| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Matsnu.gen!AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2013, 19:26
| #1 |
 |  Matsnu.gen!A Hallo ihr Lieben, leider war ich so doof und machte eine der berühmt berüchtigten Emails auf. -> Angebliche Rechnung; zum anzeigen der Rechnung zipOrdner geöffnet. Passiert ist erstmal nix hab auch gleich Microsoft Security Essential voll durchlaufen lassen, hatte aber nix gefunden. Am nächten Morgen 11 Windwos Updates und das Virenprogramm schlug Alarm Fund: Win32/Matsnu.gen!A ; wurde unter Quarantäne gestellt. Ich lies Antimalwarebytes durch laufen aber der hat nix gefunden: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.21.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 *** :: NETBOOK [Administrator] 21.05.2013 19:01:55 mbam-log-2013-05-21 (19-01-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199582 Laufzeit: 12 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich bin jetzt auch nicht sehr Pc erfahren, aber hoffe das ihr mir vielleicht helfen könnt. Der Lappi lahmt extrem beim hochfahren und es dauert ewig bis sich Programme öffnen.. Search results from Spybot - Search & Destroy 21.05.2013 20:13:44 Scan took 00:57:53. 13 items found. Statcounter: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done) DoubleClick: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done) Log: [SBI $8E73A7FB] Activity: ntbtlog.txt (File, nothing done) C:\Windows\ntbtlog.txt Properties.size=15142 Properties.md5=E3EED7DF711533176EB0FFFC2FE3625D Properties.filedate=1369155287 Properties.filedatetext=2013-05-21 18:54:46 Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done) C:\Windows\setupact.log Properties.size=56 Properties.md5=D74E3C688AA4F552EB9F55CB8EA67170 Properties.filedate=1369154561 Properties.filedatetext=2013-05-21 18:42:40 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Cache: [SBI $49804B54] Browser: Cache (4) (Browser: Cache, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (222) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) --- |
|
22.05.2013, 09:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Matsnu.gen!A Hallo und
__________________ Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.05.2013, 10:45
| #3 |
| | Matsnu.gen!A Ähhhm, ist mir jetzt recht peinlich weiß nicht wo ich das bei MSE finde
__________________ Vom Matnu Trojaner steht da auch nirgenswo was mehr was jetzt neu ist as ich grad gesehen hab: Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
containerfile:D:\Recycled\INFO.EXE
file:D:\Recycled\INFO.EXE->(Upack)
Hoffe das ist so richtig???? Bin wirklich sehr unbeholfen mit solchen Sachen lieben Gruß Ellen |
|
22.05.2013, 10:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Matsnu.gen!A Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.05.2013, 18:15
| #5 |
| | Matsnu.gen!A Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 18:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen&Falko\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,95 Mb Total Physical Memory | 256,41 Mb Available Physical Memory | 25,29% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 111,99 Gb Free Space | 81,78% Space Free | Partition Type: NTFS
Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16478A67-B4FA-468E-BB87-0A8AFE8B5654}" = rport=139 | protocol=6 | dir=out | app=system |
"{3761706F-686E-4D3A-8E0E-2CD3C6ECBDF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{460890D0-36B6-48AB-BD3C-D047D181FB49}" = rport=137 | protocol=17 | dir=out | app=system |
"{52ED89F1-9113-44C8-BE8D-4E5AADA2ACCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{592A051A-E3BA-4FFF-B07D-F8D4D9EEA44C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5BDCEE4D-1E31-42F7-BA30-B0D2C42F0FD4}" = lport=139 | protocol=6 | dir=in | app=system |
"{6168A646-E85B-413A-87B8-C01E264CC668}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A1FAAFF-B648-40CA-8657-6D401E6D2C03}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBE999DB-F469-4CD6-ADE8-4DDC4AF2B3F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6378B13-9A1F-4205-8993-766C309A6F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6FEC05C-B9F8-4920-BF64-A85F2F37AE35}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8D0F047-5325-41BF-8EAB-DA25CD60EC3C}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75F61BC4-9F28-4F99-B342-BC488BD7CF92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8C8B8631-409E-449C-90DA-2C6F7B122542}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A51DE423-E4A0-44EA-A44E-D5997D634015}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF669F38-918A-4E88-B1BE-78064C16392B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F1F4D6F5-691B-47BE-A3E0-BCCD86C78948}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{4AD139A2-A880-4353-95B5-BA56717C82DC}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe |
"UDP Query User{A2F0B9C9-8AD6-4E72-A9A8-957B1E972E8F}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"Intelli-studio" = SAMSUNG Intelli-studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"PhotoScape" = PhotoScape
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2013 07:34:23 | Computer Name = Netbook | Source = MsiInstaller | ID = 1013
Description =
Error - 16.05.2013 09:09:02 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.05.2013 10:14:54 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.05.2013 10:14:55 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 05:41:33 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.05.2013 05:41:46 | Computer Name = Netbook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Spybot - Search and Destroy Events ]
Error - 17.05.2013 11:14:14 | Computer Name = Netbook | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 21.05.2013 07:00:37 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.05.2013 07:52:20 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.05.2013 07:55:18 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.05.2013 12:43:05 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 21.05.2013 12:43:33 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.05.2013 05:28:07 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 22.05.2013 05:28:14 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.05.2013 05:28:22 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.05.2013 12:48:18 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 22.05.2013 12:48:25 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Code:
ATTFilter OTL logfile created on: 22.05.2013 18:58:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen&Falko\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,95 Mb Total Physical Memory | 256,41 Mb Available Physical Memory | 25,29% Memory free 1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,95 Gb Total Space | 111,99 Gb Free Space | 81,78% Space Free | Partition Type: NTFS Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ellen&Falko\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (Greg_Service) -- C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) DRV - (DCamUSBSTK016) -- C:\Windows\System32\drivers\STK016W2.sys (Syntek Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=431&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/$22/ [binary data] IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.gamehitzone.com/?utm_source=FreightTrainSimulator&utm_medium=start IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes,DefaultScope = {2195EA02-8567-4C19-B3DF-09A3A2B5BE46} IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=48A9C417FEDDD288 IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{2195EA02-8567-4C19-B3DF-09A3A2B5BE46}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=448 IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{545D815E-9CDA-41C3-B6D9-FCE02A570083}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3C772EBF-A006-4887-980B-3C8D25ADBFA3&apn_sauid=A1FCA485-D739-438C-944D-2E54EC65AA2B IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_de___DE375 IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={CB531157-40CF-4994-A9F7-AEC0084FA3DA}&mid=8d5e5709925b47d09890a113f0a5ca63-5ddb3140b8d38e5207bd049a7021adb2abe4bda6&lang=de&ds=AVG&pr=pr&d=2012-05-12 17:38:24&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=431&sr=0&q={searchTerms} IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ellen&Falko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.05 14:39:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.17 14:55:47 | 000,000,000 | ---D | M] [2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions [2010.09.20 17:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Sunbird\Profiles\csl13q1y.default\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: chrome://newtab CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: WOT = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\ CHR - Extension: Adblock Plus = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1 O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D0B155-91EA-43C5-A360-B4DBE54D561E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A1D608-002F-4B99-B008-B7D6ACCA6463}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.09 19:36:50 | 000,000,116 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell - "" = AutoRun O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell\AutoRun\command - "" = D:\iLinker.exe O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell - "" = AutoRun O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell\AutoRun\command - "" = D:\NPSAI.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.21 19:41:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe [2013.05.21 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\Documents\ProcAlyzer Dumps [2013.05.17 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Local\NPE [2013.05.17 16:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.05.17 16:06:19 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.05.17 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.05.16 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\SUPERAntiSpyware.com [2013.05.16 17:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.16 17:34:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.16 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.16 15:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.05.16 15:18:45 | 000,000,000 | --SD | C] -- C:\Users\Ellen&Falko\Desktop\Documents\Passwords Database [2013.05.16 13:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.16 13:12:20 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\QuickScan [2013.05.16 12:45:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 12:45:15 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 12:45:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 12:45:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 12:45:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 12:45:10 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 12:45:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 12:45:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 12:45:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 12:16:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.16 12:16:53 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.16 12:16:51 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.16 12:16:34 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.16 12:16:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\Ccwmcwpyk [2013.05.15 12:21:04 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.04.28 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Posteriza [2013.04.23 16:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.23 16:17:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2009.11.13 23:32:00 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.05.22 18:55:24 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 18:55:24 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 18:49:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 18:48:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 18:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 18:47:43 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 13:34:01 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000UA.job [2013.05.22 13:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.21 20:19:21 | 000,000,064 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan [2013.05.21 19:41:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe [2013.05.21 19:34:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000Core.job [2013.05.21 18:42:45 | 000,353,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.21 13:02:29 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Ellen&Falko\Desktop\mbar.exe [2013.05.21 11:47:05 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.21 11:47:05 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.21 11:47:04 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.21 11:47:04 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.20 16:15:08 | 000,012,416 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat [2013.05.17 16:06:39 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.17 11:09:00 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.16 20:24:12 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.05.16 17:36:37 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.16 15:25:21 | 000,002,102 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk [2013.05.16 15:12:21 | 000,056,832 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Rechnungen.xlr [2013.05.15 12:21:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:21:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.15 12:21:10 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.05.03 14:59:35 | 000,000,922 | ---- | M] () -- C:\Windows\posteriza.INI [2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013.05.21 20:19:21 | 000,000,064 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan [2013.05.21 18:42:24 | 000,353,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 16:06:39 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.17 16:06:39 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.16 17:36:37 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.16 15:25:21 | 000,002,102 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk [2012.12.15 15:24:08 | 000,002,809 | -H-- | C] () -- C:\Windows\System32\BTImages.dat [2012.12.12 14:33:07 | 000,010,495 | ---- | C] () -- C:\Users\Ellen&Falko\Ellen_elster_2048.pfx [2012.08.04 23:15:51 | 000,002,681 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\recently-used.xbel [2012.08.04 22:00:50 | 000,003,072 | -H-- | C] () -- C:\Users\Ellen&Falko\photothumb.db [2011.11.26 13:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{2E8D49FE-3B5B-49EC-AAEF-957531246A7A} [2011.09.30 11:55:27 | 000,000,022 | -HS- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\Sys2662.Config.Repository.bin [2011.09.09 16:45:10 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI [2011.06.29 17:12:04 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{983F738C-1125-48D5-9E06-0F6AAB090992} [2010.05.16 12:49:46 | 000,007,598 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\Resmon.ResmonCfg [2010.04.23 13:04:52 | 000,057,856 | ---- | C] () -- C:\Users\Ellen&Falko\Rechnungen.xlr [2010.04.23 13:04:08 | 000,012,416 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838 < End of report > |
|
22.05.2013, 20:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Matsnu.gen!A Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Matsnu.gen!A |
|
22.05.2013, 22:45
| #7 |
| | Matsnu.gen!A Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-22 23:09:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PBBO 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ELLEN&~1\AppData\Local\Temp\ffldqpoc.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 820809A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 820A04F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\ELLEN&~1\AppData\Local\Temp\ffldqpoc.sys Das System kann den angegebenen Pfad nicht finden. !
