Trojaner "saving sidekicks" frisst und beschädigt meine Dateien

cosinus · 21.10.2012, 12:38

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

jj84 · 21.10.2012, 12:54

Hier die neue log:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 21/10/2012 um 13:48:43 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : jj - GUDRUN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\jj\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Ordner Gelöscht : C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\4yfpt7x1.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\jj\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [43621 octets] - [15/10/2012 19:34:26]
AdwCleaner[S1].txt - [42604 octets] - [17/10/2012 22:09:40]
AdwCleaner[R2].txt - [2067 octets] - [21/10/2012 12:14:17]
AdwCleaner[R2]neu.txt - [2066 octets] - [21/10/2012 12:23:14]
AdwCleaner[S2].txt - [1939 octets] - [21/10/2012 13:48:43]

########## EOF - C:\AdwCleaner[S2].txt - [1999 octets] ##########

cosinus · 21.10.2012, 13:09

Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

jj84 · 21.10.2012, 14:01

Bitteschön:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.10.2012 14:14:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jj\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,12 Mb Total Physical Memory | 353,10 Mb Available Physical Memory | 34,82% Memory free
1,99 Gb Paging File | 1,14 Gb Available in Paging File | 57,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 65,79 Gb Free Space | 65,79% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 182,98 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 982,13 Mb Total Space | 974,39 Mb Free Space | 99,21% Space Free | Partition Type: FAT
 
