WPDBusEnum - ok
09:59:09.0855 1264  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:59:09.0949 1264  ws2ifsl - ok
09:59:10.0011 1264  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
09:59:10.0089 1264  wscsvc - ok
09:59:10.0105 1264  WSearch - ok
09:59:10.0230 1264  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:59:10.0354 1264  wuauserv - ok
09:59:10.0401 1264  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:59:10.0542 1264  WudfPf - ok
09:59:10.0573 1264  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:10.0635 1264  WUDFRd - ok
09:59:10.0651 1264  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:59:10.0698 1264  wudfsvc - ok
09:59:10.0744 1264  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:59:10.0838 1264  WwanSvc - ok
09:59:10.0900 1264  ================ Scan global ===============================
09:59:10.0963 1264  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:59:10.0994 1264  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0025 1264  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0056 1264  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:59:11.0088 1264  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:59:11.0103 1264  [Global] - ok
09:59:11.0103 1264  ================ Scan MBR ==================================
09:59:11.0134 1264  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:59:11.0524 1264  \Device\Harddisk0\DR0 - ok
09:59:11.0524 1264  ================ Scan VBR ==================================
09:59:11.0540 1264  [ BA3A73C0DE26BAD73BCCFB6AC26533AF ] \Device\Harddisk0\DR0\Partition1
09:59:11.0540 1264  \Device\Harddisk0\DR0\Partition1 - ok
09:59:11.0571 1264  [ 3060373772EC618524416C70758621D4 ] \Device\Harddisk0\DR0\Partition2
09:59:11.0587 1264  \Device\Harddisk0\DR0\Partition2 - ok
09:59:11.0587 1264  ============================================================
09:59:11.0587 1264  Scan finished
09:59:11.0587 1264  ============================================================
09:59:11.0618 0756  Detected object count: 0
09:59:11.0618 0756  Actual detected object count: 0
10:02:07.0165 3936  Deinitialize success
         