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?DfSdk
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.22.10
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Ellen&Falko :: NETBOOK [administrator]
22.05.2013 23:43:06
mbar-log-2013-05-22 (23-43-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25493
Time elapsed: 21 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Danke für die Mühe!!!!!! |
|
22.05.2013, 22:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Matsnu.gen!A aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2013, 09:05
| #9 |
| | Matsnu.gen!A aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-23 09:16:43
-----------------------------
09:16:43.136 OS Version: Windows 6.1.7601 Service Pack 1
09:16:43.137 Number of processors: 2 586 0x1C02
09:16:43.141 ComputerName: NETBOOK UserName:
09:16:45.888 Initialize success
09:28:31.712 AVAST engine defs: 13052201
09:29:25.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:29:25.012 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
09:29:25.218 Disk 0 MBR read successfully
09:29:25.226 Disk 0 MBR scan
09:29:25.315 Disk 0 Windows 7 default MBR code
09:29:25.325 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
09:29:25.402 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
09:29:25.497 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
09:29:25.563 Disk 0 scanning sectors +312579760
09:29:25.817 Disk 0 scanning C:\Windows\system32\drivers
09:30:08.866 Service scanning
09:30:46.214 Service MpKsl269d15e6 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2202B0F2-9AD4-40B1-8EF9-9144F39B802E}\MpKsl269d15e6.sys **LOCKED** 32
09:31:31.781 Modules scanning
09:31:41.859 Disk 0 trace - called modules:
09:31:41.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
09:31:41.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851637c8]
09:31:41.937 3 CLASSPNP.SYS[87ba559e] -> nt!IofCallDriver -> [0x8476c388]
09:31:41.968 5 ACPI.sys[872433d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84721028]
09:31:43.980 AVAST engine scan C:\Windows
09:31:50.704 AVAST engine scan C:\Windows\system32
09:41:01.915 AVAST engine scan C:\Windows\system32\drivers
09:41:50.354 AVAST engine scan C:\Users\Ellen&Falko
09:51:57.661 AVAST engine scan C:\ProgramData
09:52:48.845 Scan finished successfully
09:54:08.329 Disk 0 MBR has been saved successfully to "C:\Users\Ellen&Falko\Desktop\MBR.dat"
09:54:08.360 The log file has been saved successfully to "C:\Users\Ellen&Falko\Desktop\aswMBR.txt"
tdsskiller: Code:
ATTFilter 09:58:19.0202 1264 AcpiPmi - ok
09:58:19.0327 1264 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:58:19.0373 1264 AdobeARMservice - ok
09:58:19.0451 1264 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:19.0498 1264 AdobeFlashPlayerUpdateSvc - ok
09:58:19.0545 1264 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:19.0623 1264 adp94xx - ok
09:58:19.0654 1264 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:58:19.0701 1264 adpahci - ok
09:58:19.0732 1264 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:58:19.0763 1264 adpu320 - ok
09:58:19.0826 1264 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:58:19.0935 1264 AeLookupSvc - ok
09:58:19.0982 1264 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:58:20.0107 1264 AFD - ok
09:58:20.0138 1264 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:58:20.0169 1264 agp440 - ok
09:58:20.0216 1264 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:58:20.0247 1264 aic78xx - ok
09:58:20.0294 1264 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:58:20.0387 1264 ALG - ok
09:58:20.0403 1264 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:58:20.0450 1264 aliide - ok
09:58:20.0465 1264 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:58:20.0512 1264 amdagp - ok
09:58:20.0543 1264 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:58:20.0575 1264 amdide - ok
09:58:20.0606 1264 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:58:20.0731 1264 AmdK8 - ok
09:58:20.0746 1264 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:58:20.0824 1264 AmdPPM - ok
09:58:20.0887 1264 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:58:20.0918 1264 amdsata - ok
09:58:20.0949 1264 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:20.0980 1264 amdsbs - ok
09:58:21.0011 1264 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:58:21.0043 1264 amdxata - ok
09:58:21.0074 1264 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:58:21.0261 1264 AppID - ok
09:58:21.0292 1264 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:58:21.0386 1264 AppIDSvc - ok
09:58:21.0433 1264 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
09:58:21.0573 1264 Appinfo - ok
09:58:21.0604 1264 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:58:21.0651 1264 arc - ok
09:58:21.0682 1264 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:58:21.0713 1264 arcsas - ok
09:58:21.0745 1264 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:21.0947 1264 AsyncMac - ok
09:58:21.0979 1264 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:58:22.0010 1264 atapi - ok
09:58:22.0103 1264 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
09:58:22.0244 1264 athr - ok
09:58:22.0275 1264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:22.0400 1264 AudioEndpointBuilder - ok
09:58:22.0415 1264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:58:22.0493 1264 Audiosrv - ok
09:58:22.0556 1264 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:58:22.0712 1264 AxInstSV - ok
09:58:22.0759 1264 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:58:22.0915 1264 b06bdrv - ok
09:58:22.0946 1264 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:58:23.0008 1264 b57nd60x - ok
09:58:23.0149 1264 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
09:58:23.0305 1264 BCM43XX - ok
09:58:23.0351 1264 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:58:23.0507 1264 BDESVC - ok
09:58:23.0539 1264 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:58:23.0601 1264 Beep - ok
09:58:23.0663 1264 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:58:23.0788 1264 BFE - ok
09:58:23.0866 1264 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
09:58:23.0991 1264 BITS - ok
09:58:24.0038 1264 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:24.0085 1264 blbdrive - ok
09:58:24.0131 1264 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:58:24.0241 1264 bowser - ok
09:58:24.0256 1264 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:24.0334 1264 BrFiltLo - ok
09:58:24.0381 1264 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:24.0443 1264 BrFiltUp - ok
09:58:24.0490 1264 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:58:24.0631 1264 Browser - ok
09:58:24.0662 1264 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:58:24.0818 1264 Brserid - ok
09:58:24.0849 1264 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:24.0927 1264 BrSerWdm - ok
09:58:24.0958 1264 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:25.0036 1264 BrUsbMdm - ok
09:58:25.0067 1264 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:25.0130 1264 BrUsbSer - ok
09:58:25.0161 1264 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:25.0239 1264 BTHMODEM - ok
09:58:25.0317 1264 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:58:25.0411 1264 bthserv - ok
09:58:25.0457 1264 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:58:25.0582 1264 cdfs - ok
09:58:25.0645 1264 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:58:25.0707 1264 cdrom - ok
09:58:25.0769 1264 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:58:25.0879 1264 CertPropSvc - ok
09:58:25.0910 1264 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:58:25.0988 1264 circlass - ok
09:58:26.0050 1264 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:58:26.0113 1264 CLFS - ok
09:58:26.0191 1264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:26.0222 1264 clr_optimization_v2.0.50727_32 - ok
09:58:26.0300 1264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:26.0362 1264 clr_optimization_v4.0.30319_32 - ok
09:58:26.0393 1264 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:26.0456 1264 CmBatt - ok
09:58:26.0518 1264 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:58:26.0549 1264 cmdide - ok
09:58:26.0596 1264 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
09:58:26.0674 1264 CNG - ok
09:58:26.0690 1264 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:58:26.0721 1264 Compbatt - ok
09:58:26.0768 1264 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:58:26.0830 1264 CompositeBus - ok
09:58:26.0846 1264 COMSysApp - ok
09:58:26.0893 1264 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:26.0924 1264 crcdisk - ok
09:58:26.0986 1264 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:58:27.0095 1264 CryptSvc - ok
09:58:27.0127 1264 [ 91BCE28C8E5F657F1EAEA93A4C68A9FF ] DCamUSBSTK016 C:\Windows\system32\DRIVERS\STK016W2.sys
09:58:27.0189 1264 DCamUSBSTK016 - ok
09:58:27.0236 1264 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:58:27.0329 1264 DcomLaunch - ok
09:58:27.0361 1264 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:58:27.0485 1264 defragsvc - ok
09:58:27.0532 1264 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:58:27.0641 1264 DfsC - ok
09:58:27.0688 1264 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:58:27.0813 1264 Dhcp - ok
09:58:27.0844 1264 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:58:27.0953 1264 discache - ok
09:58:28.0000 1264 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:58:28.0047 1264 Disk - ok
09:58:28.0078 1264 [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
09:58:28.0109 1264 DKbFltr - ok
09:58:28.0156 1264 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:58:28.0250 1264 Dnscache - ok
09:58:28.0312 1264 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:58:28.0406 1264 dot3svc - ok
09:58:28.0468 1264 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:58:28.0531 1264 DPS - ok
09:58:28.0562 1264 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:58:28.0609 1264 drmkaud - ok
09:58:28.0655 1264 [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
09:58:28.0687 1264 DsiWMIService - ok
09:58:28.0749 1264 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:58:28.0811 1264 DXGKrnl - ok
09:58:28.0843 1264 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:58:28.0952 1264 EapHost - ok
09:58:29.0108 1264 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:58:29.0326 1264 ebdrv - ok
09:58:29.0404 1264 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:58:29.0482 1264 EFS - ok
09:58:29.0529 1264 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:58:29.0591 1264 elxstor - ok
09:58:29.0669 1264 [ 7FC5C35144B2FF94FD65576D8C129D2B ] ePowerSvc C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
09:58:29.0732 1264 ePowerSvc - ok
09:58:29.0747 1264 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:58:29.0810 1264 ErrDev - ok
09:58:29.0903 1264 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:58:30.0013 1264 EventSystem - ok
09:58:30.0075 1264 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:58:30.0169 1264 exfat - ok
09:58:30.0215 1264 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:58:30.0325 1264 fastfat - ok
09:58:30.0403 1264 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:58:30.0559 1264 Fax - ok
09:58:30.0590 1264 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:58:30.0668 1264 fdc - ok
09:58:30.0715 1264 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:58:30.0793 1264 fdPHost - ok
09:58:30.0808 1264 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:58:30.0917 1264 FDResPub - ok
09:58:30.0964 1264 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:58:30.0995 1264 FileInfo - ok
09:58:31.0011 1264 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:58:31.0089 1264 Filetrace - ok
09:58:31.0136 1264 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:31.0214 1264 flpydisk - ok
09:58:31.0245 1264 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:58:31.0292 1264 FltMgr - ok
09:58:31.0370 1264 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
09:58:31.0526 1264 FontCache - ok
09:58:31.0619 1264 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:58:31.0651 1264 FontCache3.0.0.0 - ok
09:58:31.0697 1264 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:58:31.0729 1264 FsDepends - ok
09:58:31.0760 1264 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:58:31.0791 1264 Fs_Rec - ok
09:58:31.0838 1264 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:58:31.0885 1264 fvevol - ok
09:58:31.0916 1264 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:31.0947 1264 gagp30kx - ok
09:58:32.0009 1264 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:58:32.0119 1264 gpsvc - ok
09:58:32.0228 1264 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files\eMachines\Registration\GregHSRW.exe
09:58:32.0306 1264 Greg_Service - ok
09:58:32.0353 1264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0384 1264 gupdate - ok
09:58:32.0399 1264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0431 1264 gupdatem - ok
09:58:32.0477 1264 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:58:32.0649 1264 hcw85cir - ok
09:58:32.0680 1264 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:32.0743 1264 HdAudAddService - ok
09:58:32.0774 1264 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:58:32.0836 1264 HDAudBus - ok
09:58:32.0899 1264 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:32.0961 1264 HidBatt - ok
09:58:33.0008 1264 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:58:33.0086 1264 HidBth - ok
09:58:33.0117 1264 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:58:33.0195 1264 HidIr - ok
09:58:33.0242 1264 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
09:58:33.0351 1264 hidserv - ok
09:58:33.0398 1264 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:58:33.0445 1264 HidUsb - ok
09:58:33.0491 1264 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:58:33.0585 1264 hkmsvc - ok
09:58:33.0647 1264 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:33.0788 1264 HomeGroupListener - ok
09:58:33.0835 1264 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:33.0913 1264 HomeGroupProvider - ok
09:58:33.0959 1264 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:58:33.0991 1264 HpSAMD - ok
09:58:34.0053 1264 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:58:34.0131 1264 HTTP - ok
09:58:34.0178 1264 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:58:34.0225 1264 hwpolicy - ok
09:58:34.0256 1264 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:58:34.0318 1264 i8042prt - ok
09:58:34.0396 1264 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:58:34.0443 1264 IAANTMON - ok
09:58:34.0490 1264 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:58:34.0521 1264 iaStor - ok
09:58:34.0568 1264 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:58:34.0615 1264 iaStorV - ok
09:58:34.0693 1264 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:58:34.0771 1264 idsvc - ok
09:58:34.0942 1264 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:58:35.0254 1264 igfx - ok
09:58:35.0285 1264 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:58:35.0332 1264 iirsp - ok