Computer Name: *** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.21 14:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jj\Downloads\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.20 13:10:50 | 000,232,960 | ---- | M] (Cybits AG) -- C:\Program Files\SURF-SITTER PC\AutoUpdaterService.exe
PRC - [2012.09.20 13:10:48 | 000,685,568 | ---- | M] (Cybits AG) -- C:\Program Files\SURF-SITTER PC\cy-Service.exe
PRC - [2012.09.20 13:10:48 | 000,441,856 | ---- | M] () -- C:\Program Files\SURF-SITTER PC\cy-Software.exe
PRC - [2012.09.20 13:10:48 | 000,162,304 | ---- | M] (Cybits AG) -- C:\Program Files\SURF-SITTER PC\cy-Service_2.exe
PRC - [2012.08.26 21:37:26 | 000,621,056 | ---- | M] () -- C:\ProgramData\InstallBrainService\ibsvc.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.12 01:08:52 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2011.01.07 00:16:38 | 000,414,384 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe
PRC - [2010.11.20 14:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe
PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.17 10:32:44 | 000,197,968 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
PRC - [2010.09.17 10:32:44 | 000,161,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.20 01:05:43 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.10.19 18:52:32 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.10.19 18:52:06 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.10.19 18:51:53 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.10.19 18:51:39 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.10.19 14:03:25 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.10.19 05:00:54 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.09.20 13:10:48 | 000,441,856 | ---- | M] () -- C:\Program Files\SURF-SITTER PC\cy-Software.exe
MOD - [2012.09.20 13:10:48 | 000,435,712 | ---- | M] () -- C:\Program Files\SURF-SITTER PC\cy-Software.dll
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012.10.10 11:26:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.20 13:10:50 | 000,232,960 | ---- | M] (Cybits AG) [Auto | Running] -- C:\Program Files\SURF-SITTER PC\AutoUpdaterService.exe -- (surf-sitter-Updater)
SRV - [2012.09.20 13:10:48 | 000,685,568 | ---- | M] (Cybits AG) [Auto | Running] -- C:\Program Files\SURF-SITTER PC\cy-Service.exe -- (surf-sitter)
SRV - [2012.09.20 13:10:48 | 000,162,304 | ---- | M] (Cybits AG) [Auto | Running] -- C:\Program Files\SURF-SITTER PC\cy-Service_2.exe -- (C88EDF03-FB60-44F4-AC70-FFF129414098)
SRV - [2012.08.26 21:39:21 | 001,695,264 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\eType Manager\2.2.580.183\52de144c-c70b-4e0a-9b16-29a2e18c255e\etypemngr.exe -- (eType Manager)
SRV - [2012.08.26 21:37:26 | 000,621,056 | ---- | M] () [Auto | Running] -- C:\ProgramData\InstallBrainService\ibsvc.exe -- (InstallBrainService)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.17 10:32:44 | 000,161,104 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwampfl.sys -- (btwampfl)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.20 13:10:46 | 000,026,128 | ---- | M] (Cybits AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\cy-driver.sys -- (cy_System)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.22 09:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X6XSEx.Sys -- (X6XSEx)
DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 12:06:38 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.09.17 10:32:48 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010.09.17 10:32:48 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010.09.17 10:32:48 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010.09.17 10:32:48 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.209.107.179:80
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jj\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jj\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.21 03:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 12:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.10.13 18:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jj\AppData\Roaming\mozilla\Extensions
[2012.10.17 22:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jj\AppData\Roaming\mozilla\Firefox\Profiles\4yfpt7x1.default\extensions
[2012.02.04 22:42:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jj\AppData\Roaming\mozilla\Firefox\Profiles\4yfpt7x1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.13 18:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.13 12:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2012.10.13 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\USERS\JJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4YFPT7X1.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
File not found (No name found) -- C:\USERS\JJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4YFPT7X1.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jj\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jj\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jj\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\jj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Program Files\etype\file2linktemplateX.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Program Files\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SURF-SITTER PC] C:\Program Files\SURF-SITTER PC\cy-Software.exe ()
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\jj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AADD834-1073-488B-9498-6FB4641FACB6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Driver Whiz - hkey= - key= -  File not found
MsConfig - StartUpReg: Exetender - hkey= - key= - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\jj\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: UIExec - hkey= - key= - C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: C88EDF03-FB60-44F4-AC70-FFF129414098 - C:\Program Files\SURF-SITTER PC\cy-Service_2.exe (Cybits AG)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: surf-sitter - C:\Program Files\SURF-SITTER PC\cy-Service.exe (Cybits AG)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.02 11:19:48 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.10.19 23:45:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.18 18:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Gallery
[2012.10.18 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JuSProg
[2012.10.18 18:32:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\surf-sitter
[2012.10.18 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\SURF-SITTER PC
[2012.10.17 17:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.14 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Roaming\Opera
[2012.10.14 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\Opera
[2012.10.14 16:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.10.13 13:32:52 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Roaming\Malwarebytes
[2012.10.13 13:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.13 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.13 13:32:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.10.13 13:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.12 15:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\FLVPlayer
[2012.10.11 11:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
[2012.10.11 11:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2012.10.10 19:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Manual
[2012.10.10 19:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\lang
[2012.10.10 19:03:13 | 001,214,784 | ---- | C] (D-Link) -- C:\Program Files\DWIZARD.exe
[2012.10.10 19:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\QIG
[2012.10.10 19:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Acrobat
[2012.10.10 19:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\pic
[2012.10.10 19:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\musik
[2012.10.10 15:03:17 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\Macromedia
[2012.10.10 04:37:44 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions
[2012.10.10 04:37:33 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins
[2012.10.09 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Roaming\PCCUStubInstaller
[2012.10.09 17:04:46 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\ElevatedDiagnostics
[2012.10.09 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\{3411DB2F-C954-4578-929F-A6F7C3D44F0C}
[2012.10.08 20:27:18 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Roaming\SumatraPDF
[2012.10.08 20:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
[2012.10.08 16:34:48 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\{220AA936-9B4E-4664-8CAE-F8589ED9095D}
[2012.09.29 20:18:19 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.23 16:49:40 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Roaming\MusicNet
[2012.09.23 16:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\25247
[2012.09.23 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\jj\Documents\My Received Files
[2012.09.23 16:48:52 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\iMesh
[2012.09.23 16:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2012.09.23 16:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\iMesh
[2012.09.23 16:43:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{54354A6F-DFEF-43FB-B54D-C03C4D79EED5}
[2012.09.23 16:43:03 | 000,000,000 | ---D | C] -- C:\Users\jj\AppData\Local\PackageAware
[2012.09.21 18:03:27 | 000,000,000 | ---D | C] -- C:\Neues Verzeichnis
[9 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 13:59:58 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 13:59:58 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 13:55:38 | 000,723,284 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.10.21 13:55:38 | 000,668,232 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.10.21 13:55:38 | 000,156,574 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.10.21 13:55:38 | 000,129,054 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.10.21 13:50:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.10.21 13:50:14 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 13:27:01 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000UA.job
[2012.10.20 20:27:01 | 000,001,056 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000Core.job
[2012.10.18 19:50:58 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.18 18:32:36 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\JuSProg.lnk
[2012.10.18 18:32:36 | 000,000,149 | ---- | M] () -- C:\Users\Public\Desktop\JuSProg Hilfe.url
[2012.10.14 16:02:05 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.13 12:54:33 | 000,001,178 | ---- | M] () -- C:\Users\jj\Desktop\Verbindung herstellen.rtf
[2012.10.12 15:23:36 | 000,290,500 | ---- | M] () -- C:\Users\jj\AppData\Local\funmoods-speeddial_sf.crx
[2012.10.11 14:28:49 | 000,001,360 | ---- | M] () -- C:\preference.xml
[2012.10.10 11:26:13 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.10.08 20:34:18 | 000,348,202 | ---- | M] () -- C:\Users\jj\Documents\guns_n_roses--november_rain.pdf
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[9 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2030.01.02 11:19:49 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.10.18 18:32:36 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\JuSProg.lnk
[2012.10.18 18:32:36 | 000,000,149 | ---- | C] () -- C:\Users\Public\Desktop\JuSProg Hilfe.url
[2012.10.14 16:02:05 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.10.14 16:02:05 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.13 13:32:36 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.13 12:54:33 | 000,001,178 | ---- | C] () -- C:\Users\jj\Desktop\Verbindung herstellen.rtf
[2012.10.12 15:23:52 | 000,290,500 | ---- | C] () -- C:\Users\jj\AppData\Local\funmoods-speeddial_sf.crx
[2012.10.10 19:03:13 | 000,000,049 | ---- | C] () -- C:\Program Files\Autorun.inf
[2012.10.10 11:26:13 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.10.08 20:34:18 | 000,348,202 | ---- | C] () -- C:\Users\jj\Documents\guns_n_roses--november_rain.pdf
[2012.09.29 20:17:43 | 000,001,108 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000UA.job
[2012.09.29 20:17:42 | 000,001,056 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000Core.job
[2012.09.19 22:42:19 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012.07.26 21:39:53 | 000,033,134 | ---- | C] () -- C:\Users\jj\AppData\Roaming\UserTile.png
[2012.02.04 18:11:47 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012.02.04 18:09:20 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.04.21 03:19:31 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2011.04.21 03:19:31 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.04.21 02:54:52 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2011.04.21 02:54:50 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2011.04.21 02:54:26 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2011.04.21 02:46:52 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2011.04.21 02:43:40 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011.04.21 02:43:40 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011.02.16 17:29:59 | 000,723,284 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2011.02.16 17:29:59 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2011.02.16 17:29:59 | 000,156,574 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2011.02.16 17:29:59 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010.12.06 14:44:53 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.04.21 03:35:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2011.04.21 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam
[2011.04.21 03:35:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2011.04.21 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam
[2011.04.21 03:35:23 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\ASUS WebStorage
[2012.02.04 22:43:10 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\DVDVideoSoft
[2012.02.04 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.21 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\E-Cam
[2012.09.23 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\MusicNet
[2012.10.14 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Opera
[2012.10.13 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\PCCUStubInstaller
[2012.10.21 13:48:45 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\SoftGrid Client
[2012.10.08 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\SumatraPDF
[2012.02.14 19:35:49 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\TP
[2012.08.18 22:10:26 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.21 03:36:20 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Adobe
[2011.04.21 03:35:23 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\ASUS WebStorage
[2012.02.04 22:43:10 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\DVDVideoSoft
[2012.02.04 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.21 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\E-Cam
[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Identities
[2011.04.21 02:42:36 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\InstallShield
[2011.04.21 02:57:58 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Macromedia
[2012.10.13 13:32:52 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Malwarebytes
[2012.10.15 10:23:53 | 000,000,000 | --SD | M] -- C:\Users\jj\AppData\Roaming\Microsoft
[2012.02.04 18:25:00 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Mozilla
[2012.09.23 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\MusicNet
[2012.10.14 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Opera
[2012.10.13 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\PCCUStubInstaller
[2012.10.21 13:48:45 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\SoftGrid Client
[2012.10.08 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\SumatraPDF
[2012.02.14 19:35:49 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\TP
[2012.08.18 22:10:26 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\Windows Live Writer
[2012.03.18 19:19:39 | 000,000,000 | ---D | M] -- C:\Users\jj\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.09.27 13:29:06 | 000,827,864 | ---- | M] (Symantec Corporation) -- C:\Users\jj\AppData\Roaming\PCCUStubInstaller\SymcPCCUInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.06.08 19:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\drivers\iaStor.sys
[2010.06.08 19:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_20f8d1b2e876a71d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
<           >
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012.09.29 20:17:42 | 000,001,056 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000Core.job
[2012.09.29 20:17:43 | 000,001,108 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000UA.job
[2012.10.10 11:26:13 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< End of report >

LG ;-)

cosinus · 21.10.2012, 16:24

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-4272849766-2629686594-2337917180-1000\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Program Files\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (eType Toolbar) - {d0230100-3044-43b1-a44e-70dc12fd418c} - C:\Program Files\etype\file2linktemplateX.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\Program Files\Yontoo\
C:\ProgramData\InstallBrainService
C:\ProgramData\Tarma Installer
C:\Users\All Users\InstallBrainService
C:\Users\All Users\Tarma Installer
C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\4yfpt7x1.default\extensions\plugin@yontoo.com
C:\Users\jj\Downloads\FreeYouTubeDownload.exe
C:\Users\jj\Downloads\PDFReaderSetup.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jj84 · 22.10.2012, 16:24

N'abend! :-)