Alt 23.05.2013, 10:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Log vom tdsskiller ist unvollständig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.05.2013, 10:12   #11
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Code:
ATTFilter
09:55:13.0076 1880  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:55:13.0292 1880  ============================================================
09:55:13.0292 1880  Current date / time: 2013/05/23 09:55:13.0292
09:55:13.0293 1880  SystemInfo:
09:55:13.0293 1880  
09:55:13.0293 1880  OS Version: 6.1.7601 ServicePack: 1.0
09:55:13.0293 1880  Product type: Workstation
09:55:13.0294 1880  ComputerName: NETBOOK
09:55:13.0295 1880  UserName: Ellen&Falko
09:55:13.0295 1880  Windows directory: C:\Windows
09:55:13.0295 1880  System windows directory: C:\Windows
09:55:13.0295 1880  Processor architecture: Intel x86
09:55:13.0295 1880  Number of processors: 2
09:55:13.0295 1880  Page size: 0x1000
09:55:13.0295 1880  Boot type: Normal boot
09:55:13.0295 1880  ============================================================
09:55:21.0911 1880  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:55:22.0014 1880  ============================================================
09:55:22.0015 1880  \Device\Harddisk0\DR0:
09:55:22.0051 1880  MBR partitions:
09:55:22.0051 1880  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
09:55:22.0051 1880  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
09:55:22.0051 1880  ============================================================
09:55:22.0902 1880  C: <-> \Device\Harddisk0\DR0\Partition2
09:55:22.0903 1880  ============================================================
09:55:22.0903 1880  Initialize success
09:55:22.0903 1880  ============================================================
09:58:16.0487 1264  ============================================================
09:58:16.0487 1264  Scan started
09:58:16.0487 1264  Mode: Manual; SigCheck; TDLFS; 
09:58:16.0487 1264  ============================================================
09:58:17.0548 1264  ================ Scan system memory ========================
09:58:17.0548 1264  System memory - ok
09:58:17.0548 1264  ================ Scan services =============================
09:58:18.0500 1264  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:58:18.0874 1264  1394ohci - ok
09:58:18.0952 1264  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:58:18.0999 1264  ACPI - ok
09:58:19.0046 1264  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:58:19.0202 1264  AcpiPmi - ok
09:58:19.0327 1264  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:58:19.0373 1264  AdobeARMservice - ok
09:58:19.0451 1264  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:19.0498 1264  AdobeFlashPlayerUpdateSvc - ok
09:58:19.0545 1264  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:19.0623 1264  adp94xx - ok
09:58:19.0654 1264  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:58:19.0701 1264  adpahci - ok
09:58:19.0732 1264  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:58:19.0763 1264  adpu320 - ok
09:58:19.0826 1264  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:58:19.0935 1264  AeLookupSvc - ok
09:58:19.0982 1264  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
09:58:20.0107 1264  AFD - ok
09:58:20.0138 1264  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
09:58:20.0169 1264  agp440 - ok
09:58:20.0216 1264  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
09:58:20.0247 1264  aic78xx - ok
09:58:20.0294 1264  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
09:58:20.0387 1264  ALG - ok
09:58:20.0403 1264  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:58:20.0450 1264  aliide - ok
09:58:20.0465 1264  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:58:20.0512 1264  amdagp - ok
09:58:20.0543 1264  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:58:20.0575 1264  amdide - ok
09:58:20.0606 1264  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:58:20.0731 1264  AmdK8 - ok
09:58:20.0746 1264  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:58:20.0824 1264  AmdPPM - ok
09:58:20.0887 1264  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:58:20.0918 1264  amdsata - ok
09:58:20.0949 1264  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:20.0980 1264  amdsbs - ok
09:58:21.0011 1264  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:58:21.0043 1264  amdxata - ok
09:58:21.0074 1264  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
09:58:21.0261 1264  AppID - ok
09:58:21.0292 1264  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:58:21.0386 1264  AppIDSvc - ok
09:58:21.0433 1264  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
09:58:21.0573 1264  Appinfo - ok
09:58:21.0604 1264  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:58:21.0651 1264  arc - ok
09:58:21.0682 1264  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:58:21.0713 1264  arcsas - ok
09:58:21.0745 1264  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:21.0947 1264  AsyncMac - ok
09:58:21.0979 1264  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
09:58:22.0010 1264  atapi - ok
09:58:22.0103 1264  [ AC4ADAC154563AB41CC79B0257BC685A ] athr            C:\Windows\system32\DRIVERS\athr.sys
09:58:22.0244 1264  athr - ok
09:58:22.0275 1264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:22.0400 1264  AudioEndpointBuilder - ok
09:58:22.0415 1264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:58:22.0493 1264  Audiosrv - ok
09:58:22.0556 1264  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:58:22.0712 1264  AxInstSV - ok
09:58:22.0759 1264  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
09:58:22.0915 1264  b06bdrv - ok
09:58:22.0946 1264  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
09:58:23.0008 1264  b57nd60x - ok
09:58:23.0149 1264  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
09:58:23.0305 1264  BCM43XX - ok
09:58:23.0351 1264  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:58:23.0507 1264  BDESVC - ok
09:58:23.0539 1264  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:58:23.0601 1264  Beep - ok
09:58:23.0663 1264  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
09:58:23.0788 1264  BFE - ok
09:58:23.0866 1264  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
09:58:23.0991 1264  BITS - ok
09:58:24.0038 1264  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:24.0085 1264  blbdrive - ok
09:58:24.0131 1264  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:58:24.0241 1264  bowser - ok
09:58:24.0256 1264  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:24.0334 1264  BrFiltLo - ok
09:58:24.0381 1264  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:24.0443 1264  BrFiltUp - ok
09:58:24.0490 1264  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
09:58:24.0631 1264  Browser - ok
09:58:24.0662 1264  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:58:24.0818 1264  Brserid - ok
09:58:24.0849 1264  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:24.0927 1264  BrSerWdm - ok
09:58:24.0958 1264  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:25.0036 1264  BrUsbMdm - ok
09:58:25.0067 1264  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:25.0130 1264  BrUsbSer - ok
09:58:25.0161 1264  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:25.0239 1264  BTHMODEM - ok
09:58:25.0317 1264  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
09:58:25.0411 1264  bthserv - ok
09:58:25.0457 1264  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:58:25.0582 1264  cdfs - ok
09:58:25.0645 1264  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:58:25.0707 1264  cdrom - ok
09:58:25.0769 1264  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:58:25.0879 1264  CertPropSvc - ok
09:58:25.0910 1264  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:58:25.0988 1264  circlass - ok
09:58:26.0050 1264  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
09:58:26.0113 1264  CLFS - ok
09:58:26.0191 1264  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:26.0222 1264  clr_optimization_v2.0.50727_32 - ok
09:58:26.0300 1264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:26.0362 1264  clr_optimization_v4.0.30319_32 - ok
09:58:26.0393 1264  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:26.0456 1264  CmBatt - ok
09:58:26.0518 1264  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:58:26.0549 1264  cmdide - ok
09:58:26.0596 1264  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:58:26.0674 1264  CNG - ok
09:58:26.0690 1264  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:58:26.0721 1264  Compbatt - ok
09:58:26.0768 1264  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:58:26.0830 1264  CompositeBus - ok
09:58:26.0846 1264  COMSysApp - ok
09:58:26.0893 1264  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:26.0924 1264  crcdisk - ok
09:58:26.0986 1264  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:58:27.0095 1264  CryptSvc - ok
09:58:27.0127 1264  [ 91BCE28C8E5F657F1EAEA93A4C68A9FF ] DCamUSBSTK016   C:\Windows\system32\DRIVERS\STK016W2.sys
09:58:27.0189 1264  DCamUSBSTK016 - ok
09:58:27.0236 1264  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:58:27.0329 1264  DcomLaunch - ok
09:58:27.0361 1264  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:58:27.0485 1264  defragsvc - ok