09:58:35.0379 1264 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:58:35.0504 1264 IKEEXT - ok
09:58:35.0644 1264 [ F2BAA4FF548F7F0317F7638951C1CD9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:58:35.0785 1264 IntcAzAudAddService - ok
09:58:35.0894 1264 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:58:35.0925 1264 intelide - ok
09:58:35.0972 1264 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:58:36.0034 1264 intelppm - ok
09:58:36.0097 1264 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:58:36.0206 1264 IPBusEnum - ok
09:58:36.0237 1264 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:36.0346 1264 IpFilterDriver - ok
09:58:36.0409 1264 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:58:36.0549 1264 iphlpsvc - ok
09:58:36.0596 1264 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:58:36.0643 1264 IPMIDRV - ok
09:58:36.0674 1264 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:58:36.0783 1264 IPNAT - ok
09:58:36.0814 1264 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:58:36.0939 1264 IRENUM - ok
09:58:36.0970 1264 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:58:37.0001 1264 isapnp - ok
09:58:37.0048 1264 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:58:37.0095 1264 iScsiPrt - ok
09:58:37.0126 1264 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:58:37.0157 1264 kbdclass - ok
09:58:37.0189 1264 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:58:37.0251 1264 kbdhid - ok
09:58:37.0298 1264 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:58:37.0329 1264 KeyIso - ok
09:58:37.0345 1264 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:58:37.0391 1264 KSecDD - ok
09:58:37.0438 1264 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:58:37.0485 1264 KSecPkg - ok
09:58:37.0532 1264 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:58:37.0641 1264 KtmRm - ok
09:58:37.0703 1264 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
09:58:37.0781 1264 L1C - ok
09:58:37.0844 1264 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
09:58:37.0937 1264 LanmanServer - ok
09:58:38.0000 1264 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:38.0093 1264 LanmanWorkstation - ok
09:58:38.0171 1264 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:58:38.0265 1264 lltdio - ok
09:58:38.0327 1264 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:58:38.0437 1264 lltdsvc - ok
09:58:38.0452 1264 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:58:38.0530 1264 lmhosts - ok
09:58:38.0561 1264 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:58:38.0608 1264 LSI_FC - ok
09:58:38.0639 1264 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:58:38.0671 1264 LSI_SAS - ok
09:58:38.0702 1264 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:58:38.0733 1264 LSI_SAS2 - ok
09:58:38.0780 1264 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:58:38.0811 1264 LSI_SCSI - ok
09:58:38.0842 1264 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:58:38.0936 1264 luafv - ok
09:58:39.0029 1264 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:58:39.0076 1264 MBAMProtector - ok
09:58:39.0154 1264 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:58:39.0201 1264 MBAMScheduler - ok
09:58:39.0263 1264 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:58:39.0326 1264 MBAMService - ok
09:58:39.0357 1264 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:58:39.0404 1264 megasas - ok
09:58:39.0419 1264 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:58:39.0466 1264 MegaSR - ok
09:58:39.0513 1264 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:58:39.0622 1264 MMCSS - ok
09:58:39.0653 1264 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:58:39.0763 1264 Modem - ok
09:58:39.0809 1264 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:58:39.0872 1264 monitor - ok
09:58:39.0934 1264 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:58:39.0965 1264 mouclass - ok
09:58:39.0981 1264 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:58:40.0059 1264 mouhid - ok
09:58:40.0106 1264 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:58:40.0153 1264 mountmgr - ok
09:58:40.0199 1264 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:58:40.0262 1264 MpFilter - ok
09:58:40.0277 1264 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:58:40.0324 1264 mpio - ok
09:58:40.0465 1264 [ A69630D039C38018689190234F866D77 ] MpKsl269d15e6 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2202B0F2-9AD4-40B1-8EF9-9144F39B802E}\MpKsl269d15e6.sys
09:58:40.0496 1264 MpKsl269d15e6 - ok
09:58:40.0543 1264 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:58:40.0636 1264 mpsdrv - ok
09:58:40.0699 1264 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:58:40.0839 1264 MpsSvc - ok
09:58:40.0886 1264 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:58:40.0964 1264 MRxDAV - ok
09:58:41.0011 1264 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:41.0120 1264 mrxsmb - ok
09:58:41.0167 1264 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:41.0245 1264 mrxsmb10 - ok
09:58:41.0291 1264 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:41.0354 1264 mrxsmb20 - ok
09:58:41.0416 1264 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:58:41.0447 1264 msahci - ok
09:58:41.0494 1264 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:58:41.0525 1264 msdsm - ok
09:58:41.0557 1264 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:58:41.0619 1264 MSDTC - ok
09:58:41.0697 1264 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:58:41.0775 1264 Msfs - ok
09:58:41.0791 1264 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:58:41.0869 1264 mshidkmdf - ok
09:58:41.0900 1264 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:58:41.0931 1264 msisadrv - ok
09:58:41.0978 1264 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:58:42.0087 1264 MSiSCSI - ok
09:58:42.0087 1264 msiserver - ok
09:58:42.0134 1264 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:58:42.0212 1264 MSKSSRV - ok
09:58:42.0290 1264 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:58:42.0321 1264 MsMpSvc - ok
09:58:42.0352 1264 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:42.0461 1264 MSPCLOCK - ok
09:58:42.0508 1264 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:58:42.0617 1264 MSPQM - ok
09:58:42.0649 1264 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:58:42.0695 1264 MsRPC - ok
09:58:42.0727 1264 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:58:42.0773 1264 mssmbios - ok
09:58:42.0773 1264 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:58:42.0851 1264 MSTEE - ok
09:58:42.0883 1264 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:58:42.0914 1264 MTConfig - ok
09:58:42.0945 1264 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:58:42.0976 1264 Mup - ok
09:58:43.0039 1264 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:58:43.0117 1264 napagent - ok
09:58:43.0163 1264 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:58:43.0226 1264 NativeWifiP - ok
09:58:43.0288 1264 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:58:43.0366 1264 NDIS - ok
09:58:43.0413 1264 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:43.0522 1264 NdisCap - ok
09:58:43.0553 1264 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:43.0663 1264 NdisTapi - ok
09:58:43.0725 1264 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:43.0819 1264 Ndisuio - ok
09:58:43.0897 1264 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:43.0990 1264 NdisWan - ok
09:58:44.0037 1264 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:58:44.0146 1264 NDProxy - ok
09:58:44.0193 1264 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:58:44.0302 1264 NetBIOS - ok
09:58:44.0365 1264 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:58:44.0474 1264 NetBT - ok
09:58:44.0521 1264 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:58:44.0552 1264 Netlogon - ok
09:58:44.0614 1264 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:58:44.0723 1264 Netman - ok
09:58:44.0786 1264 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:58:44.0895 1264 netprofm - ok
09:58:44.0957 1264 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:44.0989 1264 NetTcpPortSharing - ok
09:58:45.0020 1264 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:58:45.0051 1264 nfrd960 - ok
09:58:45.0129 1264 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:58:45.0176 1264 NisDrv - ok
09:58:45.0223 1264 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:58:45.0269 1264 NisSrv - ok
09:58:45.0316 1264 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:58:45.0394 1264 NlaSvc - ok
09:58:45.0441 1264 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:58:45.0519 1264 Npfs - ok
09:58:45.0550 1264 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:58:45.0628 1264 nsi - ok
09:58:45.0675 1264 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:58:45.0769 1264 nsiproxy - ok
09:58:45.0862 1264 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:58:45.0956 1264 Ntfs - ok
09:58:46.0003 1264 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:58:46.0096 1264 Null - ok
09:58:46.0143 1264 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:58:46.0190 1264 nvraid - ok
09:58:46.0221 1264 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:58:46.0268 1264 nvstor - ok
09:58:46.0299 1264 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:58:46.0346 1264 nv_agp - ok
09:58:46.0377 1264 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:58:46.0424 1264 ohci1394 - ok
09:58:46.0471 1264 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:58:46.0611 1264 p2pimsvc - ok
09:58:46.0658 1264 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:58:46.0736 1264 p2psvc - ok
09:58:46.0783 1264 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:58:46.0861 1264 Parport - ok
09:58:46.0907 1264 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:58:46.0939 1264 partmgr - ok
09:58:46.0970 1264 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:58:47.0032 1264 Parvdm - ok
09:58:47.0079 1264 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:58:47.0141 1264 PcaSvc - ok
09:58:47.0173 1264 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:58:47.0219 1264 pci - ok
09:58:47.0251 1264 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:58:47.0282 1264 pciide - ok
09:58:47.0344 1264 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:58:47.0375 1264 pcmcia - ok
09:58:47.0407 1264 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:58:47.0453 1264 pcw - ok
09:58:47.0500 1264 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:58:47.0625 1264 PEAUTH - ok
09:58:47.0750 1264 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:58:47.0890 1264 pla - ok
09:58:47.0984 1264 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:58:48.0109 1264 PlugPlay - ok
09:58:48.0171 1264 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:58:48.0233 1264 PNRPAutoReg - ok
09:58:48.0280 1264 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:58:48.0327 1264 PNRPsvc - ok
09:58:48.0374 1264 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:58:48.0499 1264 PolicyAgent - ok
09:58:48.0577 1264 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:58:48.0655 1264 Power - ok
09:58:48.0701 1264 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:58:48.0779 1264 PptpMiniport - ok
09:58:48.0811 1264 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:58:48.0889 1264 Processor - ok
09:58:48.0951 1264 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:58:49.0060 1264 ProfSvc - ok
09:58:49.0091 1264 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:58:49.0123 1264 ProtectedStorage - ok
09:58:49.0154 1264 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:58:49.0247 1264 Psched - ok
09:58:49.0325 1264 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:58:49.0435 1264 ql2300 - ok
09:58:49.0466 1264 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:58:49.0513 1264 ql40xx - ok
09:58:49.0559 1264 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:58:49.0622 1264 QWAVE - ok
09:58:49.0637 1264 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:58:49.0684 1264 QWAVEdrv - ok
09:58:49.0731 1264 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:58:49.0809 1264 RasAcd - ok
09:58:49.0840 1264 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:58:49.0903 1264 RasAgileVpn - ok
09:58:49.0918 1264 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:58:50.0012 1264 RasAuto - ok
09:58:50.0027 1264 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:50.0137 1264 Rasl2tp - ok
09:58:50.0183 1264 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:58:50.0293 1264 RasMan - ok
09:58:50.0339 1264 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:50.0417 1264 RasPppoe - ok
09:58:50.0449 1264 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:58:50.0573 1264 RasSstp - ok
09:58:50.0620 1264 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:58:50.0729 1264 rdbss - ok
09:58:50.0761 1264 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:58:50.0823 1264 rdpbus - ok
09:58:50.0885 1264 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:50.0979 1264 RDPCDD - ok
09:58:51.0026 1264 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:58:51.0135 1264 RDPENCDD - ok
09:58:51.0182 1264 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:58:51.0291 1264 RDPREFMP - ok
09:58:51.0369 1264 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:58:51.0494 1264 RdpVideoMiniport - ok
09:58:51.0541 1264 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:58:51.0665 1264 RDPWD - ok
09:58:51.0712 1264 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:58:51.0759 1264 rdyboost - ok
09:58:51.0806 1264 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:58:51.0915 1264 RemoteAccess - ok
09:58:51.0977 1264 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:58:52.0087 1264 RemoteRegistry - ok
09:58:52.0133 1264 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:58:52.0243 1264 RpcEptMapper - ok
09:58:52.0305 1264 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:58:52.0336 1264 RpcLocator - ok
09:58:52.0383 1264 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:58:52.0461 1264 RpcSs - ok
09:58:52.0508 1264 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:58:52.0633 1264 rspndr - ok
09:58:52.0695 1264 [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:58:52.0789 1264 RSUSBSTOR - ok
09:58:52.0835 1264 [ 325590E7E9587459643BA24D2CF73BF2 ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
09:58:52.0913 1264 RTL8187 - ok
09:58:52.0929 1264 RtsUIR - ok
09:58:52.0960 1264 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
09:58:52.0991 1264 s0016bus - ok
09:58:53.0023 1264 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
09:58:53.0054 1264 s0016mdfl - ok
09:58:53.0085 1264 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
09:58:53.0116 1264 s0016mdm - ok
09:58:53.0147 1264 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
09:58:53.0179 1264 s0016mgmt - ok
09:58:53.0194 1264 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
09:58:53.0225 1264 s0016obex - ok
09:58:53.0257 1264 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:58:53.0288 1264 SamSs - ok