Alles befolgt, hier das Log von OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-21-4272849766-2629686594-2337917180-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bff6b2ca-366c-4a90-b685-d87776deb0d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bff6b2ca-366c-4a90-b685-d87776deb0d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0230100-3044-43b1-a44e-70dc12fd418c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bff6b2ca-366c-4a90-b685-d87776deb0d2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bff6b2ca-366c-4a90-b685-d87776deb0d2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d0230100-3044-43b1-a44e-70dc12fd418c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0230100-3044-43b1-a44e-70dc12fd418c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
Folder C:\Program Files\Yontoo not found.
C:\ProgramData\InstallBrainService folder moved successfully.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\All Users\InstallBrainService not found.
File\Folder C:\Users\All Users\Tarma Installer not found.
File\Folder C:\Users\jj\AppData\Roaming\Mozilla\Firefox\Profiles\4yfpt7x1.default\extensions\plugin@yontoo.com not found.
C:\Users\jj\Downloads\FreeYouTubeDownload.exe moved successfully.
C:\Users\jj\Downloads\PDFReaderSetup.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\jj\Downloads\cmd.bat deleted successfully.
C:\Users\jj\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 327990 bytes
->Flash cache emptied: 343 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: jj
->Temp folder emptied: 126001647 bytes
->Temporary Internet Files folder emptied: 1705439 bytes
->FireFox cache emptied: 65504652 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 11879686 bytes
->Flash cache emptied: 6268 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155291417 bytes
RecycleBin emptied: 539929 bytes
 
Total Files Cleaned = 345,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10222012_170110

Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Grüße, Jeannine

cosinus · 22.10.2012, 18:18

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

jj84 · 22.10.2012, 18:44

Erstmal zwischendrin ein riesiges Dankeschön für die Hilfe!!!

Hier die Logdatei von TDSS:

Code:

ATTFilter

19:34:23.0234 1528  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:34:23.0748 1528  ============================================================
19:34:23.0748 1528  Current date / time: 2012/10/22 19:34:23.0748
19:34:23.0748 1528  SystemInfo:
19:34:23.0748 1528  
19:34:23.0748 1528  OS Version: 6.1.7601 ServicePack: 1.0
19:34:23.0748 1528  Product type: Workstation
19:34:23.0748 1528  ComputerName: **
19:34:23.0748 1528  UserName: ***
19:34:23.0748 1528  Windows directory: C:\windows
19:34:23.0748 1528  System windows directory: C:\windows
19:34:23.0748 1528  Processor architecture: Intel x86
19:34:23.0748 1528  Number of processors: 4
19:34:23.0748 1528  Page size: 0x1000
19:34:23.0748 1528  Boot type: Normal boot
19:34:23.0748 1528  ============================================================
19:34:24.0840 1528  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:24.0950 1528  Drive \Device\Harddisk1\DR1 - Size: 0x3D680000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:24.0950 1528  ============================================================
19:34:24.0950 1528  \Device\Harddisk0\DR0:
19:34:24.0950 1528  MBR partitions:
19:34:24.0950 1528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
19:34:24.0950 1528  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0x16E25800
19:34:24.0950 1528  \Device\Harddisk1\DR1:
19:34:24.0950 1528  MBR partitions:
19:34:24.0950 1528  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x1EB30D
19:34:24.0950 1528  ============================================================
19:34:25.0028 1528  C: <-> \Device\Harddisk0\DR0\Partition1
19:34:25.0074 1528  D: <-> \Device\Harddisk0\DR0\Partition2
19:34:25.0121 1528  ============================================================
19:34:25.0121 1528  Initialize success
19:34:25.0121 1528  ============================================================
19:35:39.0534 6040  ============================================================
19:35:39.0534 6040  Scan started
19:35:39.0534 6040  Mode: Manual; SigCheck; TDLFS; 
19:35:39.0534 6040  ============================================================
19:35:41.0640 6040  ================ Scan system memory ========================
19:35:41.0640 6040  System memory - ok
19:35:41.0655 6040  ================ Scan services =============================
19:35:41.0843 6040  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:35:42.0201 6040  1394ohci - ok
19:35:42.0264 6040  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:35:42.0311 6040  ACPI - ok
19:35:42.0342 6040  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:35:42.0482 6040  AcpiPmi - ok
19:35:42.0576 6040  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:42.0638 6040  AdobeFlashPlayerUpdateSvc - ok
19:35:42.0701 6040  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:35:42.0779 6040  adp94xx - ok
19:35:42.0794 6040  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:35:42.0841 6040  adpahci - ok
19:35:42.0857 6040  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:35:42.0903 6040  adpu320 - ok
19:35:42.0966 6040  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:35:43.0215 6040  AeLookupSvc - ok
19:35:43.0262 6040  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
19:35:43.0371 6040  AFD - ok
19:35:43.0449 6040  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
19:35:43.0496 6040  agp440 - ok
19:35:43.0527 6040  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\drivers\djsvs.sys
19:35:43.0559 6040  aic78xx - ok
19:35:43.0605 6040  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
19:35:43.0699 6040  ALG - ok
19:35:43.0730 6040  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
19:35:43.0761 6040  aliide - ok
19:35:43.0777 6040  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
19:35:43.0808 6040  amdagp - ok
19:35:43.0839 6040  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
19:35:43.0871 6040  amdide - ok
19:35:43.0902 6040  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:35:43.0980 6040  AmdK8 - ok
19:35:44.0011 6040  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
19:35:44.0058 6040  AmdPPM - ok
19:35:44.0120 6040  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:35:44.0151 6040  amdsata - ok
19:35:44.0183 6040  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:35:44.0229 6040  amdsbs - ok
19:35:44.0245 6040  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:35:44.0276 6040  amdxata - ok
19:35:44.0401 6040  [ 6EAC742B758E110DD12EBC8446C07B6C ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:35:44.0479 6040  Amsp - ok
19:35:44.0495 6040  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
19:35:44.0588 6040  AppID - ok
19:35:44.0619 6040  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:35:44.0713 6040  AppIDSvc - ok
19:35:44.0744 6040  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
19:35:44.0822 6040  Appinfo - ok
19:35:44.0869 6040  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\drivers\arc.sys
19:35:44.0900 6040  arc - ok
19:35:44.0931 6040  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:35:44.0963 6040  arcsas - ok
19:35:45.0009 6040  [ 956C7177DBDA0F02436868AD644CCF31 ] AsIO            C:\windows\system32\drivers\AsIO.sys
19:35:45.0041 6040  AsIO - ok
19:35:45.0290 6040  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:35:45.0353 6040  aspnet_state - ok
19:35:45.0384 6040  [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
19:35:45.0415 6040  AsUpIO - ok
19:35:45.0462 6040  [ BDF2196D34BB224E5B11C2B0FC3A55CB ] AsusService     C:\windows\system32\AsusService.exe
19:35:45.0493 6040  AsusService - ok
19:35:45.0524 6040  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:35:45.0665 6040  AsyncMac - ok
19:35:45.0711 6040  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
19:35:45.0743 6040  atapi - ok
19:35:45.0805 6040  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\windows\system32\DRIVERS\athr.sys
19:35:45.0961 6040  athr - ok
19:35:45.0992 6040  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:35:46.0086 6040  AudioEndpointBuilder - ok
19:35:46.0117 6040  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
19:35:46.0195 6040  Audiosrv - ok
19:35:46.0226 6040  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:35:46.0367 6040  AxInstSV - ok
19:35:46.0398 6040  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\drivers\bxvbdx.sys
19:35:46.0476 6040  b06bdrv - ok
19:35:46.0507 6040  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
19:35:46.0569 6040  b57nd60x - ok
19:35:46.0663 6040  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:35:46.0710 6040  BBSvc - ok
19:35:46.0819 6040  [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
19:35:46.0991 6040  BCM43XX - ok
19:35:47.0022 6040  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
19:35:47.0131 6040  BDESVC - ok
19:35:47.0147 6040  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
19:35:47.0240 6040  Beep - ok
19:35:47.0303 6040  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
19:35:47.0396 6040  BFE - ok
19:35:47.0443 6040  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
19:35:47.0615 6040  BITS - ok
19:35:47.0677 6040  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:35:47.0724 6040  blbdrive - ok
19:35:47.0786 6040  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:35:47.0880 6040  bowser - ok
19:35:47.0927 6040  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:35:48.0020 6040  BrFiltLo - ok
19:35:48.0051 6040  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:35:48.0114 6040  BrFiltUp - ok
19:35:48.0161 6040  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
19:35:48.0285 6040  Browser - ok
19:35:48.0332 6040  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:35:48.0441 6040  Brserid - ok
19:35:48.0473 6040  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:35:48.0535 6040  BrSerWdm - ok
19:35:48.0551 6040  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:35:48.0613 6040  BrUsbMdm - ok
19:35:48.0629 6040  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:35:48.0691 6040  BrUsbSer - ok
19:35:48.0753 6040  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
19:35:48.0972 6040  BthEnum - ok
19:35:49.0019 6040  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:35:49.0065 6040  BTHMODEM - ok
19:35:49.0112 6040  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:35:49.0175 6040  BthPan - ok
19:35:49.0221 6040  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
19:35:49.0299 6040  BTHPORT - ok
19:35:49.0331 6040  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
19:35:49.0440 6040  bthserv - ok
19:35:49.0471 6040  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:35:49.0518 6040  BTHUSB - ok
19:35:49.0533 6040  btwampfl - ok
19:35:49.0565 6040  btwaudio - ok
19:35:49.0580 6040  btwavdt - ok
19:35:49.0580 6040  btwl2cap - ok
19:35:49.0596 6040  btwrchid - ok
19:35:49.0689 6040  [ 7D2F2FC9FBF5BD98748BBC74FDA7BE84 ] C88EDF03-FB60-44F4-AC70-FFF129414098 C:\Program Files\SURF-SITTER PC\cy-Service_2.exe
19:35:49.0736 6040  C88EDF03-FB60-44F4-AC70-FFF129414098 ( UnsignedFile.Multi.Generic ) - warning
19:35:49.0736 6040  C88EDF03-FB60-44F4-AC70-FFF129414098 - detected UnsignedFile.Multi.Generic (1)
19:35:49.0783 6040  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:35:49.0861 6040  cdfs - ok
19:35:49.0908 6040  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:35:49.0970 6040  cdrom - ok
19:35:50.0017 6040  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
19:35:50.0095 6040  CertPropSvc - ok
19:35:50.0126 6040  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\drivers\circlass.sys