09:58:27.0532 1264  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:58:27.0641 1264  DfsC - ok
09:58:27.0688 1264  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:58:27.0813 1264  Dhcp - ok
09:58:27.0844 1264  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
09:58:27.0953 1264  discache - ok
09:58:28.0000 1264  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:58:28.0047 1264  Disk - ok
09:58:28.0078 1264  [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
09:58:28.0109 1264  DKbFltr - ok
09:58:28.0156 1264  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:58:28.0250 1264  Dnscache - ok
09:58:28.0312 1264  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:58:28.0406 1264  dot3svc - ok
09:58:28.0468 1264  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
09:58:28.0531 1264  DPS - ok
09:58:28.0562 1264  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:58:28.0609 1264  drmkaud - ok
09:58:28.0655 1264  [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService   C:\Program Files\Launch Manager\dsiwmis.exe
09:58:28.0687 1264  DsiWMIService - ok
09:58:28.0749 1264  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:58:28.0811 1264  DXGKrnl - ok
09:58:28.0843 1264  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
09:58:28.0952 1264  EapHost - ok
09:58:29.0108 1264  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
09:58:29.0326 1264  ebdrv - ok
09:58:29.0404 1264  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
09:58:29.0482 1264  EFS - ok
09:58:29.0529 1264  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:58:29.0591 1264  elxstor - ok
09:58:29.0669 1264  [ 7FC5C35144B2FF94FD65576D8C129D2B ] ePowerSvc       C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
09:58:29.0732 1264  ePowerSvc - ok
09:58:29.0747 1264  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:58:29.0810 1264  ErrDev - ok
09:58:29.0903 1264  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
09:58:30.0013 1264  EventSystem - ok
09:58:30.0075 1264  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
09:58:30.0169 1264  exfat - ok
09:58:30.0215 1264  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:58:30.0325 1264  fastfat - ok
09:58:30.0403 1264  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
09:58:30.0559 1264  Fax - ok
09:58:30.0590 1264  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:58:30.0668 1264  fdc - ok
09:58:30.0715 1264  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
09:58:30.0793 1264  fdPHost - ok
09:58:30.0808 1264  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
09:58:30.0917 1264  FDResPub - ok
09:58:30.0964 1264  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:58:30.0995 1264  FileInfo - ok
09:58:31.0011 1264  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:58:31.0089 1264  Filetrace - ok
09:58:31.0136 1264  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:31.0214 1264  flpydisk - ok
09:58:31.0245 1264  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:58:31.0292 1264  FltMgr - ok
09:58:31.0370 1264  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
09:58:31.0526 1264  FontCache - ok
09:58:31.0619 1264  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:58:31.0651 1264  FontCache3.0.0.0 - ok
09:58:31.0697 1264  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:58:31.0729 1264  FsDepends - ok
09:58:31.0760 1264  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:58:31.0791 1264  Fs_Rec - ok
09:58:31.0838 1264  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:58:31.0885 1264  fvevol - ok
09:58:31.0916 1264  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:31.0947 1264  gagp30kx - ok
09:58:32.0009 1264  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:58:32.0119 1264  gpsvc - ok
09:58:32.0228 1264  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files\eMachines\Registration\GregHSRW.exe
09:58:32.0306 1264  Greg_Service - ok
09:58:32.0353 1264  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0384 1264  gupdate - ok
09:58:32.0399 1264  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0431 1264  gupdatem - ok
09:58:32.0477 1264  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:58:32.0649 1264  hcw85cir - ok
09:58:32.0680 1264  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:32.0743 1264  HdAudAddService - ok
09:58:32.0774 1264  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:58:32.0836 1264  HDAudBus - ok
09:58:32.0899 1264  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:32.0961 1264  HidBatt - ok
09:58:33.0008 1264  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:58:33.0086 1264  HidBth - ok
09:58:33.0117 1264  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:58:33.0195 1264  HidIr - ok
09:58:33.0242 1264  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
09:58:33.0351 1264  hidserv - ok
09:58:33.0398 1264  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:58:33.0445 1264  HidUsb - ok
09:58:33.0491 1264  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:58:33.0585 1264  hkmsvc - ok
09:58:33.0647 1264  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:33.0788 1264  HomeGroupListener - ok
09:58:33.0835 1264  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:33.0913 1264  HomeGroupProvider - ok
09:58:33.0959 1264  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:58:33.0991 1264  HpSAMD - ok
09:58:34.0053 1264  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:58:34.0131 1264  HTTP - ok
09:58:34.0178 1264  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:58:34.0225 1264  hwpolicy - ok
09:58:34.0256 1264  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:58:34.0318 1264  i8042prt - ok
09:58:34.0396 1264  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:58:34.0443 1264  IAANTMON - ok
09:58:34.0490 1264  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:58:34.0521 1264  iaStor - ok
09:58:34.0568 1264  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:58:34.0615 1264  iaStorV - ok
09:58:34.0693 1264  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:58:34.0771 1264  idsvc - ok
09:58:34.0942 1264  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
09:58:35.0254 1264  igfx - ok
09:58:35.0285 1264  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:58:35.0332 1264  iirsp - ok
09:58:35.0379 1264  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:58:35.0504 1264  IKEEXT - ok
09:58:35.0644 1264  [ F2BAA4FF548F7F0317F7638951C1CD9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:58:35.0785 1264  IntcAzAudAddService - ok
09:58:35.0894 1264  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:58:35.0925 1264  intelide - ok
09:58:35.0972 1264  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:58:36.0034 1264  intelppm - ok
09:58:36.0097 1264  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:58:36.0206 1264  IPBusEnum - ok
09:58:36.0237 1264  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:36.0346 1264  IpFilterDriver - ok
09:58:36.0409 1264  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:58:36.0549 1264  iphlpsvc - ok
09:58:36.0596 1264  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:58:36.0643 1264  IPMIDRV - ok
09:58:36.0674 1264  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:58:36.0783 1264  IPNAT - ok
09:58:36.0814 1264  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:58:36.0939 1264  IRENUM - ok
09:58:36.0970 1264  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:58:37.0001 1264  isapnp - ok
09:58:37.0048 1264  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:58:37.0095 1264  iScsiPrt - ok
09:58:37.0126 1264  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:58:37.0157 1264  kbdclass - ok
09:58:37.0189 1264  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:58:37.0251 1264  kbdhid - ok
09:58:37.0298 1264  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
09:58:37.0329 1264  KeyIso - ok
09:58:37.0345 1264  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:58:37.0391 1264  KSecDD - ok
09:58:37.0438 1264  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:58:37.0485 1264  KSecPkg - ok
09:58:37.0532 1264  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:58:37.0641 1264  KtmRm - ok
09:58:37.0703 1264  [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
09:58:37.0781 1264  L1C - ok
09:58:37.0844 1264  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:58:37.0937 1264  LanmanServer - ok
09:58:38.0000 1264  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:38.0093 1264  LanmanWorkstation - ok
09:58:38.0171 1264  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:58:38.0265 1264  lltdio - ok
09:58:38.0327 1264  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:58:38.0437 1264  lltdsvc - ok
09:58:38.0452 1264  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:58:38.0530 1264  lmhosts - ok
09:58:38.0561 1264  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:58:38.0608 1264  LSI_FC - ok
09:58:38.0639 1264  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:58:38.0671 1264  LSI_SAS - ok
09:58:38.0702 1264  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:58:38.0733 1264  LSI_SAS2 - ok
09:58:38.0780 1264  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:58:38.0811 1264  LSI_SCSI - ok