09:58:53.0335 1264 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:58:53.0381 1264 sbp2port - ok
09:58:53.0428 1264 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:58:53.0522 1264 SCardSvr - ok
09:58:53.0569 1264 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:58:53.0662 1264 scfilter - ok
09:58:53.0709 1264 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:58:53.0850 1264 Schedule - ok
09:58:53.0881 1264 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:58:53.0959 1264 SCPolicySvc - ok
09:58:54.0006 1264 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:58:54.0130 1264 SDRSVC - ok
09:58:54.0255 1264 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:58:54.0318 1264 SDScannerService - ok
09:58:54.0411 1264 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:58:54.0505 1264 SDUpdateService - ok
09:58:54.0567 1264 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:58:54.0598 1264 SDWSCService - ok
09:58:54.0645 1264 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:58:54.0754 1264 secdrv - ok
09:58:54.0801 1264 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:58:54.0910 1264 seclogon - ok
09:58:54.0942 1264 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
09:58:55.0051 1264 SENS - ok
09:58:55.0098 1264 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:58:55.0176 1264 Serenum - ok
09:58:55.0222 1264 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:58:55.0269 1264 Serial - ok
09:58:55.0300 1264 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:58:55.0363 1264 sermouse - ok
09:58:55.0456 1264 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:58:55.0550 1264 SessionEnv - ok
09:58:55.0612 1264 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:58:55.0706 1264 sffdisk - ok
09:58:55.0737 1264 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:58:55.0784 1264 sffp_mmc - ok
09:58:55.0800 1264 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:58:55.0846 1264 sffp_sd - ok
09:58:55.0878 1264 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:55.0940 1264 sfloppy - ok
09:58:56.0034 1264 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:58:56.0127 1264 SharedAccess - ok
09:58:56.0158 1264 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:58:56.0268 1264 ShellHWDetection - ok
09:58:56.0314 1264 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:58:56.0346 1264 sisagp - ok
09:58:56.0392 1264 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:58:56.0424 1264 SiSRaid2 - ok
09:58:56.0455 1264 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:58:56.0486 1264 SiSRaid4 - ok
09:58:56.0517 1264 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:58:56.0611 1264 Smb - ok
09:58:56.0658 1264 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:58:56.0689 1264 SNMPTRAP - ok
09:58:56.0720 1264 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:58:56.0767 1264 spldr - ok
09:58:56.0814 1264 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:58:56.0954 1264 Spooler - ok
09:58:57.0094 1264 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:58:57.0344 1264 sppsvc - ok
09:58:57.0422 1264 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:58:57.0484 1264 sppuinotify - ok
09:58:57.0562 1264 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:58:57.0672 1264 srv - ok
09:58:57.0734 1264 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:58:57.0812 1264 srv2 - ok
09:58:57.0843 1264 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:58:57.0906 1264 srvnet - ok
09:58:57.0968 1264 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
09:58:58.0062 1264 sscdbus - ok
09:58:58.0093 1264 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:58:58.0171 1264 sscdmdfl - ok
09:58:58.0218 1264 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
09:58:58.0280 1264 sscdmdm - ok
09:58:58.0327 1264 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:58:58.0452 1264 SSDPSRV - ok
09:58:58.0498 1264 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:58:58.0576 1264 SstpSvc - ok
09:58:58.0623 1264 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:58:58.0654 1264 stexstor - ok
09:58:58.0717 1264 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:58:58.0810 1264 StiSvc - ok
09:58:58.0857 1264 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:58:58.0888 1264 swenum - ok
09:58:58.0935 1264 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:58:59.0044 1264 swprv - ok
09:58:59.0138 1264 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:58:59.0232 1264 SysMain - ok
09:58:59.0263 1264 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:58:59.0356 1264 TabletInputService - ok
09:58:59.0434 1264 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:58:59.0544 1264 TapiSrv - ok
09:58:59.0606 1264 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:58:59.0715 1264 TBS - ok
09:58:59.0809 1264 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:58:59.0902 1264 Tcpip - ok
09:58:59.0949 1264 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:59:00.0027 1264 TCPIP6 - ok
09:59:00.0090 1264 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:59:00.0152 1264 tcpipreg - ok
09:59:00.0214 1264 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:59:00.0324 1264 TDPIPE - ok
09:59:00.0370 1264 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:59:00.0433 1264 TDTCP - ok
09:59:00.0495 1264 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:59:00.0589 1264 tdx - ok
09:59:00.0651 1264 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:59:00.0682 1264 TermDD - ok
09:59:00.0760 1264 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:59:00.0870 1264 TermService - ok
09:59:00.0901 1264 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:59:00.0948 1264 Themes - ok
09:59:00.0979 1264 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:59:01.0057 1264 THREADORDER - ok
09:59:01.0088 1264 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:59:01.0197 1264 TrkWks - ok
09:59:01.0291 1264 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:01.0400 1264 TrustedInstaller - ok
09:59:01.0478 1264 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:01.0556 1264 tssecsrv - ok
09:59:01.0603 1264 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:59:01.0665 1264 TsUsbFlt - ok
09:59:01.0696 1264 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:59:01.0806 1264 tunnel - ok
09:59:01.0852 1264 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:59:01.0899 1264 uagp35 - ok
09:59:01.0930 1264 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:59:02.0040 1264 udfs - ok
09:59:02.0102 1264 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:59:02.0180 1264 UI0Detect - ok
09:59:02.0227 1264 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:59:02.0258 1264 uliagpkx - ok
09:59:02.0305 1264 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:59:02.0336 1264 umbus - ok
09:59:02.0383 1264 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:59:02.0445 1264 UmPass - ok
09:59:02.0523 1264 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
09:59:02.0554 1264 Updater Service - ok
09:59:02.0601 1264 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:59:02.0695 1264 upnphost - ok
09:59:02.0742 1264 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:02.0851 1264 usbccgp - ok
09:59:02.0866 1264 USBCCID - ok
09:59:02.0929 1264 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:59:02.0976 1264 usbcir - ok
09:59:03.0007 1264 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:59:03.0038 1264 usbehci - ok
09:59:03.0069 1264 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:59:03.0147 1264 usbhub - ok
09:59:03.0210 1264 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:59:03.0256 1264 usbohci - ok
09:59:03.0319 1264 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:59:03.0350 1264 usbprint - ok
09:59:03.0397 1264 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:59:03.0459 1264 usbscan - ok
09:59:03.0522 1264 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:03.0631 1264 USBSTOR - ok
09:59:03.0678 1264 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:59:03.0709 1264 usbuhci - ok
09:59:03.0756 1264 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:59:03.0834 1264 usbvideo - ok
09:59:03.0880 1264 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:59:03.0974 1264 UxSms - ok
09:59:04.0005 1264 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:59:04.0052 1264 VaultSvc - ok
09:59:04.0068 1264 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:59:04.0099 1264 vdrvroot - ok
09:59:04.0161 1264 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:59:04.0286 1264 vds - ok
09:59:04.0333 1264 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:04.0395 1264 vga - ok
09:59:04.0426 1264 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:59:04.0536 1264 VgaSave - ok
09:59:04.0598 1264 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:59:04.0629 1264 vhdmp - ok
09:59:04.0660 1264 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:59:04.0692 1264 viaagp - ok
09:59:04.0723 1264 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:59:04.0816 1264 ViaC7 - ok
09:59:04.0848 1264 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:59:04.0894 1264 viaide - ok
09:59:04.0910 1264 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:59:04.0941 1264 volmgr - ok
09:59:04.0972 1264 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:59:05.0035 1264 volmgrx - ok
09:59:05.0066 1264 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:59:05.0113 1264 volsnap - ok
09:59:05.0144 1264 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:59:05.0175 1264 vsmraid - ok
09:59:05.0253 1264 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:59:05.0394 1264 VSS - ok
09:59:05.0456 1264 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:05.0518 1264 vwifibus - ok
09:59:05.0550 1264 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:05.0596 1264 vwififlt - ok
09:59:05.0628 1264 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:59:05.0674 1264 vwifimp - ok
09:59:05.0721 1264 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:59:05.0846 1264 W32Time - ok
09:59:05.0908 1264 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:59:05.0971 1264 WacomPen - ok
09:59:06.0033 1264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0096 1264 WANARP - ok
09:59:06.0111 1264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0189 1264 Wanarpv6 - ok
09:59:06.0267 1264 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:59:06.0423 1264 wbengine - ok
09:59:06.0470 1264 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:59:06.0532 1264 WbioSrvc - ok
09:59:06.0595 1264 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:59:06.0688 1264 wcncsvc - ok
09:59:06.0720 1264 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:06.0860 1264 WcsPlugInService - ok
09:59:06.0907 1264 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:59:06.0938 1264 Wd - ok
09:59:07.0000 1264 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:59:07.0078 1264 Wdf01000 - ok
09:59:07.0110 1264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:59:07.0250 1264 WdiServiceHost - ok
09:59:07.0266 1264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:59:07.0328 1264 WdiSystemHost - ok
09:59:07.0375 1264 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:59:07.0453 1264 WebClient - ok
09:59:07.0515 1264 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:59:07.0609 1264 Wecsvc - ok
09:59:07.0624 1264 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:59:07.0734 1264 wercplsupport - ok
09:59:07.0765 1264 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:59:07.0874 1264 WerSvc - ok
09:59:07.0921 1264 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:08.0014 1264 WfpLwf - ok
09:59:08.0030 1264 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:59:08.0077 1264 WIMMount - ok
09:59:08.0155 1264 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:59:08.0248 1264 WinDefend - ok
09:59:08.0280 1264 WinHttpAutoProxySvc - ok
09:59:08.0358 1264 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:59:08.0451 1264 Winmgmt - ok
09:59:08.0545 1264 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:59:08.0701 1264 WinRM - ok
09:59:08.0748 1264 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:08.0826 1264 WinUsb - ok
09:59:08.0888 1264 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:59:08.0997 1264 Wlansvc - ok
09:59:09.0044 1264 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:59:09.0122 1264 WmiAcpi - ok
09:59:09.0184 1264 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:59:09.0247 1264 wmiApSrv - ok
09:59:09.0356 1264 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:09.0481 1264 WMPNetworkSvc - ok
09:59:09.0512 1264 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:59:09.0652 1264 WPCSvc - ok
09:59:09.0699 1264 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:59:09.0808 1264 WPDBusEnum - ok
09:59:09.0855 1264 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:59:09.0949 1264 ws2ifsl - ok
09:59:10.0011 1264 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
09:59:10.0089 1264 wscsvc - ok
09:59:10.0105 1264 WSearch - ok
09:59:10.0230 1264 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:59:10.0354 1264 wuauserv - ok
09:59:10.0401 1264 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:59:10.0542 1264 WudfPf - ok
09:59:10.0573 1264 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:10.0635 1264 WUDFRd - ok
09:59:10.0651 1264 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:59:10.0698 1264 wudfsvc - ok
09:59:10.0744 1264 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:59:10.0838 1264 WwanSvc - ok
09:59:10.0900 1264 ================ Scan global ===============================
09:59:10.0963 1264 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:59:10.0994 1264 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0025 1264 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0056 1264 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:59:11.0088 1264 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:59:11.0103 1264 [Global] - ok
09:59:11.0103 1264 ================ Scan MBR ==================================
09:59:11.0134 1264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:59:11.0524 1264 \Device\Harddisk0\DR0 - ok
09:59:11.0524 1264 ================ Scan VBR ==================================
09:59:11.0540 1264 [ BA3A73C0DE26BAD73BCCFB6AC26533AF ] \Device\Harddisk0\DR0\Partition1
09:59:11.0540 1264 \Device\Harddisk0\DR0\Partition1 - ok
09:59:11.0571 1264 [ 3060373772EC618524416C70758621D4 ] \Device\Harddisk0\DR0\Partition2
09:59:11.0587 1264 \Device\Harddisk0\DR0\Partition2 - ok
09:59:11.0587 1264 ============================================================
09:59:11.0587 1264 Scan finished
09:59:11.0587 1264 ============================================================
09:59:11.0618 0756 Detected object count: 0
09:59:11.0618 0756 Actual detected object count: 0
10:02:07.0165 3936 Deinitialize success
|
|
23.05.2013, 10:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Matsnu.gen!A Log vom tdsskiller ist unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2013, 10:12
| #11 |
| | Matsnu.gen!ACode:
ATTFilter 09:55:13.0076 1880 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:55:13.0292 1880 ============================================================
09:55:13.0292 1880 Current date / time: 2013/05/23 09:55:13.0292
09:55:13.0293 1880 SystemInfo:
09:55:13.0293 1880
09:55:13.0293 1880 OS Version: 6.1.7601 ServicePack: 1.0
09:55:13.0293 1880 Product type: Workstation
09:55:13.0294 1880 ComputerName: NETBOOK
09:55:13.0295 1880 UserName: Ellen&Falko
09:55:13.0295 1880 Windows directory: C:\Windows
09:55:13.0295 1880 System windows directory: C:\Windows
09:55:13.0295 1880 Processor architecture: Intel x86
09:55:13.0295 1880 Number of processors: 2
09:55:13.0295 1880 Page size: 0x1000
09:55:13.0295 1880 Boot type: Normal boot
09:55:13.0295 1880 ============================================================
09:55:21.0911 1880 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:55:22.0014 1880 ============================================================
09:55:22.0015 1880 \Device\Harddisk0\DR0:
09:55:22.0051 1880 MBR partitions:
09:55:22.0051 1880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
09:55:22.0051 1880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
09:55:22.0051 1880 ============================================================
09:55:22.0902 1880 C: <-> \Device\Harddisk0\DR0\Partition2
09:55:22.0903 1880 ============================================================
09:55:22.0903 1880 Initialize success
09:55:22.0903 1880 ============================================================
09:58:16.0487 1264 ============================================================
09:58:16.0487 1264 Scan started
09:58:16.0487 1264 Mode: Manual; SigCheck; TDLFS;
09:58:16.0487 1264 ============================================================
09:58:17.0548 1264 ================ Scan system memory ========================
09:58:17.0548 1264 System memory - ok
09:58:17.0548 1264 ================ Scan services =============================
09:58:18.0500 1264 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:58:18.0874 1264 1394ohci - ok
09:58:18.0952 1264 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:58:18.0999 1264 ACPI - ok
09:58:19.0046 1264 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:58:19.0202 1264 AcpiPmi - ok
09:58:19.0327 1264 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:58:19.0373 1264 AdobeARMservice - ok
09:58:19.0451 1264 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:19.0498 1264 AdobeFlashPlayerUpdateSvc - ok
09:58:19.0545 1264 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:19.0623 1264 adp94xx - ok
09:58:19.0654 1264 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:58:19.0701 1264 adpahci - ok
09:58:19.0732 1264 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:58:19.0763 1264 adpu320 - ok
09:58:19.0826 1264 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:58:19.0935 1264 AeLookupSvc - ok
09:58:19.0982 1264 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:58:20.0107 1264 AFD - ok
09:58:20.0138 1264 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:58:20.0169 1264 agp440 - ok
09:58:20.0216 1264 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:58:20.0247 1264 aic78xx - ok
09:58:20.0294 1264 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:58:20.0387 1264 ALG - ok
09:58:20.0403 1264 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:58:20.0450 1264 aliide - ok
09:58:20.0465 1264 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:58:20.0512 1264 amdagp - ok
09:58:20.0543 1264 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:58:20.0575 1264 amdide - ok
09:58:20.0606 1264 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:58:20.0731 1264 AmdK8 - ok
09:58:20.0746 1264 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:58:20.0824 1264 AmdPPM - ok
09:58:20.0887 1264 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:58:20.0918 1264 amdsata - ok
09:58:20.0949 1264 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:20.0980 1264 amdsbs - ok
09:58:21.0011 1264 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:58:21.0043 1264 amdxata - ok
09:58:21.0074 1264 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:58:21.0261 1264 AppID - ok
09:58:21.0292 1264 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:58:21.0386 1264 AppIDSvc - ok
09:58:21.0433 1264 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
09:58:21.0573 1264 Appinfo - ok
09:58:21.0604 1264 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:58:21.0651 1264 arc - ok
09:58:21.0682 1264 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:58:21.0713 1264 arcsas - ok
09:58:21.0745 1264 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:21.0947 1264 AsyncMac - ok
09:58:21.0979 1264 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:58:22.0010 1264 atapi - ok
09:58:22.0103 1264 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
09:58:22.0244 1264 athr - ok
09:58:22.0275 1264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:58:22.0400 1264 AudioEndpointBuilder - ok
09:58:22.0415 1264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:58:22.0493 1264 Audiosrv - ok
09:58:22.0556 1264 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:58:22.0712 1264 AxInstSV - ok
09:58:22.0759 1264 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:58:22.0915 1264 b06bdrv - ok
09:58:22.0946 1264 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:58:23.0008 1264 b57nd60x - ok
09:58:23.0149 1264 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
09:58:23.0305 1264 BCM43XX - ok
09:58:23.0351 1264 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:58:23.0507 1264 BDESVC - ok
09:58:23.0539 1264 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:58:23.0601 1264 Beep - ok
09:58:23.0663 1264 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:58:23.0788 1264 BFE - ok
09:58:23.0866 1264 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
09:58:23.0991 1264 BITS - ok
09:58:24.0038 1264 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:24.0085 1264 blbdrive - ok
09:58:24.0131 1264 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:58:24.0241 1264 bowser - ok
09:58:24.0256 1264 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:24.0334 1264 BrFiltLo - ok
09:58:24.0381 1264 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:24.0443 1264 BrFiltUp - ok
09:58:24.0490 1264 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:58:24.0631 1264 Browser - ok
09:58:24.0662 1264 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:58:24.0818 1264 Brserid - ok
09:58:24.0849 1264 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:24.0927 1264 BrSerWdm - ok
09:58:24.0958 1264 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:25.0036 1264 BrUsbMdm - ok
09:58:25.0067 1264 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:25.0130 1264 BrUsbSer - ok
09:58:25.0161 1264 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:25.0239 1264 BTHMODEM - ok
09:58:25.0317 1264 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:58:25.0411 1264 bthserv - ok
09:58:25.0457 1264 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:58:25.0582 1264 cdfs - ok
09:58:25.0645 1264 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:58:25.0707 1264 cdrom - ok
09:58:25.0769 1264 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:58:25.0879 1264 CertPropSvc - ok
09:58:25.0910 1264 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:58:25.0988 1264 circlass - ok
09:58:26.0050 1264 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:58:26.0113 1264 CLFS - ok
09:58:26.0191 1264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:26.0222 1264 clr_optimization_v2.0.50727_32 - ok
09:58:26.0300 1264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:26.0362 1264 clr_optimization_v4.0.30319_32 - ok
09:58:26.0393 1264 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:26.0456 1264 CmBatt - ok
09:58:26.0518 1264 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:58:26.0549 1264 cmdide - ok
09:58:26.0596 1264 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
09:58:26.0674 1264 CNG - ok
09:58:26.0690 1264 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:58:26.0721 1264 Compbatt - ok
09:58:26.0768 1264 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:58:26.0830 1264 CompositeBus - ok
09:58:26.0846 1264 COMSysApp - ok
09:58:26.0893 1264 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:26.0924 1264 crcdisk - ok
09:58:26.0986 1264 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:58:27.0095 1264 CryptSvc - ok
09:58:27.0127 1264 [ 91BCE28C8E5F657F1EAEA93A4C68A9FF ] DCamUSBSTK016 C:\Windows\system32\DRIVERS\STK016W2.sys
09:58:27.0189 1264 DCamUSBSTK016 - ok
09:58:27.0236 1264 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:58:27.0329 1264 DcomLaunch - ok
09:58:27.0361 1264 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:58:27.0485 1264 defragsvc - ok
09:58:27.0532 1264 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:58:27.0641 1264 DfsC - ok
09:58:27.0688 1264 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:58:27.0813 1264 Dhcp - ok
09:58:27.0844 1264 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:58:27.0953 1264 discache - ok
09:58:28.0000 1264 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:58:28.0047 1264 Disk - ok
09:58:28.0078 1264 [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
09:58:28.0109 1264 DKbFltr - ok
09:58:28.0156 1264 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:58:28.0250 1264 Dnscache - ok
09:58:28.0312 1264 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:58:28.0406 1264 dot3svc - ok
09:58:28.0468 1264 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:58:28.0531 1264 DPS - ok
09:58:28.0562 1264 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:58:28.0609 1264 drmkaud - ok
09:58:28.0655 1264 [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
09:58:28.0687 1264 DsiWMIService - ok
09:58:28.0749 1264 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:58:28.0811 1264 DXGKrnl - ok
09:58:28.0843 1264 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:58:28.0952 1264 EapHost - ok
09:58:29.0108 1264 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:58:29.0326 1264 ebdrv - ok
09:58:29.0404 1264 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:58:29.0482 1264 EFS - ok
09:58:29.0529 1264 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:58:29.0591 1264 elxstor - ok
09:58:29.0669 1264 [ 7FC5C35144B2FF94FD65576D8C129D2B ] ePowerSvc C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
09:58:29.0732 1264 ePowerSvc - ok
09:58:29.0747 1264 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:58:29.0810 1264 ErrDev - ok
09:58:29.0903 1264 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:58:30.0013 1264 EventSystem - ok
09:58:30.0075 1264 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:58:30.0169 1264 exfat - ok
09:58:30.0215 1264 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:58:30.0325 1264 fastfat - ok
09:58:30.0403 1264 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:58:30.0559 1264 Fax - ok
09:58:30.0590 1264 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:58:30.0668 1264 fdc - ok
09:58:30.0715 1264 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:58:30.0793 1264 fdPHost - ok
09:58:30.0808 1264 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:58:30.0917 1264 FDResPub - ok
09:58:30.0964 1264 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:58:30.0995 1264 FileInfo - ok
09:58:31.0011 1264 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:58:31.0089 1264 Filetrace - ok
09:58:31.0136 1264 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:31.0214 1264 flpydisk - ok
09:58:31.0245 1264 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:58:31.0292 1264 FltMgr - ok
09:58:31.0370 1264 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
09:58:31.0526 1264 FontCache - ok
09:58:31.0619 1264 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:58:31.0651 1264 FontCache3.0.0.0 - ok
09:58:31.0697 1264 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:58:31.0729 1264 FsDepends - ok
09:58:31.0760 1264 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:58:31.0791 1264 Fs_Rec - ok
09:58:31.0838 1264 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:58:31.0885 1264 fvevol - ok
09:58:31.0916 1264 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:31.0947 1264 gagp30kx - ok
09:58:32.0009 1264 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:58:32.0119 1264 gpsvc - ok
09:58:32.0228 1264 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files\eMachines\Registration\GregHSRW.exe
09:58:32.0306 1264 Greg_Service - ok
09:58:32.0353 1264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0384 1264 gupdate - ok
09:58:32.0399 1264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:58:32.0431 1264 gupdatem - ok
09:58:32.0477 1264 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:58:32.0649 1264 hcw85cir - ok
09:58:32.0680 1264 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:58:32.0743 1264 HdAudAddService - ok
09:58:32.0774 1264 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:58:32.0836 1264 HDAudBus - ok
09:58:32.0899 1264 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:32.0961 1264 HidBatt - ok
09:58:33.0008 1264 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:58:33.0086 1264 HidBth - ok
09:58:33.0117 1264 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:58:33.0195 1264 HidIr - ok
09:58:33.0242 1264 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
09:58:33.0351 1264 hidserv - ok
09:58:33.0398 1264 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:58:33.0445 1264 HidUsb - ok
09:58:33.0491 1264 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:58:33.0585 1264 hkmsvc - ok
09:58:33.0647 1264 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:58:33.0788 1264 HomeGroupListener - ok
09:58:33.0835 1264 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:58:33.0913 1264 HomeGroupProvider - ok
09:58:33.0959 1264 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:58:33.0991 1264 HpSAMD - ok
09:58:34.0053 1264 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:58:34.0131 1264 HTTP - ok
09:58:34.0178 1264 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:58:34.0225 1264 hwpolicy - ok
09:58:34.0256 1264 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:58:34.0318 1264 i8042prt - ok
09:58:34.0396 1264 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:58:34.0443 1264 IAANTMON - ok
09:58:34.0490 1264 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:58:34.0521 1264 iaStor - ok
09:58:34.0568 1264 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:58:34.0615 1264 iaStorV - ok
09:58:34.0693 1264 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:58:34.0771 1264 idsvc - ok
09:58:34.0942 1264 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:58:35.0254 1264 igfx - ok
09:58:35.0285 1264 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:58:35.0332 1264 iirsp - ok
09:58:35.0379 1264 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:58:35.0504 1264 IKEEXT - ok
09:58:35.0644 1264 [ F2BAA4FF548F7F0317F7638951C1CD9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:58:35.0785 1264 IntcAzAudAddService - ok