19:35:50.0189 6040  circlass - ok
19:35:50.0220 6040  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
19:35:50.0267 6040  CLFS - ok
19:35:50.0329 6040  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:50.0376 6040  clr_optimization_v2.0.50727_32 - ok
19:35:50.0438 6040  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:50.0532 6040  clr_optimization_v4.0.30319_32 - ok
19:35:50.0563 6040  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:35:50.0625 6040  CmBatt - ok
19:35:50.0657 6040  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:35:50.0688 6040  cmdide - ok
19:35:50.0719 6040  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
19:35:50.0828 6040  CNG - ok
19:35:50.0859 6040  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:35:50.0891 6040  Compbatt - ok
19:35:50.0937 6040  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:35:51.0000 6040  CompositeBus - ok
19:35:51.0031 6040  COMSysApp - ok
19:35:51.0062 6040  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:35:51.0093 6040  crcdisk - ok
19:35:51.0156 6040  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:35:51.0265 6040  CryptSvc - ok
19:35:51.0374 6040  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:35:51.0452 6040  cvhsvc - ok
19:35:51.0530 6040  [ CFFEA2E4DAB18AACA81AAD8163316CA2 ] cy_System       C:\windows\system32\drivers\cy-driver.sys
19:35:51.0561 6040  cy_System - ok
19:35:51.0608 6040  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
19:35:51.0702 6040  DcomLaunch - ok
19:35:51.0749 6040  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
19:35:51.0827 6040  defragsvc - ok
19:35:51.0858 6040  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:35:51.0936 6040  DfsC - ok
19:35:51.0983 6040  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
19:35:52.0076 6040  Dhcp - ok
19:35:52.0107 6040  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
19:35:52.0185 6040  discache - ok
19:35:52.0232 6040  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\drivers\disk.sys
19:35:52.0263 6040  Disk - ok
19:35:52.0310 6040  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:35:52.0404 6040  Dnscache - ok
19:35:52.0451 6040  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
19:35:52.0544 6040  dot3svc - ok
19:35:52.0560 6040  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
19:35:52.0669 6040  DPS - ok
19:35:52.0716 6040  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:35:52.0763 6040  drmkaud - ok
19:35:52.0825 6040  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:35:52.0903 6040  DXGKrnl - ok
19:35:52.0934 6040  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
19:35:53.0028 6040  EapHost - ok
19:35:53.0246 6040  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\drivers\evbdx.sys
19:35:53.0480 6040  ebdrv - ok
19:35:53.0511 6040  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
19:35:53.0636 6040  EFS - ok
19:35:53.0699 6040  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:35:53.0745 6040  elxstor - ok
19:35:53.0761 6040  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:35:53.0823 6040  ErrDev - ok
19:35:53.0855 6040  [ 7C87DF14552A5E0270DBD906BAFF85FB ] ETD             C:\windows\system32\DRIVERS\ETD.sys
19:35:53.0886 6040  ETD - ok
19:35:54.0011 6040  [ 12CEA7B401A32E7F08179DB587060121 ] eType Manager   C:\ProgramData\eType Manager\2.2.580.183\52de144c-c70b-4e0a-9b16-29a2e18c255e\etypemngr.exe
19:35:54.0151 6040  eType Manager - ok
19:35:54.0213 6040  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
19:35:54.0323 6040  EventSystem - ok
19:35:54.0338 6040  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
19:35:54.0432 6040  exfat - ok
19:35:54.0463 6040  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:35:54.0557 6040  fastfat - ok
19:35:54.0603 6040  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
19:35:54.0744 6040  Fax - ok
19:35:54.0759 6040  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\drivers\fdc.sys
19:35:54.0822 6040  fdc - ok
19:35:54.0853 6040  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
19:35:54.0947 6040  fdPHost - ok
19:35:54.0978 6040  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
19:35:55.0056 6040  FDResPub - ok
19:35:55.0087 6040  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:35:55.0134 6040  FileInfo - ok
19:35:55.0149 6040  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:35:55.0227 6040  Filetrace - ok
19:35:55.0259 6040  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:35:55.0305 6040  flpydisk - ok
19:35:55.0337 6040  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:35:55.0368 6040  FltMgr - ok
19:35:55.0430 6040  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
19:35:55.0555 6040  FontCache - ok
19:35:55.0617 6040  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:55.0649 6040  FontCache3.0.0.0 - ok
19:35:55.0680 6040  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:35:55.0711 6040  FsDepends - ok
19:35:55.0758 6040  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
19:35:55.0773 6040  fssfltr - ok
19:35:55.0867 6040  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:55.0976 6040  fsssvc - ok
19:35:56.0007 6040  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:35:56.0039 6040  Fs_Rec - ok
19:35:56.0070 6040  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:35:56.0117 6040  fvevol - ok
19:35:56.0148 6040  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:35:56.0179 6040  gagp30kx - ok
19:35:56.0226 6040  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
19:35:56.0335 6040  gpsvc - ok
19:35:56.0366 6040  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:35:56.0475 6040  hcw85cir - ok
19:35:56.0522 6040  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:35:56.0585 6040  HdAudAddService - ok
19:35:56.0600 6040  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:35:56.0663 6040  HDAudBus - ok
19:35:56.0678 6040  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:35:56.0741 6040  HidBatt - ok
19:35:56.0756 6040  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:35:56.0819 6040  HidBth - ok
19:35:56.0850 6040  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\drivers\hidir.sys
19:35:56.0912 6040  HidIr - ok
19:35:56.0943 6040  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
19:35:57.0037 6040  hidserv - ok
19:35:57.0068 6040  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:35:57.0115 6040  HidUsb - ok
19:35:57.0146 6040  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:35:57.0224 6040  hkmsvc - ok
19:35:57.0255 6040  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:35:57.0380 6040  HomeGroupListener - ok
19:35:57.0427 6040  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:35:57.0489 6040  HomeGroupProvider - ok
19:35:57.0536 6040  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:35:57.0567 6040  HpSAMD - ok
19:35:57.0614 6040  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:35:57.0723 6040  HTTP - ok
19:35:57.0770 6040  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:35:57.0801 6040  hwpolicy - ok
19:35:57.0833 6040  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:35:57.0895 6040  i8042prt - ok
19:35:57.0942 6040  [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor          C:\windows\system32\drivers\iaStor.sys
19:35:57.0989 6040  iaStor - ok
19:35:58.0035 6040  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:35:58.0082 6040  iaStorV - ok
19:35:58.0145 6040  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:58.0223 6040  idsvc - ok
19:35:58.0379 6040  [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
19:35:58.0675 6040  igfx - ok
19:35:58.0706 6040  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:35:58.0737 6040  iirsp - ok
19:35:58.0784 6040  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
19:35:58.0925 6040  IKEEXT - ok
19:35:58.0971 6040  InstallBrainService - ok
19:35:59.0112 6040  [ E8B6F7896DB2EE6A7AF7A177A9BBC526 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
19:35:59.0299 6040  IntcAzAudAddService - ok
19:35:59.0330 6040  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
19:35:59.0361 6040  intelide - ok
19:35:59.0393 6040  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:35:59.0455 6040  intelppm - ok
19:35:59.0486 6040  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:35:59.0595 6040  IPBusEnum - ok
19:35:59.0611 6040  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:35:59.0705 6040  IpFilterDriver - ok
19:35:59.0736 6040  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:35:59.0845 6040  iphlpsvc - ok
19:35:59.0876 6040  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:35:59.0923 6040  IPMIDRV - ok
19:35:59.0939 6040  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:36:00.0032 6040  IPNAT - ok
19:36:00.0063 6040  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:36:00.0173 6040  IRENUM - ok
19:36:00.0204 6040  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:36:00.0235 6040  isapnp - ok
19:36:00.0251 6040  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:36:00.0297 6040  iScsiPrt - ok
19:36:00.0329 6040  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:36:00.0360 6040  kbdclass - ok
19:36:00.0391 6040  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:36:00.0438 6040  kbdhid - ok
19:36:00.0485 6040  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
19:36:00.0500 6040  kbfiltr - ok
19:36:00.0531 6040  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
19:36:00.0563 6040  KeyIso - ok
19:36:00.0594 6040  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:36:00.0625 6040  KSecDD - ok