09:58:38.0842 1264  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
09:58:38.0936 1264  luafv - ok
09:58:39.0029 1264  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:58:39.0076 1264  MBAMProtector - ok
09:58:39.0154 1264  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:58:39.0201 1264  MBAMScheduler - ok
09:58:39.0263 1264  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:58:39.0326 1264  MBAMService - ok
09:58:39.0357 1264  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:58:39.0404 1264  megasas - ok
09:58:39.0419 1264  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:58:39.0466 1264  MegaSR - ok
09:58:39.0513 1264  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
09:58:39.0622 1264  MMCSS - ok
09:58:39.0653 1264  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
09:58:39.0763 1264  Modem - ok
09:58:39.0809 1264  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:58:39.0872 1264  monitor - ok
09:58:39.0934 1264  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:58:39.0965 1264  mouclass - ok
09:58:39.0981 1264  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:58:40.0059 1264  mouhid - ok
09:58:40.0106 1264  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:58:40.0153 1264  mountmgr - ok
09:58:40.0199 1264  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:58:40.0262 1264  MpFilter - ok
09:58:40.0277 1264  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:58:40.0324 1264  mpio - ok
09:58:40.0465 1264  [ A69630D039C38018689190234F866D77 ] MpKsl269d15e6   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2202B0F2-9AD4-40B1-8EF9-9144F39B802E}\MpKsl269d15e6.sys
09:58:40.0496 1264  MpKsl269d15e6 - ok
09:58:40.0543 1264  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:58:40.0636 1264  mpsdrv - ok
09:58:40.0699 1264  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:58:40.0839 1264  MpsSvc - ok
09:58:40.0886 1264  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:58:40.0964 1264  MRxDAV - ok
09:58:41.0011 1264  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:41.0120 1264  mrxsmb - ok
09:58:41.0167 1264  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:41.0245 1264  mrxsmb10 - ok
09:58:41.0291 1264  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:41.0354 1264  mrxsmb20 - ok
09:58:41.0416 1264  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
09:58:41.0447 1264  msahci - ok
09:58:41.0494 1264  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:58:41.0525 1264  msdsm - ok
09:58:41.0557 1264  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
09:58:41.0619 1264  MSDTC - ok
09:58:41.0697 1264  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:58:41.0775 1264  Msfs - ok
09:58:41.0791 1264  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:58:41.0869 1264  mshidkmdf - ok
09:58:41.0900 1264  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:58:41.0931 1264  msisadrv - ok
09:58:41.0978 1264  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:58:42.0087 1264  MSiSCSI - ok
09:58:42.0087 1264  msiserver - ok
09:58:42.0134 1264  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:58:42.0212 1264  MSKSSRV - ok
09:58:42.0290 1264  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:58:42.0321 1264  MsMpSvc - ok
09:58:42.0352 1264  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:42.0461 1264  MSPCLOCK - ok
09:58:42.0508 1264  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:58:42.0617 1264  MSPQM - ok
09:58:42.0649 1264  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:58:42.0695 1264  MsRPC - ok
09:58:42.0727 1264  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:58:42.0773 1264  mssmbios - ok
09:58:42.0773 1264  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:58:42.0851 1264  MSTEE - ok
09:58:42.0883 1264  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:58:42.0914 1264  MTConfig - ok
09:58:42.0945 1264  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:58:42.0976 1264  Mup - ok
09:58:43.0039 1264  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
09:58:43.0117 1264  napagent - ok
09:58:43.0163 1264  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:58:43.0226 1264  NativeWifiP - ok
09:58:43.0288 1264  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:58:43.0366 1264  NDIS - ok
09:58:43.0413 1264  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:43.0522 1264  NdisCap - ok
09:58:43.0553 1264  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:43.0663 1264  NdisTapi - ok
09:58:43.0725 1264  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:43.0819 1264  Ndisuio - ok
09:58:43.0897 1264  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:43.0990 1264  NdisWan - ok
09:58:44.0037 1264  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:58:44.0146 1264  NDProxy - ok
09:58:44.0193 1264  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:58:44.0302 1264  NetBIOS - ok
09:58:44.0365 1264  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:58:44.0474 1264  NetBT - ok
09:58:44.0521 1264  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
09:58:44.0552 1264  Netlogon - ok
09:58:44.0614 1264  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
09:58:44.0723 1264  Netman - ok
09:58:44.0786 1264  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
09:58:44.0895 1264  netprofm - ok
09:58:44.0957 1264  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:44.0989 1264  NetTcpPortSharing - ok
09:58:45.0020 1264  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:58:45.0051 1264  nfrd960 - ok
09:58:45.0129 1264  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:58:45.0176 1264  NisDrv - ok
09:58:45.0223 1264  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
09:58:45.0269 1264  NisSrv - ok
09:58:45.0316 1264  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:58:45.0394 1264  NlaSvc - ok
09:58:45.0441 1264  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:58:45.0519 1264  Npfs - ok
09:58:45.0550 1264  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
09:58:45.0628 1264  nsi - ok
09:58:45.0675 1264  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:58:45.0769 1264  nsiproxy - ok
09:58:45.0862 1264  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:58:45.0956 1264  Ntfs - ok
09:58:46.0003 1264  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
09:58:46.0096 1264  Null - ok
09:58:46.0143 1264  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:58:46.0190 1264  nvraid - ok
09:58:46.0221 1264  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:58:46.0268 1264  nvstor - ok
09:58:46.0299 1264  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:58:46.0346 1264  nv_agp - ok
09:58:46.0377 1264  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:58:46.0424 1264  ohci1394 - ok
09:58:46.0471 1264  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:58:46.0611 1264  p2pimsvc - ok
09:58:46.0658 1264  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:58:46.0736 1264  p2psvc - ok
09:58:46.0783 1264  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:58:46.0861 1264  Parport - ok
09:58:46.0907 1264  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:58:46.0939 1264  partmgr - ok
09:58:46.0970 1264  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:58:47.0032 1264  Parvdm - ok
09:58:47.0079 1264  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:58:47.0141 1264  PcaSvc - ok
09:58:47.0173 1264  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
09:58:47.0219 1264  pci - ok
09:58:47.0251 1264  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
09:58:47.0282 1264  pciide - ok
09:58:47.0344 1264  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:58:47.0375 1264  pcmcia - ok
09:58:47.0407 1264  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
09:58:47.0453 1264  pcw - ok
09:58:47.0500 1264  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:58:47.0625 1264  PEAUTH - ok
09:58:47.0750 1264  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
09:58:47.0890 1264  pla - ok
09:58:47.0984 1264  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:58:48.0109 1264  PlugPlay - ok
09:58:48.0171 1264  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:58:48.0233 1264  PNRPAutoReg - ok
09:58:48.0280 1264  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:58:48.0327 1264  PNRPsvc - ok
09:58:48.0374 1264  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:58:48.0499 1264  PolicyAgent - ok
09:58:48.0577 1264  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
09:58:48.0655 1264  Power - ok
09:58:48.0701 1264  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:58:48.0779 1264  PptpMiniport - ok
09:58:48.0811 1264  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:58:48.0889 1264  Processor - ok
09:58:48.0951 1264  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
09:58:49.0060 1264  ProfSvc - ok
09:58:49.0091 1264  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:58:49.0123 1264  ProtectedStorage - ok
09:58:49.0154 1264  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:58:49.0247 1264  Psched - ok
09:58:49.0325 1264  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:58:49.0435 1264  ql2300 - ok
09:58:49.0466 1264  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:58:49.0513 1264  ql40xx - ok
09:58:49.0559 1264  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