09:58:35.0894 1264 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:58:35.0925 1264 intelide - ok
09:58:35.0972 1264 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:58:36.0034 1264 intelppm - ok
09:58:36.0097 1264 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:58:36.0206 1264 IPBusEnum - ok
09:58:36.0237 1264 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:36.0346 1264 IpFilterDriver - ok
09:58:36.0409 1264 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:58:36.0549 1264 iphlpsvc - ok
09:58:36.0596 1264 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:58:36.0643 1264 IPMIDRV - ok
09:58:36.0674 1264 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:58:36.0783 1264 IPNAT - ok
09:58:36.0814 1264 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:58:36.0939 1264 IRENUM - ok
09:58:36.0970 1264 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:58:37.0001 1264 isapnp - ok
09:58:37.0048 1264 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:58:37.0095 1264 iScsiPrt - ok
09:58:37.0126 1264 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:58:37.0157 1264 kbdclass - ok
09:58:37.0189 1264 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:58:37.0251 1264 kbdhid - ok
09:58:37.0298 1264 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:58:37.0329 1264 KeyIso - ok
09:58:37.0345 1264 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:58:37.0391 1264 KSecDD - ok
09:58:37.0438 1264 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:58:37.0485 1264 KSecPkg - ok
09:58:37.0532 1264 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:58:37.0641 1264 KtmRm - ok
09:58:37.0703 1264 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
09:58:37.0781 1264 L1C - ok
09:58:37.0844 1264 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
09:58:37.0937 1264 LanmanServer - ok
09:58:38.0000 1264 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:58:38.0093 1264 LanmanWorkstation - ok
09:58:38.0171 1264 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:58:38.0265 1264 lltdio - ok
09:58:38.0327 1264 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:58:38.0437 1264 lltdsvc - ok
09:58:38.0452 1264 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:58:38.0530 1264 lmhosts - ok
09:58:38.0561 1264 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:58:38.0608 1264 LSI_FC - ok
09:58:38.0639 1264 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:58:38.0671 1264 LSI_SAS - ok
09:58:38.0702 1264 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:58:38.0733 1264 LSI_SAS2 - ok
09:58:38.0780 1264 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:58:38.0811 1264 LSI_SCSI - ok
09:58:38.0842 1264 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:58:38.0936 1264 luafv - ok
09:58:39.0029 1264 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:58:39.0076 1264 MBAMProtector - ok
09:58:39.0154 1264 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:58:39.0201 1264 MBAMScheduler - ok
09:58:39.0263 1264 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:58:39.0326 1264 MBAMService - ok
09:58:39.0357 1264 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:58:39.0404 1264 megasas - ok
09:58:39.0419 1264 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:58:39.0466 1264 MegaSR - ok
09:58:39.0513 1264 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:58:39.0622 1264 MMCSS - ok
09:58:39.0653 1264 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:58:39.0763 1264 Modem - ok
09:58:39.0809 1264 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:58:39.0872 1264 monitor - ok
09:58:39.0934 1264 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:58:39.0965 1264 mouclass - ok
09:58:39.0981 1264 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:58:40.0059 1264 mouhid - ok
09:58:40.0106 1264 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:58:40.0153 1264 mountmgr - ok
09:58:40.0199 1264 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:58:40.0262 1264 MpFilter - ok
09:58:40.0277 1264 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:58:40.0324 1264 mpio - ok
09:58:40.0465 1264 [ A69630D039C38018689190234F866D77 ] MpKsl269d15e6 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2202B0F2-9AD4-40B1-8EF9-9144F39B802E}\MpKsl269d15e6.sys
09:58:40.0496 1264 MpKsl269d15e6 - ok
09:58:40.0543 1264 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:58:40.0636 1264 mpsdrv - ok
09:58:40.0699 1264 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:58:40.0839 1264 MpsSvc - ok
09:58:40.0886 1264 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:58:40.0964 1264 MRxDAV - ok
09:58:41.0011 1264 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:41.0120 1264 mrxsmb - ok
09:58:41.0167 1264 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:41.0245 1264 mrxsmb10 - ok
09:58:41.0291 1264 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:41.0354 1264 mrxsmb20 - ok
09:58:41.0416 1264 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:58:41.0447 1264 msahci - ok
09:58:41.0494 1264 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:58:41.0525 1264 msdsm - ok
09:58:41.0557 1264 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:58:41.0619 1264 MSDTC - ok
09:58:41.0697 1264 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:58:41.0775 1264 Msfs - ok
09:58:41.0791 1264 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:58:41.0869 1264 mshidkmdf - ok
09:58:41.0900 1264 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:58:41.0931 1264 msisadrv - ok
09:58:41.0978 1264 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:58:42.0087 1264 MSiSCSI - ok
09:58:42.0087 1264 msiserver - ok
09:58:42.0134 1264 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:58:42.0212 1264 MSKSSRV - ok
09:58:42.0290 1264 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:58:42.0321 1264 MsMpSvc - ok
09:58:42.0352 1264 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:42.0461 1264 MSPCLOCK - ok
09:58:42.0508 1264 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:58:42.0617 1264 MSPQM - ok
09:58:42.0649 1264 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:58:42.0695 1264 MsRPC - ok
09:58:42.0727 1264 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:58:42.0773 1264 mssmbios - ok
09:58:42.0773 1264 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:58:42.0851 1264 MSTEE - ok
09:58:42.0883 1264 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:58:42.0914 1264 MTConfig - ok
09:58:42.0945 1264 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:58:42.0976 1264 Mup - ok
09:58:43.0039 1264 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:58:43.0117 1264 napagent - ok
09:58:43.0163 1264 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:58:43.0226 1264 NativeWifiP - ok
09:58:43.0288 1264 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:58:43.0366 1264 NDIS - ok
09:58:43.0413 1264 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:58:43.0522 1264 NdisCap - ok
09:58:43.0553 1264 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:43.0663 1264 NdisTapi - ok
09:58:43.0725 1264 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:43.0819 1264 Ndisuio - ok
09:58:43.0897 1264 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:43.0990 1264 NdisWan - ok
09:58:44.0037 1264 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:58:44.0146 1264 NDProxy - ok
09:58:44.0193 1264 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:58:44.0302 1264 NetBIOS - ok
09:58:44.0365 1264 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:58:44.0474 1264 NetBT - ok
09:58:44.0521 1264 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:58:44.0552 1264 Netlogon - ok
09:58:44.0614 1264 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:58:44.0723 1264 Netman - ok
09:58:44.0786 1264 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:58:44.0895 1264 netprofm - ok
09:58:44.0957 1264 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:58:44.0989 1264 NetTcpPortSharing - ok
09:58:45.0020 1264 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:58:45.0051 1264 nfrd960 - ok
09:58:45.0129 1264 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:58:45.0176 1264 NisDrv - ok
09:58:45.0223 1264 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:58:45.0269 1264 NisSrv - ok
09:58:45.0316 1264 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:58:45.0394 1264 NlaSvc - ok
09:58:45.0441 1264 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:58:45.0519 1264 Npfs - ok
09:58:45.0550 1264 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:58:45.0628 1264 nsi - ok
09:58:45.0675 1264 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:58:45.0769 1264 nsiproxy - ok
09:58:45.0862 1264 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:58:45.0956 1264 Ntfs - ok
09:58:46.0003 1264 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:58:46.0096 1264 Null - ok
09:58:46.0143 1264 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:58:46.0190 1264 nvraid - ok
09:58:46.0221 1264 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:58:46.0268 1264 nvstor - ok
09:58:46.0299 1264 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:58:46.0346 1264 nv_agp - ok
09:58:46.0377 1264 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:58:46.0424 1264 ohci1394 - ok
09:58:46.0471 1264 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:58:46.0611 1264 p2pimsvc - ok
09:58:46.0658 1264 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:58:46.0736 1264 p2psvc - ok
09:58:46.0783 1264 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:58:46.0861 1264 Parport - ok
09:58:46.0907 1264 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:58:46.0939 1264 partmgr - ok
09:58:46.0970 1264 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:58:47.0032 1264 Parvdm - ok
09:58:47.0079 1264 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:58:47.0141 1264 PcaSvc - ok
09:58:47.0173 1264 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:58:47.0219 1264 pci - ok
09:58:47.0251 1264 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:58:47.0282 1264 pciide - ok
09:58:47.0344 1264 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:58:47.0375 1264 pcmcia - ok
09:58:47.0407 1264 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:58:47.0453 1264 pcw - ok
09:58:47.0500 1264 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:58:47.0625 1264 PEAUTH - ok
09:58:47.0750 1264 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:58:47.0890 1264 pla - ok
09:58:47.0984 1264 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:58:48.0109 1264 PlugPlay - ok
09:58:48.0171 1264 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:58:48.0233 1264 PNRPAutoReg - ok
09:58:48.0280 1264 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:58:48.0327 1264 PNRPsvc - ok
09:58:48.0374 1264 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:58:48.0499 1264 PolicyAgent - ok
09:58:48.0577 1264 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:58:48.0655 1264 Power - ok
09:58:48.0701 1264 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:58:48.0779 1264 PptpMiniport - ok
09:58:48.0811 1264 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:58:48.0889 1264 Processor - ok
09:58:48.0951 1264 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:58:49.0060 1264 ProfSvc - ok
09:58:49.0091 1264 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:58:49.0123 1264 ProtectedStorage - ok
09:58:49.0154 1264 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:58:49.0247 1264 Psched - ok
09:58:49.0325 1264 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:58:49.0435 1264 ql2300 - ok
09:58:49.0466 1264 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:58:49.0513 1264 ql40xx - ok
09:58:49.0559 1264 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:58:49.0622 1264 QWAVE - ok
09:58:49.0637 1264 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:58:49.0684 1264 QWAVEdrv - ok
09:58:49.0731 1264 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:58:49.0809 1264 RasAcd - ok
09:58:49.0840 1264 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:58:49.0903 1264 RasAgileVpn - ok
09:58:49.0918 1264 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:58:50.0012 1264 RasAuto - ok
09:58:50.0027 1264 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:50.0137 1264 Rasl2tp - ok
09:58:50.0183 1264 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:58:50.0293 1264 RasMan - ok
09:58:50.0339 1264 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:50.0417 1264 RasPppoe - ok
09:58:50.0449 1264 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:58:50.0573 1264 RasSstp - ok
09:58:50.0620 1264 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:58:50.0729 1264 rdbss - ok
09:58:50.0761 1264 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:58:50.0823 1264 rdpbus - ok
09:58:50.0885 1264 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:50.0979 1264 RDPCDD - ok
09:58:51.0026 1264 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:58:51.0135 1264 RDPENCDD - ok
09:58:51.0182 1264 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:58:51.0291 1264 RDPREFMP - ok
09:58:51.0369 1264 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:58:51.0494 1264 RdpVideoMiniport - ok
09:58:51.0541 1264 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:58:51.0665 1264 RDPWD - ok
09:58:51.0712 1264 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:58:51.0759 1264 rdyboost - ok
09:58:51.0806 1264 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:58:51.0915 1264 RemoteAccess - ok
09:58:51.0977 1264 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:58:52.0087 1264 RemoteRegistry - ok
09:58:52.0133 1264 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:58:52.0243 1264 RpcEptMapper - ok
09:58:52.0305 1264 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:58:52.0336 1264 RpcLocator - ok
09:58:52.0383 1264 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:58:52.0461 1264 RpcSs - ok
09:58:52.0508 1264 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:58:52.0633 1264 rspndr - ok
09:58:52.0695 1264 [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:58:52.0789 1264 RSUSBSTOR - ok
09:58:52.0835 1264 [ 325590E7E9587459643BA24D2CF73BF2 ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
09:58:52.0913 1264 RTL8187 - ok
09:58:52.0929 1264 RtsUIR - ok
09:58:52.0960 1264 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
09:58:52.0991 1264 s0016bus - ok
09:58:53.0023 1264 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
09:58:53.0054 1264 s0016mdfl - ok
09:58:53.0085 1264 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
09:58:53.0116 1264 s0016mdm - ok
09:58:53.0147 1264 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
09:58:53.0179 1264 s0016mgmt - ok
09:58:53.0194 1264 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
09:58:53.0225 1264 s0016obex - ok
09:58:53.0257 1264 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:58:53.0288 1264 SamSs - ok
09:58:53.0335 1264 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:58:53.0381 1264 sbp2port - ok
09:58:53.0428 1264 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:58:53.0522 1264 SCardSvr - ok
09:58:53.0569 1264 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:58:53.0662 1264 scfilter - ok