19:36:00.0656 6040  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:36:00.0687 6040  KSecPkg - ok
19:36:00.0734 6040  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
19:36:00.0843 6040  KtmRm - ok
19:36:00.0875 6040  [ C8FA09049E640B0A27E4B4446D958FE5 ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
19:36:00.0906 6040  L1C - ok
19:36:00.0937 6040  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
19:36:01.0031 6040  LanmanServer - ok
19:36:01.0062 6040  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:36:01.0155 6040  LanmanWorkstation - ok
19:36:01.0187 6040  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:36:01.0265 6040  lltdio - ok
19:36:01.0296 6040  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:36:01.0405 6040  lltdsvc - ok
19:36:01.0421 6040  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
19:36:01.0483 6040  lmhosts - ok
19:36:01.0530 6040  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:36:01.0577 6040  LSI_FC - ok
19:36:01.0577 6040  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:36:01.0623 6040  LSI_SAS - ok
19:36:01.0639 6040  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:36:01.0670 6040  LSI_SAS2 - ok
19:36:01.0686 6040  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:36:01.0717 6040  LSI_SCSI - ok
19:36:01.0748 6040  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
19:36:01.0826 6040  luafv - ok
19:36:01.0889 6040  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\windows\system32\drivers\massfilter.sys
19:36:01.0951 6040  massfilter - ok
19:36:01.0998 6040  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
19:36:02.0029 6040  MBAMProtector - ok
19:36:02.0107 6040  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:02.0154 6040  MBAMScheduler - ok
19:36:02.0216 6040  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:02.0294 6040  MBAMService - ok
19:36:02.0325 6040  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\drivers\megasas.sys
19:36:02.0357 6040  megasas - ok
19:36:02.0388 6040  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:36:02.0435 6040  MegaSR - ok
19:36:02.0466 6040  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
19:36:02.0575 6040  MMCSS - ok
19:36:02.0606 6040  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
19:36:02.0684 6040  Modem - ok
19:36:02.0715 6040  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:36:02.0778 6040  monitor - ok
19:36:02.0825 6040  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:36:02.0856 6040  mouclass - ok
19:36:02.0887 6040  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:36:02.0934 6040  mouhid - ok
19:36:02.0949 6040  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:36:02.0996 6040  mountmgr - ok
19:36:03.0090 6040  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:03.0137 6040  MozillaMaintenance - ok
19:36:03.0183 6040  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
19:36:03.0215 6040  mpio - ok
19:36:03.0230 6040  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:36:03.0308 6040  mpsdrv - ok
19:36:03.0355 6040  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:36:03.0480 6040  MpsSvc - ok
19:36:03.0511 6040  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:36:03.0573 6040  MRxDAV - ok
19:36:03.0620 6040  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:36:03.0683 6040  mrxsmb - ok
19:36:03.0714 6040  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:36:03.0761 6040  mrxsmb10 - ok
19:36:03.0776 6040  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:36:03.0839 6040  mrxsmb20 - ok
19:36:03.0870 6040  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
19:36:03.0901 6040  msahci - ok
19:36:03.0932 6040  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:36:03.0963 6040  msdsm - ok
19:36:03.0995 6040  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
19:36:04.0026 6040  MSDTC - ok
19:36:04.0073 6040  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:36:04.0166 6040  Msfs - ok
19:36:04.0182 6040  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:36:04.0275 6040  mshidkmdf - ok
19:36:04.0307 6040  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:36:04.0338 6040  msisadrv - ok
19:36:04.0369 6040  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:36:04.0463 6040  MSiSCSI - ok
19:36:04.0478 6040  msiserver - ok
19:36:04.0494 6040  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:36:04.0587 6040  MSKSSRV - ok
19:36:04.0619 6040  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:36:04.0697 6040  MSPCLOCK - ok
19:36:04.0728 6040  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:36:04.0837 6040  MSPQM - ok
19:36:04.0853 6040  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:36:04.0884 6040  MsRPC - ok
19:36:04.0915 6040  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:36:04.0946 6040  mssmbios - ok
19:36:04.0977 6040  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:36:05.0040 6040  MSTEE - ok
19:36:05.0071 6040  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:36:05.0118 6040  MTConfig - ok
19:36:05.0149 6040  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
19:36:05.0180 6040  Mup - ok
19:36:05.0227 6040  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
19:36:05.0321 6040  napagent - ok
19:36:05.0383 6040  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:36:05.0445 6040  NativeWifiP - ok
19:36:05.0508 6040  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:36:05.0570 6040  NDIS - ok
19:36:05.0601 6040  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:36:05.0695 6040  NdisCap - ok
19:36:05.0711 6040  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:36:05.0804 6040  NdisTapi - ok
19:36:05.0820 6040  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:36:05.0898 6040  Ndisuio - ok
19:36:05.0913 6040  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:36:06.0007 6040  NdisWan - ok
19:36:06.0038 6040  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:36:06.0116 6040  NDProxy - ok
19:36:06.0147 6040  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:36:06.0225 6040  NetBIOS - ok
19:36:06.0272 6040  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:36:06.0350 6040  NetBT - ok
19:36:06.0381 6040  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
19:36:06.0428 6040  Netlogon - ok
19:36:06.0475 6040  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
19:36:06.0569 6040  Netman - ok
19:36:06.0631 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0662 6040  NetMsmqActivator - ok
19:36:06.0693 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0725 6040  NetPipeActivator - ok
19:36:06.0756 6040  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
19:36:06.0881 6040  netprofm - ok
19:36:06.0896 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0927 6040  NetTcpActivator - ok
19:36:06.0943 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0974 6040  NetTcpPortSharing - ok
19:36:07.0005 6040  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:36:07.0037 6040  nfrd960 - ok
19:36:07.0068 6040  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:36:07.0177 6040  NlaSvc - ok
19:36:07.0208 6040  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:36:07.0302 6040  Npfs - ok
19:36:07.0317 6040  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
19:36:07.0427 6040  nsi - ok
19:36:07.0458 6040  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:36:07.0520 6040  nsiproxy - ok
19:36:07.0583 6040  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:36:07.0676 6040  Ntfs - ok
19:36:07.0692 6040  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
19:36:07.0785 6040  Null - ok
19:36:07.0817 6040  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:36:07.0848 6040  nvraid - ok
19:36:07.0895 6040  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:36:07.0941 6040  nvstor - ok
19:36:07.0973 6040  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:36:08.0004 6040  nv_agp - ok
19:36:08.0019 6040  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:36:08.0066 6040  ohci1394 - ok
19:36:08.0113 6040  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:08.0144 6040  ose - ok
19:36:08.0316 6040  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:08.0612 6040  osppsvc - ok
19:36:08.0659 6040  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:36:08.0784 6040  p2pimsvc - ok
19:36:08.0846 6040  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
19:36:08.0893 6040  p2psvc - ok
19:36:08.0955 6040  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\drivers\parport.sys
19:36:09.0002 6040  Parport - ok
19:36:09.0033 6040  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:36:09.0065 6040  partmgr - ok
19:36:09.0096 6040  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\drivers\parvdm.sys
19:36:09.0158 6040  Parvdm - ok
19:36:09.0205 6040  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:36:09.0283 6040  PcaSvc - ok
19:36:09.0299 6040  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
19:36:09.0330 6040  pci - ok
19:36:09.0361 6040  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
19:36:09.0392 6040  pciide - ok
19:36:09.0408 6040  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:36:09.0455 6040  pcmcia - ok
19:36:09.0470 6040  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
19:36:09.0501 6040  pcw - ok
19:36:09.0533 6040  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:36:09.0657 6040  PEAUTH - ok
19:36:09.0767 6040  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
19:36:09.0938 6040  pla - ok
19:36:09.0969 6040  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:36:10.0063 6040  PlugPlay - ok