09:58:49.0622 1264  QWAVE - ok
09:58:49.0637 1264  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:58:49.0684 1264  QWAVEdrv - ok
09:58:49.0731 1264  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:58:49.0809 1264  RasAcd - ok
09:58:49.0840 1264  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:58:49.0903 1264  RasAgileVpn - ok
09:58:49.0918 1264  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
09:58:50.0012 1264  RasAuto - ok
09:58:50.0027 1264  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:50.0137 1264  Rasl2tp - ok
09:58:50.0183 1264  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
09:58:50.0293 1264  RasMan - ok
09:58:50.0339 1264  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:50.0417 1264  RasPppoe - ok
09:58:50.0449 1264  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:58:50.0573 1264  RasSstp - ok
09:58:50.0620 1264  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:58:50.0729 1264  rdbss - ok
09:58:50.0761 1264  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:58:50.0823 1264  rdpbus - ok
09:58:50.0885 1264  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:50.0979 1264  RDPCDD - ok
09:58:51.0026 1264  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:58:51.0135 1264  RDPENCDD - ok
09:58:51.0182 1264  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:58:51.0291 1264  RDPREFMP - ok
09:58:51.0369 1264  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:58:51.0494 1264  RdpVideoMiniport - ok
09:58:51.0541 1264  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:58:51.0665 1264  RDPWD - ok
09:58:51.0712 1264  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:58:51.0759 1264  rdyboost - ok
09:58:51.0806 1264  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:58:51.0915 1264  RemoteAccess - ok
09:58:51.0977 1264  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:58:52.0087 1264  RemoteRegistry - ok
09:58:52.0133 1264  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:58:52.0243 1264  RpcEptMapper - ok
09:58:52.0305 1264  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
09:58:52.0336 1264  RpcLocator - ok
09:58:52.0383 1264  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
09:58:52.0461 1264  RpcSs - ok
09:58:52.0508 1264  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:58:52.0633 1264  rspndr - ok
09:58:52.0695 1264  [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
09:58:52.0789 1264  RSUSBSTOR - ok
09:58:52.0835 1264  [ 325590E7E9587459643BA24D2CF73BF2 ] RTL8187         C:\Windows\system32\DRIVERS\rtl8187.sys
09:58:52.0913 1264  RTL8187 - ok
09:58:52.0929 1264  RtsUIR - ok
09:58:52.0960 1264  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
09:58:52.0991 1264  s0016bus - ok
09:58:53.0023 1264  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
09:58:53.0054 1264  s0016mdfl - ok
09:58:53.0085 1264  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
09:58:53.0116 1264  s0016mdm - ok
09:58:53.0147 1264  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
09:58:53.0179 1264  s0016mgmt - ok
09:58:53.0194 1264  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
09:58:53.0225 1264  s0016obex - ok
09:58:53.0257 1264  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
09:58:53.0288 1264  SamSs - ok
09:58:53.0335 1264  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:58:53.0381 1264  sbp2port - ok
09:58:53.0428 1264  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:58:53.0522 1264  SCardSvr - ok
09:58:53.0569 1264  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:58:53.0662 1264  scfilter - ok
09:58:53.0709 1264  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
09:58:53.0850 1264  Schedule - ok
09:58:53.0881 1264  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:58:53.0959 1264  SCPolicySvc - ok
09:58:54.0006 1264  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:58:54.0130 1264  SDRSVC - ok
09:58:54.0255 1264  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:58:54.0318 1264  SDScannerService - ok
09:58:54.0411 1264  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:58:54.0505 1264  SDUpdateService - ok
09:58:54.0567 1264  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:58:54.0598 1264  SDWSCService - ok
09:58:54.0645 1264  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:58:54.0754 1264  secdrv - ok
09:58:54.0801 1264  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
09:58:54.0910 1264  seclogon - ok
09:58:54.0942 1264  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
09:58:55.0051 1264  SENS - ok
09:58:55.0098 1264  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:58:55.0176 1264  Serenum - ok
09:58:55.0222 1264  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:58:55.0269 1264  Serial - ok
09:58:55.0300 1264  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:58:55.0363 1264  sermouse - ok
09:58:55.0456 1264  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:58:55.0550 1264  SessionEnv - ok
09:58:55.0612 1264  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:58:55.0706 1264  sffdisk - ok
09:58:55.0737 1264  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:58:55.0784 1264  sffp_mmc - ok
09:58:55.0800 1264  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:58:55.0846 1264  sffp_sd - ok
09:58:55.0878 1264  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:55.0940 1264  sfloppy - ok
09:58:56.0034 1264  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:58:56.0127 1264  SharedAccess - ok
09:58:56.0158 1264  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:58:56.0268 1264  ShellHWDetection - ok
09:58:56.0314 1264  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:58:56.0346 1264  sisagp - ok
09:58:56.0392 1264  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:58:56.0424 1264  SiSRaid2 - ok
09:58:56.0455 1264  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:58:56.0486 1264  SiSRaid4 - ok
09:58:56.0517 1264  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:58:56.0611 1264  Smb - ok
09:58:56.0658 1264  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:58:56.0689 1264  SNMPTRAP - ok
09:58:56.0720 1264  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:58:56.0767 1264  spldr - ok
09:58:56.0814 1264  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
09:58:56.0954 1264  Spooler - ok
09:58:57.0094 1264  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
09:58:57.0344 1264  sppsvc - ok
09:58:57.0422 1264  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:58:57.0484 1264  sppuinotify - ok
09:58:57.0562 1264  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:58:57.0672 1264  srv - ok
09:58:57.0734 1264  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:58:57.0812 1264  srv2 - ok
09:58:57.0843 1264  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:58:57.0906 1264  srvnet - ok
09:58:57.0968 1264  [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
09:58:58.0062 1264  sscdbus - ok
09:58:58.0093 1264  [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:58:58.0171 1264  sscdmdfl - ok
09:58:58.0218 1264  [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
09:58:58.0280 1264  sscdmdm - ok
09:58:58.0327 1264  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:58:58.0452 1264  SSDPSRV - ok
09:58:58.0498 1264  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:58:58.0576 1264  SstpSvc - ok
09:58:58.0623 1264  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:58:58.0654 1264  stexstor - ok
09:58:58.0717 1264  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
09:58:58.0810 1264  StiSvc - ok
09:58:58.0857 1264  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:58:58.0888 1264  swenum - ok
09:58:58.0935 1264  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
09:58:59.0044 1264  swprv - ok
09:58:59.0138 1264  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
09:58:59.0232 1264  SysMain - ok
09:58:59.0263 1264  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:58:59.0356 1264  TabletInputService - ok
09:58:59.0434 1264  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:58:59.0544 1264  TapiSrv - ok
09:58:59.0606 1264  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
09:58:59.0715 1264  TBS - ok
09:58:59.0809 1264  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:58:59.0902 1264  Tcpip - ok
09:58:59.0949 1264  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:59:00.0027 1264  TCPIP6 - ok
09:59:00.0090 1264  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:59:00.0152 1264  tcpipreg - ok
09:59:00.0214 1264  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:59:00.0324 1264  TDPIPE - ok
09:59:00.0370 1264  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:59:00.0433 1264  TDTCP - ok
09:59:00.0495 1264  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:59:00.0589 1264  tdx - ok
09:59:00.0651 1264  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:59:00.0682 1264  TermDD - ok
09:59:00.0760 1264  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
09:59:00.0870 1264  TermService - ok
09:59:00.0901 1264  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
09:59:00.0948 1264  Themes - ok
09:59:00.0979 1264  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:59:01.0057 1264  THREADORDER - ok
09:59:01.0088 1264  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