09:58:53.0709 1264 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:58:53.0850 1264 Schedule - ok
09:58:53.0881 1264 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:58:53.0959 1264 SCPolicySvc - ok
09:58:54.0006 1264 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:58:54.0130 1264 SDRSVC - ok
09:58:54.0255 1264 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:58:54.0318 1264 SDScannerService - ok
09:58:54.0411 1264 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:58:54.0505 1264 SDUpdateService - ok
09:58:54.0567 1264 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:58:54.0598 1264 SDWSCService - ok
09:58:54.0645 1264 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:58:54.0754 1264 secdrv - ok
09:58:54.0801 1264 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:58:54.0910 1264 seclogon - ok
09:58:54.0942 1264 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
09:58:55.0051 1264 SENS - ok
09:58:55.0098 1264 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:58:55.0176 1264 Serenum - ok
09:58:55.0222 1264 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:58:55.0269 1264 Serial - ok
09:58:55.0300 1264 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:58:55.0363 1264 sermouse - ok
09:58:55.0456 1264 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:58:55.0550 1264 SessionEnv - ok
09:58:55.0612 1264 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:58:55.0706 1264 sffdisk - ok
09:58:55.0737 1264 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:58:55.0784 1264 sffp_mmc - ok
09:58:55.0800 1264 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:58:55.0846 1264 sffp_sd - ok
09:58:55.0878 1264 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:58:55.0940 1264 sfloppy - ok
09:58:56.0034 1264 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:58:56.0127 1264 SharedAccess - ok
09:58:56.0158 1264 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:58:56.0268 1264 ShellHWDetection - ok
09:58:56.0314 1264 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:58:56.0346 1264 sisagp - ok
09:58:56.0392 1264 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:58:56.0424 1264 SiSRaid2 - ok
09:58:56.0455 1264 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:58:56.0486 1264 SiSRaid4 - ok
09:58:56.0517 1264 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:58:56.0611 1264 Smb - ok
09:58:56.0658 1264 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:58:56.0689 1264 SNMPTRAP - ok
09:58:56.0720 1264 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:58:56.0767 1264 spldr - ok
09:58:56.0814 1264 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:58:56.0954 1264 Spooler - ok
09:58:57.0094 1264 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:58:57.0344 1264 sppsvc - ok
09:58:57.0422 1264 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:58:57.0484 1264 sppuinotify - ok
09:58:57.0562 1264 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:58:57.0672 1264 srv - ok
09:58:57.0734 1264 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:58:57.0812 1264 srv2 - ok
09:58:57.0843 1264 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:58:57.0906 1264 srvnet - ok
09:58:57.0968 1264 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
09:58:58.0062 1264 sscdbus - ok
09:58:58.0093 1264 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:58:58.0171 1264 sscdmdfl - ok
09:58:58.0218 1264 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
09:58:58.0280 1264 sscdmdm - ok
09:58:58.0327 1264 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:58:58.0452 1264 SSDPSRV - ok
09:58:58.0498 1264 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:58:58.0576 1264 SstpSvc - ok
09:58:58.0623 1264 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:58:58.0654 1264 stexstor - ok
09:58:58.0717 1264 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:58:58.0810 1264 StiSvc - ok
09:58:58.0857 1264 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:58:58.0888 1264 swenum - ok
09:58:58.0935 1264 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:58:59.0044 1264 swprv - ok
09:58:59.0138 1264 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:58:59.0232 1264 SysMain - ok
09:58:59.0263 1264 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:58:59.0356 1264 TabletInputService - ok
09:58:59.0434 1264 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:58:59.0544 1264 TapiSrv - ok
09:58:59.0606 1264 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:58:59.0715 1264 TBS - ok
09:58:59.0809 1264 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:58:59.0902 1264 Tcpip - ok
09:58:59.0949 1264 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:59:00.0027 1264 TCPIP6 - ok
09:59:00.0090 1264 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:59:00.0152 1264 tcpipreg - ok
09:59:00.0214 1264 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:59:00.0324 1264 TDPIPE - ok
09:59:00.0370 1264 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:59:00.0433 1264 TDTCP - ok
09:59:00.0495 1264 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:59:00.0589 1264 tdx - ok
09:59:00.0651 1264 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:59:00.0682 1264 TermDD - ok
09:59:00.0760 1264 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:59:00.0870 1264 TermService - ok
09:59:00.0901 1264 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:59:00.0948 1264 Themes - ok
09:59:00.0979 1264 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:59:01.0057 1264 THREADORDER - ok
09:59:01.0088 1264 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:59:01.0197 1264 TrkWks - ok
09:59:01.0291 1264 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:01.0400 1264 TrustedInstaller - ok
09:59:01.0478 1264 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:01.0556 1264 tssecsrv - ok
09:59:01.0603 1264 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:59:01.0665 1264 TsUsbFlt - ok
09:59:01.0696 1264 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:59:01.0806 1264 tunnel - ok
09:59:01.0852 1264 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:59:01.0899 1264 uagp35 - ok
09:59:01.0930 1264 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:59:02.0040 1264 udfs - ok
09:59:02.0102 1264 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:59:02.0180 1264 UI0Detect - ok
09:59:02.0227 1264 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:59:02.0258 1264 uliagpkx - ok
09:59:02.0305 1264 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:59:02.0336 1264 umbus - ok
09:59:02.0383 1264 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:59:02.0445 1264 UmPass - ok
09:59:02.0523 1264 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
09:59:02.0554 1264 Updater Service - ok
09:59:02.0601 1264 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:59:02.0695 1264 upnphost - ok
09:59:02.0742 1264 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:02.0851 1264 usbccgp - ok
09:59:02.0866 1264 USBCCID - ok
09:59:02.0929 1264 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:59:02.0976 1264 usbcir - ok
09:59:03.0007 1264 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:59:03.0038 1264 usbehci - ok
09:59:03.0069 1264 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:59:03.0147 1264 usbhub - ok
09:59:03.0210 1264 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:59:03.0256 1264 usbohci - ok
09:59:03.0319 1264 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:59:03.0350 1264 usbprint - ok
09:59:03.0397 1264 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:59:03.0459 1264 usbscan - ok
09:59:03.0522 1264 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:03.0631 1264 USBSTOR - ok
09:59:03.0678 1264 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:59:03.0709 1264 usbuhci - ok
09:59:03.0756 1264 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:59:03.0834 1264 usbvideo - ok
09:59:03.0880 1264 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:59:03.0974 1264 UxSms - ok
09:59:04.0005 1264 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:59:04.0052 1264 VaultSvc - ok
09:59:04.0068 1264 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:59:04.0099 1264 vdrvroot - ok
09:59:04.0161 1264 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:59:04.0286 1264 vds - ok
09:59:04.0333 1264 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:04.0395 1264 vga - ok
09:59:04.0426 1264 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:59:04.0536 1264 VgaSave - ok
09:59:04.0598 1264 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:59:04.0629 1264 vhdmp - ok
09:59:04.0660 1264 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:59:04.0692 1264 viaagp - ok
09:59:04.0723 1264 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:59:04.0816 1264 ViaC7 - ok
09:59:04.0848 1264 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:59:04.0894 1264 viaide - ok
09:59:04.0910 1264 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:59:04.0941 1264 volmgr - ok
09:59:04.0972 1264 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:59:05.0035 1264 volmgrx - ok
09:59:05.0066 1264 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:59:05.0113 1264 volsnap - ok
09:59:05.0144 1264 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:59:05.0175 1264 vsmraid - ok
09:59:05.0253 1264 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:59:05.0394 1264 VSS - ok
09:59:05.0456 1264 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:05.0518 1264 vwifibus - ok
09:59:05.0550 1264 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:05.0596 1264 vwififlt - ok
09:59:05.0628 1264 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:59:05.0674 1264 vwifimp - ok
09:59:05.0721 1264 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:59:05.0846 1264 W32Time - ok
09:59:05.0908 1264 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:59:05.0971 1264 WacomPen - ok
09:59:06.0033 1264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0096 1264 WANARP - ok
09:59:06.0111 1264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:59:06.0189 1264 Wanarpv6 - ok
09:59:06.0267 1264 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:59:06.0423 1264 wbengine - ok
09:59:06.0470 1264 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:59:06.0532 1264 WbioSrvc - ok
09:59:06.0595 1264 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:59:06.0688 1264 wcncsvc - ok
09:59:06.0720 1264 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:06.0860 1264 WcsPlugInService - ok
09:59:06.0907 1264 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:59:06.0938 1264 Wd - ok
09:59:07.0000 1264 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:59:07.0078 1264 Wdf01000 - ok
09:59:07.0110 1264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:59:07.0250 1264 WdiServiceHost - ok
09:59:07.0266 1264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:59:07.0328 1264 WdiSystemHost - ok
09:59:07.0375 1264 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:59:07.0453 1264 WebClient - ok
09:59:07.0515 1264 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:59:07.0609 1264 Wecsvc - ok
09:59:07.0624 1264 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:59:07.0734 1264 wercplsupport - ok
09:59:07.0765 1264 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:59:07.0874 1264 WerSvc - ok
09:59:07.0921 1264 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:08.0014 1264 WfpLwf - ok
09:59:08.0030 1264 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:59:08.0077 1264 WIMMount - ok
09:59:08.0155 1264 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:59:08.0248 1264 WinDefend - ok
09:59:08.0280 1264 WinHttpAutoProxySvc - ok
09:59:08.0358 1264 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:59:08.0451 1264 Winmgmt - ok
09:59:08.0545 1264 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:59:08.0701 1264 WinRM - ok
09:59:08.0748 1264 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:08.0826 1264 WinUsb - ok
09:59:08.0888 1264 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:59:08.0997 1264 Wlansvc - ok
09:59:09.0044 1264 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:59:09.0122 1264 WmiAcpi - ok
09:59:09.0184 1264 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:59:09.0247 1264 wmiApSrv - ok
09:59:09.0356 1264 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:09.0481 1264 WMPNetworkSvc - ok
09:59:09.0512 1264 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:59:09.0652 1264 WPCSvc - ok
09:59:09.0699 1264 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:59:09.0808 1264 WPDBusEnum - ok
09:59:09.0855 1264 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:59:09.0949 1264 ws2ifsl - ok
09:59:10.0011 1264 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
09:59:10.0089 1264 wscsvc - ok
09:59:10.0105 1264 WSearch - ok
09:59:10.0230 1264 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:59:10.0354 1264 wuauserv - ok
09:59:10.0401 1264 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:59:10.0542 1264 WudfPf - ok
09:59:10.0573 1264 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:10.0635 1264 WUDFRd - ok
09:59:10.0651 1264 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:59:10.0698 1264 wudfsvc - ok
09:59:10.0744 1264 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:59:10.0838 1264 WwanSvc - ok
09:59:10.0900 1264 ================ Scan global ===============================
09:59:10.0963 1264 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:59:10.0994 1264 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0025 1264 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:59:11.0056 1264 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:59:11.0088 1264 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:59:11.0103 1264 [Global] - ok
09:59:11.0103 1264 ================ Scan MBR ==================================
09:59:11.0134 1264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:59:11.0524 1264 \Device\Harddisk0\DR0 - ok
09:59:11.0524 1264 ================ Scan VBR ==================================
09:59:11.0540 1264 [ BA3A73C0DE26BAD73BCCFB6AC26533AF ] \Device\Harddisk0\DR0\Partition1
09:59:11.0540 1264 \Device\Harddisk0\DR0\Partition1 - ok
09:59:11.0571 1264 [ 3060373772EC618524416C70758621D4 ] \Device\Harddisk0\DR0\Partition2
09:59:11.0587 1264 \Device\Harddisk0\DR0\Partition2 - ok
09:59:11.0587 1264 ============================================================
09:59:11.0587 1264 Scan finished
09:59:11.0587 1264 ============================================================
09:59:11.0618 0756 Detected object count: 0
09:59:11.0618 0756 Actual detected object count: 0
10:02:07.0165 3936 Deinitialize success
|
|
23.05.2013, 11:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Matsnu.gen!A Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2013, 12:18
| #13 |
| | Matsnu.gen!A JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonic_ggl_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonic_ggl_1_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2195EA02-8567-4C19-B3DF-09A3A2B5BE46}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{545D815E-9CDA-41C3-B6D9-FCE02A570083}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