19:36:10.0094 6040  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:36:10.0157 6040  PNRPAutoReg - ok
19:36:10.0188 6040  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:36:10.0235 6040  PNRPsvc - ok
19:36:10.0266 6040  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:36:10.0375 6040  PolicyAgent - ok
19:36:10.0422 6040  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
19:36:10.0515 6040  Power - ok
19:36:10.0562 6040  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:36:10.0671 6040  PptpMiniport - ok
19:36:10.0703 6040  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\drivers\processr.sys
19:36:10.0749 6040  Processor - ok
19:36:10.0781 6040  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
19:36:10.0859 6040  ProfSvc - ok
19:36:10.0874 6040  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
19:36:10.0905 6040  ProtectedStorage - ok
19:36:10.0937 6040  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:36:11.0015 6040  Psched - ok
19:36:11.0093 6040  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:36:11.0202 6040  ql2300 - ok
19:36:11.0217 6040  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:36:11.0249 6040  ql40xx - ok
19:36:11.0280 6040  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
19:36:11.0358 6040  QWAVE - ok
19:36:11.0373 6040  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:36:11.0436 6040  QWAVEdrv - ok
19:36:11.0467 6040  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:36:11.0545 6040  RasAcd - ok
19:36:11.0592 6040  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:36:11.0670 6040  RasAgileVpn - ok
19:36:11.0701 6040  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
19:36:11.0795 6040  RasAuto - ok
19:36:11.0810 6040  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:36:11.0904 6040  Rasl2tp - ok
19:36:11.0935 6040  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
19:36:12.0029 6040  RasMan - ok
19:36:12.0075 6040  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:36:12.0138 6040  RasPppoe - ok
19:36:12.0185 6040  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:36:12.0263 6040  RasSstp - ok
19:36:12.0294 6040  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:36:12.0387 6040  rdbss - ok
19:36:12.0403 6040  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:36:12.0450 6040  rdpbus - ok
19:36:12.0465 6040  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:36:12.0559 6040  RDPCDD - ok
19:36:12.0590 6040  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:36:12.0668 6040  RDPENCDD - ok
19:36:12.0699 6040  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:36:12.0777 6040  RDPREFMP - ok
19:36:12.0809 6040  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:36:12.0918 6040  RDPWD - ok
19:36:12.0965 6040  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:36:12.0996 6040  rdyboost - ok
19:36:13.0043 6040  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
19:36:13.0121 6040  RemoteAccess - ok
19:36:13.0167 6040  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:36:13.0245 6040  RemoteRegistry - ok
19:36:13.0292 6040  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:36:13.0339 6040  RFCOMM - ok
19:36:13.0401 6040  [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST          C:\windows\system32\DRIVERS\RMCAST.sys
19:36:13.0479 6040  RMCAST - ok
19:36:13.0511 6040  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:36:13.0604 6040  RpcEptMapper - ok
19:36:13.0620 6040  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
19:36:13.0667 6040  RpcLocator - ok
19:36:13.0698 6040  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
19:36:13.0776 6040  RpcSs - ok
19:36:13.0823 6040  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:36:13.0916 6040  rspndr - ok
19:36:13.0932 6040  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
19:36:13.0963 6040  SamSs - ok
19:36:14.0010 6040  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:36:14.0041 6040  sbp2port - ok
19:36:14.0072 6040  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:36:14.0181 6040  SCardSvr - ok
19:36:14.0213 6040  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:36:14.0291 6040  scfilter - ok
19:36:14.0337 6040  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
19:36:14.0462 6040  Schedule - ok
19:36:14.0478 6040  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:36:14.0556 6040  SCPolicySvc - ok
19:36:14.0571 6040  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:36:14.0681 6040  SDRSVC - ok
19:36:14.0712 6040  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:36:14.0743 6040  SeaPort - ok
19:36:14.0774 6040  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:36:14.0837 6040  secdrv - ok
19:36:14.0883 6040  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
19:36:14.0961 6040  seclogon - ok
19:36:14.0993 6040  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
19:36:15.0086 6040  SENS - ok
19:36:15.0117 6040  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\drivers\serenum.sys
19:36:15.0149 6040  Serenum - ok
19:36:15.0195 6040  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\drivers\serial.sys
19:36:15.0258 6040  Serial - ok
19:36:15.0273 6040  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:36:15.0320 6040  sermouse - ok
19:36:15.0383 6040  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
19:36:15.0476 6040  SessionEnv - ok
19:36:15.0492 6040  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:36:15.0539 6040  sffdisk - ok
19:36:15.0570 6040  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:36:15.0617 6040  sffp_mmc - ok
19:36:15.0648 6040  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:36:15.0695 6040  sffp_sd - ok
19:36:15.0710 6040  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:36:15.0741 6040  sfloppy - ok
19:36:15.0819 6040  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:36:15.0913 6040  Sftfs - ok
19:36:15.0960 6040  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:36:16.0007 6040  sftlist - ok
19:36:16.0038 6040  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:36:16.0069 6040  Sftplay - ok
19:36:16.0100 6040  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:36:16.0116 6040  Sftredir - ok
19:36:16.0163 6040  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:36:16.0178 6040  Sftvol - ok
19:36:16.0209 6040  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:36:16.0241 6040  sftvsa - ok
19:36:16.0272 6040  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:36:16.0365 6040  SharedAccess - ok
19:36:16.0412 6040  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:36:16.0521 6040  ShellHWDetection - ok
19:36:16.0568 6040  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
19:36:16.0599 6040  sisagp - ok
19:36:16.0631 6040  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:36:16.0662 6040  SiSRaid2 - ok
19:36:16.0693 6040  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:36:16.0724 6040  SiSRaid4 - ok
19:36:16.0755 6040  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:36:16.0833 6040  Smb - ok
19:36:16.0880 6040  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:36:16.0927 6040  SNMPTRAP - ok
19:36:16.0943 6040  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
19:36:16.0974 6040  spldr - ok
19:36:17.0021 6040  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
19:36:17.0145 6040  Spooler - ok
19:36:17.0255 6040  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
19:36:17.0457 6040  sppsvc - ok
19:36:17.0504 6040  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:36:17.0582 6040  sppuinotify - ok
19:36:17.0629 6040  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
19:36:17.0738 6040  srv - ok
19:36:17.0769 6040  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:36:17.0832 6040  srv2 - ok
19:36:17.0847 6040  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:36:17.0894 6040  srvnet - ok
19:36:17.0941 6040  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:36:18.0035 6040  SSDPSRV - ok
19:36:18.0066 6040  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:36:18.0144 6040  SstpSvc - ok
19:36:18.0191 6040  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:36:18.0222 6040  stexstor - ok
19:36:18.0269 6040  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
19:36:18.0362 6040  StiSvc - ok
19:36:18.0456 6040  [ B2E85C0E21FFAF026DE366ABDE808604 ] surf-sitter     C:\Program Files\SURF-SITTER PC\cy-Service.exe
19:36:18.0518 6040  surf-sitter ( UnsignedFile.Multi.Generic ) - warning
19:36:18.0518 6040  surf-sitter - detected UnsignedFile.Multi.Generic (1)
19:36:18.0596 6040  [ 099449C8349267DD89E5523C53C11DEE ] surf-sitter-Updater C:\Program Files\SURF-SITTER PC\AutoUpdaterService.exe
19:36:18.0643 6040  surf-sitter-Updater ( UnsignedFile.Multi.Generic ) - warning
19:36:18.0643 6040  surf-sitter-Updater - detected UnsignedFile.Multi.Generic (1)
19:36:18.0674 6040  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:36:18.0721 6040  swenum - ok
19:36:18.0768 6040  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
19:36:18.0861 6040  swprv - ok
19:36:18.0924 6040  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
19:36:19.0049 6040  SysMain - ok
19:36:19.0080 6040  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
19:36:19.0127 6040  TabletInputService - ok
19:36:19.0158 6040  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
19:36:19.0251 6040  TapiSrv - ok
19:36:19.0267 6040  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
19:36:19.0361 6040  TBS - ok
19:36:19.0439 6040  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:36:19.0548 6040  Tcpip - ok