09:59:01.0197 1264  TrkWks - ok
09:59:01.0291 1264  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:01.0400 1264  TrustedInstaller - ok
09:59:01.0478 1264  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:01.0556 1264  tssecsrv - ok
09:59:01.0603 1264  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:59:01.0665 1264  TsUsbFlt - ok
09:59:01.0696 1264  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:59:01.0806 1264  tunnel - ok
09:59:01.0852 1264  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:59:01.0899 1264  uagp35 - ok
09:59:01.0930 1264  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:59:02.0040 1264  udfs - ok
09:59:02.0102 1264  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:59:02.0180 1264  UI0Detect - ok
09:59:02.0227 1264  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:59:02.0258 1264  uliagpkx - ok
09:59:02.0305 1264  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
09:59:02.0336 1264  umbus - ok
09:59:02.0383 1264  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:59:02.0445 1264  UmPass - ok
09:59:02.0523 1264  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
09:59:02.0554 1264  Updater Service - ok
09:59:02.0601 1264  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
09:59:02.0695 1264  upnphost - ok
09:59:02.0742 1264  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:02.0851 1264  usbccgp - ok
09:59:02.0866 1264  USBCCID - ok
09:59:02.0929 1264  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:59:02.0976 1264  usbcir - ok
09:59:03.0007 1264  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:59:03.0038 1264  usbehci - ok
09:59:03.0069 1264  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:59:03.0147 1264  usbhub - ok
09:59:03.0210 1264  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:59:03.0256 1264  usbohci - ok
09:59:03.0319 1264  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:59:03.0350 1264  usbprint - ok
09:59:03.0397 1264  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:59:03.0459 1264  usbscan - ok
09:59:03.0522 1264  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:03.0631 1264  USBSTOR - ok
09:59:03.0678 1264  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:59:03.0709 1264  usbuhci - ok
09:59:03.0756 1264  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:59:03.0834 1264  usbvideo - ok
09:59:03.0880 1264  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
09:59:03.0974 1264  UxSms - ok
09:59:04.0005 1264  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
09:59:04.0052 1264  VaultSvc - ok
09:59:04.0068 1264  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:59:04.0099 1264  vdrvroot - ok
09:59:04.0161 1264  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
09:59:04.0286 1264  vds - ok
09:59:04.0333 1264  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:04.0395 1264  vga - ok
09:59:04.0426 1264  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:59:04.0536 1264  VgaSave - ok
09:59:04.0598 1264  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:59:04.0629 1264  vhdmp - ok
09:59:04.0660 1264  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:59:04.0692 1264  viaagp - ok
09:59:04.0723 1264  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
09:59:04.0816 1264  ViaC7 - ok
09:59:04.0848 1264  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
09:59:04.0894 1264  viaide - ok
09:59:04.0910 1264  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:59:04.0941 1264  volmgr - ok
09:59:04.0972 1264  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:59:05.0035 1264  volmgrx - ok
09:59:05.0066 1264  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:59:05.0113 1264  volsnap - ok
09:59:05.0144 1264  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:59:05.0175 1264  vsmraid - ok
09:59:05.0253 1264  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
09:59:05.0394 1264  VSS - ok
09:59:05.0456 1264  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:05.0518 1264  vwifibus - ok
09:59:05.0550 1264  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:05.0596 1264  vwififlt - ok
09:59:05.0628 1264  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:59:05.0674 1264  vwifimp - ok
09:59:05.0721 1264  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
09:59:05.0846 1264  W32Time - ok
09:59:05.0908 1264  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:59:05.0971 1264  WacomPen - ok
09:59:06.0033 1264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0096 1264  WANARP - ok
09:59:06.0111 1264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0189 1264  Wanarpv6 - ok
09:59:06.0267 1264  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
09:59:06.0423 1264  wbengine - ok
09:59:06.0470 1264  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:59:06.0532 1264  WbioSrvc - ok
09:59:06.0595 1264  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:59:06.0688 1264  wcncsvc - ok
09:59:06.0720 1264  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:06.0860 1264  WcsPlugInService - ok
09:59:06.0907 1264  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:59:06.0938 1264  Wd - ok
09:59:07.0000 1264  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:59:07.0078 1264  Wdf01000 - ok
09:59:07.0110 1264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:59:07.0250 1264  WdiServiceHost - ok
09:59:07.0266 1264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:59:07.0328 1264  WdiSystemHost - ok
09:59:07.0375 1264  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
09:59:07.0453 1264  WebClient - ok
09:59:07.0515 1264  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:59:07.0609 1264  Wecsvc - ok
09:59:07.0624 1264  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:59:07.0734 1264  wercplsupport - ok
09:59:07.0765 1264  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:59:07.0874 1264  WerSvc - ok
09:59:07.0921 1264  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:08.0014 1264  WfpLwf - ok
09:59:08.0030 1264  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:59:08.0077 1264  WIMMount - ok
09:59:08.0155 1264  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:59:08.0248 1264  WinDefend - ok
09:59:08.0280 1264  WinHttpAutoProxySvc - ok
09:59:08.0358 1264  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:59:08.0451 1264  Winmgmt - ok
09:59:08.0545 1264  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
09:59:08.0701 1264  WinRM - ok
09:59:08.0748 1264  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:08.0826 1264  WinUsb - ok
09:59:08.0888 1264  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:59:08.0997 1264  Wlansvc - ok
09:59:09.0044 1264  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:59:09.0122 1264  WmiAcpi - ok
09:59:09.0184 1264  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:59:09.0247 1264  wmiApSrv - ok
09:59:09.0356 1264  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:09.0481 1264  WMPNetworkSvc - ok
09:59:09.0512 1264  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:59:09.0652 1264  WPCSvc - ok
09:59:09.0699 1264  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:59:09.0808 1264  WPDBusEnum - ok
09:59:09.0855 1264  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:59:09.0949 1264  ws2ifsl - ok
09:59:10.0011 1264  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
09:59:10.0089 1264  wscsvc - ok
09:59:10.0105 1264  WSearch - ok
09:59:10.0230 1264  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:59:10.0354 1264  wuauserv - ok
09:59:10.0401 1264  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:59:10.0542 1264  WudfPf - ok
09:59:10.0573 1264  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:10.0635 1264  WUDFRd - ok
09:59:10.0651 1264  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:59:10.0698 1264  wudfsvc - ok
09:59:10.0744 1264  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:59:10.0838 1264  WwanSvc - ok
09:59:10.0900 1264  ================ Scan global ===============================
09:59:10.0963 1264  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:59:10.0994 1264  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0025 1264  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0056 1264  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:59:11.0088 1264  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:59:11.0103 1264  [Global] - ok
09:59:11.0103 1264  ================ Scan MBR ==================================
09:59:11.0134 1264  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:59:11.0524 1264  \Device\Harddisk0\DR0 - ok
09:59:11.0524 1264  ================ Scan VBR ==================================
09:59:11.0540 1264  [ BA3A73C0DE26BAD73BCCFB6AC26533AF ] \Device\Harddisk0\DR0\Partition1
09:59:11.0540 1264  \Device\Harddisk0\DR0\Partition1 - ok
09:59:11.0571 1264  [ 3060373772EC618524416C70758621D4 ] \Device\Harddisk0\DR0\Partition2
09:59:11.0587 1264  \Device\Harddisk0\DR0\Partition2 - ok
09:59:11.0587 1264  ============================================================
09:59:11.0587 1264  Scan finished
09:59:11.0587 1264  ============================================================
09:59:11.0618 0756  Detected object count: 0
09:59:11.0618 0756  Actual detected object count: 0
10:02:07.0165 3936  Deinitialize success
         