~~~ Files
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Ellen&Falko\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Ellen&Falko\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files\iminent"
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 12:41:17,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 23/05/2013 um 12:45:36 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Ellen&Falko - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ellen&Falko\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Local\APN
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5fe8fd0b669ed49
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Ellen&Falko\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://start.icq.com/
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [7762 octets] - [23/05/2013 12:45:36]
########## EOF - C:\AdwCleaner[S1].txt - [7822 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 12:53:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen&Falko\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,95 Mb Total Physical Memory | 90,59 Mb Available Physical Memory | 8,93% Memory free
1,99 Gb Paging File | 0,88 Gb Available in Paging File | 44,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,95 Gb Total Space | 111,62 Gb Free Space | 81,51% Space Free | Partition Type: NTFS
Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16478A67-B4FA-468E-BB87-0A8AFE8B5654}" = rport=139 | protocol=6 | dir=out | app=system |
"{3761706F-686E-4D3A-8E0E-2CD3C6ECBDF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{460890D0-36B6-48AB-BD3C-D047D181FB49}" = rport=137 | protocol=17 | dir=out | app=system |
"{52ED89F1-9113-44C8-BE8D-4E5AADA2ACCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{592A051A-E3BA-4FFF-B07D-F8D4D9EEA44C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5BDCEE4D-1E31-42F7-BA30-B0D2C42F0FD4}" = lport=139 | protocol=6 | dir=in | app=system |
"{6168A646-E85B-413A-87B8-C01E264CC668}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A1FAAFF-B648-40CA-8657-6D401E6D2C03}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBE999DB-F469-4CD6-ADE8-4DDC4AF2B3F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6378B13-9A1F-4205-8993-766C309A6F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6FEC05C-B9F8-4920-BF64-A85F2F37AE35}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8D0F047-5325-41BF-8EAB-DA25CD60EC3C}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75F61BC4-9F28-4F99-B342-BC488BD7CF92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8C8B8631-409E-449C-90DA-2C6F7B122542}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A51DE423-E4A0-44EA-A44E-D5997D634015}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF669F38-918A-4E88-B1BE-78064C16392B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F1F4D6F5-691B-47BE-A3E0-BCCD86C78948}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{4AD139A2-A880-4353-95B5-BA56717C82DC}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe |
"UDP Query User{A2F0B9C9-8AD6-4E72-A9A8-957B1E972E8F}C:\program files\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files\samsung\intelli-studio\istudio.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"Intelli-studio" = SAMSUNG Intelli-studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"PhotoScape" = PhotoScape
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Spybot - Search and Destroy Events ]
Error - 17.05.2013 11:14:14 | Computer Name = Netbook | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 23.05.2013 06:48:58 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 23.05.2013 06:49:12 | Computer Name = Netbook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Code:
ATTFilter OTL logfile created on: 23.05.2013 12:53:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ellen&Falko\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,95 Mb Total Physical Memory | 90,59 Mb Available Physical Memory | 8,93% Memory free 1,99 Gb Paging File | 0,88 Gb Available in Paging File | 44,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,95 Gb Total Space | 111,62 Gb Free Space | 81,51% Space Free | Partition Type: NTFS Computer Name: NETBOOK | User Name: Ellen&Falko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ellen&Falko\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Windows\System32\DeviceDisplayObjectProvider.exe (Microsoft Corporation) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll () MOD - C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll () MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (Greg_Service) -- C:\Program Files\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) DRV - (DCamUSBSTK016) -- C:\Windows\System32\drivers\STK016W2.sys (Syntek Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/$22/ [binary data] IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.gamehitzone.com/?utm_source=FreightTrainSimulator&utm_medium=start IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_de___DE375 IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\S-1-5-21-1161967605-348264692-613214921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ellen&Falko\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.05 14:39:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.17 14:55:47 | 000,000,000 | ---D | M] [2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions [2010.09.20 17:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2011.12.11 22:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen&Falko\AppData\Roaming\mozilla\Sunbird\Profiles\csl13q1y.default\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: chrome://newtab CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ellen&Falko\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: WOT = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\ CHR - Extension: Adblock Plus = C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1 O7 - HKU\S-1-5-21-1161967605-348264692-613214921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D0B155-91EA-43C5-A360-B4DBE54D561E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A1D608-002F-4B99-B008-B7D6ACCA6463}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.09 19:36:50 | 000,000,116 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell - "" = AutoRun O33 - MountPoints2\{c3674970-8e09-11e2-976a-705ab6412390}\Shell\AutoRun\command - "" = D:\iLinker.exe O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell - "" = AutoRun O33 - MountPoints2\{c54660b9-49a8-11e0-8aad-705ab6412390}\Shell\AutoRun\command - "" = D:\NPSAI.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 12:49:55 | 000,000,000 | R--D | C] -- C:\Users\Ellen&Falko\Searches [2013.05.23 12:35:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.23 12:34:34 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.23 12:28:17 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ellen&Falko\Desktop\JRT.exe [2013.05.23 09:13:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ellen&Falko\Desktop\tdsskiller.exe [2013.05.23 09:13:40 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ellen&Falko\Desktop\aswMBR.exe [2013.05.22 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\mbar-1.05.0.1001 (1) [2013.05.22 22:23:18 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\OTL Log [2013.05.21 19:41:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe [2013.05.21 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\Desktop\Documents\ProcAlyzer Dumps [2013.05.17 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Local\NPE [2013.05.17 16:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.05.17 16:06:19 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.05.17 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.05.16 18:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\SUPERAntiSpyware.com [2013.05.16 17:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.16 17:34:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.16 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.16 15:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.05.16 15:18:45 | 000,000,000 | --SD | C] -- C:\Users\Ellen&Falko\Desktop\Documents\Passwords Database [2013.05.16 13:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.16 13:12:20 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\QuickScan [2013.05.16 12:45:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 12:45:15 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 12:45:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 12:45:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 12:45:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 12:45:10 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 12:45:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 12:45:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 12:45:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 12:16:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.16 12:16:53 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.16 12:16:51 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.16 12:16:34 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.16 12:16:33 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 18:51:36 | 000,000,000 | ---D | C] -- C:\Users\Ellen&Falko\AppData\Roaming\Ccwmcwpyk [2013.05.15 12:21:04 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.04.28 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Posteriza [2013.04.23 16:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.23 16:17:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.23 16:17:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2009.11.13 23:32:00 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.05.23 12:57:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 12:57:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 12:49:23 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 12:48:43 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 12:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 12:48:23 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.23 12:34:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000UA.job [2013.05.23 12:29:05 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ellen&Falko\Desktop\JRT.exe [2013.05.23 12:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 09:15:35 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ellen&Falko\Desktop\aswMBR.exe [2013.05.23 09:14:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ellen&Falko\Desktop\tdsskiller.exe [2013.05.22 22:23:07 | 000,377,856 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\gmer_2.1.19163.exe [2013.05.22 19:34:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161967605-348264692-613214921-1000Core.job [2013.05.21 20:19:21 | 000,000,064 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan [2013.05.21 19:41:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen&Falko\Desktop\OTL.exe [2013.05.21 18:42:45 | 000,353,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.21 11:47:05 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.21 11:47:05 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.21 11:47:04 | 000,659,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.21 11:47:04 | 000,132,776 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.20 16:15:08 | 000,012,416 | ---- | M] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat [2013.05.17 16:06:39 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.17 11:09:00 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.16 20:24:12 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.05.16 18:51:37 | 000,628,743 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\adwcleaner.exe [2013.05.16 17:36:37 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.16 15:25:21 | 000,002,102 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk [2013.05.16 15:12:21 | 000,056,832 | ---- | M] () -- C:\Users\Ellen&Falko\Desktop\Rechnungen.xlr [2013.05.15 12:21:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:21:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.15 12:21:10 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.05.03 14:59:35 | 000,000,922 | ---- | M] () -- C:\Windows\posteriza.INI [2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013.05.22 22:22:45 | 000,377,856 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\gmer_2.1.19163.exe [2013.05.21 20:19:21 | 000,000,064 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\mbam.context.scan [2013.05.21 18:42:24 | 000,353,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 16:06:39 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.17 16:06:39 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.16 18:50:51 | 000,628,743 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\adwcleaner.exe [2013.05.16 17:36:37 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.16 15:25:21 | 000,002,102 | ---- | C] () -- C:\Users\Ellen&Falko\Desktop\Microsoft Security Essentials.lnk [2012.12.15 15:24:08 | 000,002,809 | -H-- | C] () -- C:\Windows\System32\BTImages.dat [2012.12.12 14:33:07 | 000,010,495 | ---- | C] () -- C:\Users\Ellen&Falko\Ellen_elster_2048.pfx [2012.08.04 23:15:51 | 000,002,681 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\recently-used.xbel [2012.08.04 22:00:50 | 000,003,072 | -H-- | C] () -- C:\Users\Ellen&Falko\photothumb.db [2011.11.26 13:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{2E8D49FE-3B5B-49EC-AAEF-957531246A7A} [2011.09.30 11:55:27 | 000,000,022 | -HS- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\Sys2662.Config.Repository.bin [2011.09.09 16:45:10 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI [2011.06.29 17:12:04 | 000,000,000 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\{983F738C-1125-48D5-9E06-0F6AAB090992} [2010.05.16 12:49:46 | 000,007,598 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Local\Resmon.ResmonCfg [2010.04.23 13:04:52 | 000,057,856 | ---- | C] () -- C:\Users\Ellen&Falko\Rechnungen.xlr [2010.04.23 13:04:08 | 000,012,416 | ---- | C] () -- C:\Users\Ellen&Falko\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838 < End of report > |
|
23.05.2013, 12:45
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Matsnu.gen!AZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.05.2013, 18:29
| #15 |
| | Matsnu.gen!ACode:
ATTFilter # AdwCleaner v2.301 - Datei am 23/05/2013 um 19:22:58 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Ellen&Falko - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ellen&Falko\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Ellen&Falko\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Ellen&Falko\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Ellen&Falko\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7891 octets] - [23/05/2013 12:45:36]
AdwCleaner[S2].txt - [1396 octets] - [23/05/2013 19:22:58]
########## EOF - C:\AdwCleaner[S2].txt - [1456 octets] ##########
|
|
| Themen zu Matsnu.gen!A |
| administrator, alarm, anti-malware, antimalwarebytes, anzeige, anzeigen, autostart, dateien, emails, essen, explorer, hochfahren, lahm, lahmt, microsoft, morgen, programm, programme, quarantäne, rechnung, registry key, security, service, speicher, updates, user agent, version, voll |
Linear-Darstellung