Alt 23.05.2013, 11:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.05.2013, 12:18   #13
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonic_ggl_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonic_ggl_1_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2195EA02-8567-4C19-B3DF-09A3A2B5BE46}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{545D815E-9CDA-41C3-B6D9-FCE02A570083}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e" 



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Ellen&Falko\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Ellen&Falko\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files\iminent"
Successfully deleted: [Folder] "C:\ProgramData\ask" 



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 12:41:17,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 23/05/2013 um 12:45:36 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Ellen&Falko - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ellen&Falko\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Local\APN
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5fe8fd0b669ed49
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Ellen&Falko\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://start.icq.com/
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[S1].txt - [7762 octets] - [23/05/2013 12:45:36]

########## EOF - C:\AdwCleaner[S1].txt - [7822 octets] ##########
         
OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2013 12:53:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellen&Falko\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,95 Mb Total Physical Memory | 90,59 Mb Available Physical Memory | 8,93% Memory free
1,99 Gb Paging File | 0,88 Gb Available in Paging File | 44,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 111,62 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16478A67-B4FA-468E-BB87-0A8AFE8B5654}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3761706F-686E-4D3A-8E0E-2CD3C6ECBDF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{460890D0-36B6-48AB-BD3C-D047D181FB49}" = rport=137 | protocol=17 | dir=out | app=system | 
"{52ED89F1-9113-44C8-BE8D-4E5AADA2ACCD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{592A051A-E3BA-4FFF-B07D-F8D4D9EEA44C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5BDCEE4D-1E31-42F7-BA30-B0D2C42F0FD4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6168A646-E85B-413A-87B8-C01E264CC668}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8A1FAAFF-B648-40CA-8657-6D401E6D2C03}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BBE999DB-F469-4CD6-ADE8-4DDC4AF2B3F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6378B13-9A1F-4205-8993-766C309A6F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6FEC05C-B9F8-4920-BF64-A85F2F37AE35}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8D0F047-5325-41BF-8EAB-DA25CD60EC3C}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75F61BC4-9F28-4F99-B342-BC488BD7CF92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8C8B8631-409E-449C-90DA-2C6F7B122542}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A51DE423-E4A0-44EA-A44E-D5997D634015}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CF669F38-918A-4E88-B1BE-78064C16392B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1F4D6F5-691B-47BE-A3E0-BCCD86C78948}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{4AD139A2-A880-4353-95B5-BA56717C82DC}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | 
"UDP Query User{A2F0B9C9-8AD6-4E72-A9A8-957B1E972E8F}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"Intelli-studio" = SAMSUNG Intelli-studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"PhotoScape" = PhotoScape
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Spybot - Search and Destroy Events ]
Error - 17.05.2013 11:14:14 | Computer Name = Netbook | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 23.05.2013 06:48:58 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 23.05.2013 06:49:12 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
OTL:
Code:
ATTFilter
OTL logfile created on: 23.05.2013 12:53:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ellen&Falko\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,95 Mb Total Physical Memory | 90,59 Mb Available Physical Memory | 8,93% Memory free
1,99 Gb Paging File | 0,88 Gb Available in Paging File | 44,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 111,62 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ellen&Falko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Windows\System32\DeviceDisplayObjectProvider.exe (Microsoft Corporation)
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll ()
MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Greg_Service) -- C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (DCamUSBSTK016) -- C:\Windows\System32\drivers\STK016W2.sys (Syntek Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/$22/ [binary data]
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.gamehitzone.com/?utm_source=FreightTrainSimulator&utm_medium=start
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_de___DE375
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ellen&Falko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.05 14:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.17 14:55:47 | 000,000,000 | ---D | M]
 
[2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions
[2010.09.20 17:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Sunbird\Profiles\csl13q1y.default\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: chrome://newtab
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\
CHR - Extension: Adblock Plus = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D0B155-91EA-43C5-A360-B4DBE54D561E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A1D608-002F-4B99-B008-B7D6ACCA6463}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.09 19:36:50 | 000,000,116 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell - "" = AutoRun
O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell\AutoRun\command - "" = D:\iLinker.exe
O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell - "" = AutoRun
O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell\AutoRun\command - "" = D:\NPSAI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 12:49:55 | 000,000,000 | R--D | C] -- C:\Users\Ellen&Falko\Searches
[2013.05.23 12:35:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.23 12:34:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.23 12:28:17 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ellen&Falko\Desktop\JRT.exe
[2013.05.23 09:13:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ellen&Falko\Desktop\tdsskiller.exe
[2013.05.23 09:13:40 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ellen&Falko\Desktop\aswMBR.exe
[2013.05.22 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\mbar-1.05.0.1001 (1)
[2013.05.22 22:23:18 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\OTL Log
[2013.05.21 19:41:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe
[2013.05.21 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\Documents\ProcAlyzer Dumps
[2013.05.17 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Local\NPE
[2013.05.17 16:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.17 16:06:19 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.05.17 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.05.16 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.16 17:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.16 17:34:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.16 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.16 15:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.05.16 15:18:45 | 000,000,000 | --SD | C] -- C:\Users\Ellen&Falko\Desktop\Documents\Passwords Database
[2013.05.16 13:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.16 13:12:20 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\QuickScan
[2013.05.16 12:45:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 12:45:15 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 12:45:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 12:45:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 12:45:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 12:45:10 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 12:45:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 12:45:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 12:45:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 12:16:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 12:16:53 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 12:16:51 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 12:16:34 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.16 12:16:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\Ccwmcwpyk
[2013.05.15 12:21:04 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.04.28 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Posteriza
[2013.04.23 16:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.23 16:17:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2009.11.13 23:32:00 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 12:57:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 12:57:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 12:49:23 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 12:48:43 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 12:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 12:48:23 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 12:34:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000UA.job
[2013.05.23 12:29:05 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ellen&Falko\Desktop\JRT.exe
[2013.05.23 12:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 09:15:35 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ellen&Falko\Desktop\aswMBR.exe
[2013.05.23 09:14:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ellen&Falko\Desktop\tdsskiller.exe
[2013.05.22 22:23:07 | 000,377,856 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\gmer_2.1.19163.exe
[2013.05.22 19:34:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000Core.job
[2013.05.21 20:19:21 | 000,000,064 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan
[2013.05.21 19:41:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe
[2013.05.21 18:42:45 | 000,353,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.21 11:47:05 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.21 11:47:05 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.21 11:47:04 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.21 11:47:04 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.20 16:15:08 | 000,012,416 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat
[2013.05.17 16:06:39 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.17 11:09:00 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.16 20:24:12 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.16 18:51:37 | 000,628,743 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\adwcleaner.exe
[2013.05.16 17:36:37 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.16 15:25:21 | 000,002,102 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk
[2013.05.16 15:12:21 | 000,056,832 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Rechnungen.xlr
[2013.05.15 12:21:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:21:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 12:21:10 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.05.03 14:59:35 | 000,000,922 | ---- | M] () -- C:\Windows\posteriza.INI
[2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.22 22:22:45 | 000,377,856 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\gmer_2.1.19163.exe
[2013.05.21 20:19:21 | 000,000,064 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan
[2013.05.21 18:42:24 | 000,353,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 16:06:39 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.17 16:06:39 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.05.16 18:50:51 | 000,628,743 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\adwcleaner.exe
[2013.05.16 17:36:37 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.16 15:25:21 | 000,002,102 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk
[2012.12.15 15:24:08 | 000,002,809 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2012.12.12 14:33:07 | 000,010,495 | ---- | C] () -- C:\Users\Ellen&Falko\Ellen_elster_2048.pfx
[2012.08.04 23:15:51 | 000,002,681 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\recently-used.xbel
[2012.08.04 22:00:50 | 000,003,072 | -H-- | C] () -- C:\Users\Ellen&Falko\photothumb.db
[2011.11.26 13:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{2E8D49FE-3B5B-49EC-AAEF-957531246A7A}
[2011.09.30 11:55:27 | 000,000,022 | -HS- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.09.09 16:45:10 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI
[2011.06.29 17:12:04 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{983F738C-1125-48D5-9E06-0F6AAB090992}
[2010.05.16 12:49:46 | 000,007,598 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\Resmon.ResmonCfg
[2010.04.23 13:04:52 | 000,057,856 | ---- | C] () -- C:\Users\Ellen&Falko\Rechnungen.xlr
[2010.04.23 13:04:08 | 000,012,416 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838

< End of report >
         

Alt 23.05.2013, 12:45   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Zitat:
# AdwCleaner v2.300 - Datei am 23/05/2013 um 12:45:36 erstellt
Du hast den adwCleaner vorher nicht neu runtergeladen. Neu runterladen und bitte einen neuen Durchgang damit machen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.05.2013, 18:29   #15
Schkudi
 
Matsnu.gen!A - Standard

Matsnu.gen!A



Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 23/05/2013 um 19:22:58 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Ellen&Falko - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ellen&Falko\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Ellen&Falko\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7891 octets] - [23/05/2013 12:45:36]
AdwCleaner[S2].txt - [1396 octets] - [23/05/2013 19:22:58]

########## EOF - C:\AdwCleaner[S2].txt - [1456 octets] ##########
         

Antwort

Themen zu Matsnu.gen!A
administrator, alarm, anti-malware, antimalwarebytes, anzeige, anzeigen, autostart, dateien, emails, essen, explorer, hochfahren, lahm, lahmt, microsoft, morgen, programm, programme, quarantäne, rechnung, registry key, security, service, speicher, updates, user agent, version, voll



Ähnliche Themen: Matsnu.gen!A


  1. Windows 7:Werde Viren nicht los TR/Matsnu.A.59,TR/Matsnu.A.56 und TR/BankZone.A.8
    Log-Analyse und Auswertung - 06.09.2013 (9)
  2. TR/Matsnu.EB.133
    Log-Analyse und Auswertung - 08.04.2013 (1)
  3. Mahnungstrojaner TR/Matsnu.EB.132
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (3)
  4. TR/Matsnu.A.85 TR/PSW.Zbot.1970
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (20)
  5. TR/matsnu.A.77.
    Log-Analyse und Auswertung - 11.03.2013 (1)
  6. Trojan: Win32/Matsnu
    Log-Analyse und Auswertung - 03.03.2013 (1)
  7. matsnu.eb.101
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (1)
  8. TR/Matsnu.EB.20
    Log-Analyse und Auswertung - 23.07.2012 (13)
  9. TR/Matsnu.EB.33
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  10. Trojaner TR/Matsnu.EB.32
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  11. Trojaner TR/Matsnu.EB.32
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  12. Trojan:Win32/Matsnu
    Log-Analyse und Auswertung - 19.06.2012 (1)
  13. Trojaner tr/matsnu.a.6,
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (2)
  14. TR/Matsnu.EB.6
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  15. Matsnu.A.66
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  16. TR/Matsnu.EB.3
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  17. trojan.matsnu.1 ?
    Log-Analyse und Auswertung - 04.05.2012 (2)

Zum Thema Matsnu.gen!A - Hallo ihr Lieben, leider war ich so doof und machte eine der berühmt berüchtigten Emails auf. -> Angebliche Rechnung; zum anzeigen der Rechnung zipOrdner geöffnet. Passiert ist erstmal nix hab - Matsnu.gen!A...
Archiv
Du betrachtest: Matsnu.gen!A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.