19:36:19.0610 6040  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:36:19.0688 6040  TCPIP6 - ok
19:36:19.0735 6040  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:36:19.0813 6040  tcpipreg - ok
19:36:19.0844 6040  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:36:19.0922 6040  TDPIPE - ok
19:36:19.0953 6040  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:36:20.0000 6040  TDTCP - ok
19:36:20.0016 6040  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:36:20.0094 6040  tdx - ok
19:36:20.0141 6040  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:36:20.0172 6040  TermDD - ok
19:36:20.0219 6040  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
19:36:20.0343 6040  TermService - ok
19:36:20.0375 6040  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
19:36:20.0437 6040  Themes - ok
19:36:20.0453 6040  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
19:36:20.0531 6040  THREADORDER - ok
19:36:20.0593 6040  [ E5EFD1068D24F9F052A027CAFED3AA5A ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
19:36:20.0609 6040  TiMiniService - ok
19:36:20.0640 6040  [ DE87A23D2DDC7378D1C7AB681E20DE47 ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
19:36:20.0671 6040  tmactmon - ok
19:36:20.0702 6040  [ 540C2B5DC47651C572C2804DC72FDDA8 ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
19:36:20.0733 6040  tmcomm - ok
19:36:20.0749 6040  [ 2DE1FA64EBAFF376F2C038F64492F62C ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
19:36:20.0780 6040  tmevtmgr - ok
19:36:20.0796 6040  [ 5A61679B2277B9AD550E30479A69503B ] tmtdi           C:\windows\system32\DRIVERS\tmtdi.sys
19:36:20.0827 6040  tmtdi - ok
19:36:20.0858 6040  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
19:36:20.0952 6040  TrkWks - ok
19:36:20.0999 6040  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:36:21.0077 6040  TrustedInstaller - ok
19:36:21.0123 6040  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:36:21.0186 6040  tssecsrv - ok
19:36:21.0217 6040  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:36:21.0326 6040  TsUsbFlt - ok
19:36:21.0342 6040  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:36:21.0389 6040  TsUsbGD - ok
19:36:21.0420 6040  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:36:21.0513 6040  tunnel - ok
19:36:21.0545 6040  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:36:21.0576 6040  uagp35 - ok
19:36:21.0591 6040  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:36:21.0685 6040  udfs - ok
19:36:21.0747 6040  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
19:36:21.0779 6040  UI Assistant Service - ok
19:36:21.0810 6040  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:36:21.0872 6040  UI0Detect - ok
19:36:21.0919 6040  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:36:21.0950 6040  uliagpkx - ok
19:36:21.0997 6040  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:36:22.0044 6040  umbus - ok
19:36:22.0075 6040  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\drivers\umpass.sys
19:36:22.0122 6040  UmPass - ok
19:36:22.0169 6040  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
19:36:22.0278 6040  upnphost - ok
19:36:22.0309 6040  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:36:22.0403 6040  usbccgp - ok
19:36:22.0449 6040  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:36:22.0496 6040  usbcir - ok
19:36:22.0543 6040  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
19:36:22.0574 6040  usbehci - ok
19:36:22.0605 6040  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:36:22.0652 6040  usbhub - ok
19:36:22.0683 6040  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:36:22.0730 6040  usbohci - ok
19:36:22.0761 6040  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\drivers\usbprint.sys
19:36:22.0808 6040  usbprint - ok
19:36:22.0824 6040  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:36:22.0917 6040  USBSTOR - ok
19:36:22.0949 6040  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:36:22.0980 6040  usbuhci - ok
19:36:23.0027 6040  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:36:23.0073 6040  usbvideo - ok
19:36:23.0105 6040  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
19:36:23.0167 6040  UxSms - ok
19:36:23.0198 6040  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
19:36:23.0229 6040  VaultSvc - ok
19:36:23.0276 6040  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:36:23.0307 6040  vdrvroot - ok
19:36:23.0339 6040  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
19:36:23.0463 6040  vds - ok
19:36:23.0495 6040  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:36:23.0557 6040  vga - ok
19:36:23.0573 6040  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
19:36:23.0666 6040  VgaSave - ok
19:36:23.0697 6040  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:36:23.0729 6040  vhdmp - ok
19:36:23.0760 6040  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
19:36:23.0807 6040  viaagp - ok
19:36:23.0822 6040  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\drivers\viac7.sys
19:36:23.0869 6040  ViaC7 - ok
19:36:23.0885 6040  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
19:36:23.0916 6040  viaide - ok
19:36:23.0963 6040  [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
19:36:23.0994 6040  VideAceWindowsService - ok
19:36:24.0009 6040  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:36:24.0056 6040  volmgr - ok
19:36:24.0072 6040  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:36:24.0119 6040  volmgrx - ok
19:36:24.0134 6040  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:36:24.0181 6040  volsnap - ok
19:36:24.0212 6040  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:36:24.0243 6040  vsmraid - ok
19:36:24.0306 6040  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
19:36:24.0431 6040  VSS - ok
19:36:24.0462 6040  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:36:24.0524 6040  vwifibus - ok
19:36:24.0555 6040  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:36:24.0618 6040  vwififlt - ok
19:36:24.0665 6040  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:36:24.0711 6040  vwifimp - ok
19:36:24.0743 6040  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
19:36:24.0852 6040  W32Time - ok
19:36:24.0883 6040  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:36:24.0930 6040  WacomPen - ok
19:36:24.0977 6040  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:36:25.0055 6040  WANARP - ok
19:36:25.0070 6040  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:36:25.0133 6040  Wanarpv6 - ok
19:36:25.0211 6040  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
19:36:25.0382 6040  wbengine - ok
19:36:25.0413 6040  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:36:25.0476 6040  WbioSrvc - ok
19:36:25.0523 6040  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:36:25.0585 6040  wcncsvc - ok
19:36:25.0616 6040  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:36:25.0710 6040  WcsPlugInService - ok
19:36:25.0741 6040  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\drivers\wd.sys
19:36:25.0772 6040  Wd - ok
19:36:25.0803 6040  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:36:25.0850 6040  Wdf01000 - ok
19:36:25.0881 6040  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:36:26.0006 6040  WdiServiceHost - ok
19:36:26.0022 6040  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:36:26.0069 6040  WdiSystemHost - ok
19:36:26.0100 6040  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
19:36:26.0162 6040  WebClient - ok
19:36:26.0178 6040  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:36:26.0271 6040  Wecsvc - ok
19:36:26.0287 6040  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:36:26.0381 6040  wercplsupport - ok
19:36:26.0412 6040  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
19:36:26.0505 6040  WerSvc - ok
19:36:26.0537 6040  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:36:26.0615 6040  WfpLwf - ok
19:36:26.0661 6040  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:36:26.0693 6040  WIMMount - ok
19:36:26.0755 6040  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:36:26.0833 6040  WinDefend - ok
19:36:26.0864 6040  WinHttpAutoProxySvc - ok
19:36:26.0927 6040  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:36:27.0005 6040  Winmgmt - ok
19:36:27.0067 6040  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
19:36:27.0223 6040  WinRM - ok
19:36:27.0301 6040  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
19:36:27.0379 6040  Wlansvc - ok
19:36:27.0441 6040  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:36:27.0473 6040  wlcrasvc - ok
19:36:27.0566 6040  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:27.0691 6040  wlidsvc - ok
19:36:27.0722 6040  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:36:27.0753 6040  WmiAcpi - ok
19:36:27.0785 6040  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:36:27.0847 6040  wmiApSrv - ok
19:36:27.0941 6040  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:28.0097 6040  WMPNetworkSvc - ok
19:36:28.0128 6040  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:36:28.0237 6040  WPCSvc - ok
19:36:28.0253 6040  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:36:28.0346 6040  WPDBusEnum - ok
19:36:28.0377 6040  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:36:28.0471 6040  ws2ifsl - ok
19:36:28.0487 6040  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
19:36:28.0549 6040  wscsvc - ok
19:36:28.0565 6040  WSearch - ok
19:36:28.0611 6040  [ BAEDC491374DEFD5E76336901D6D397D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
19:36:28.0643 6040  wsvd - ok
19:36:28.0721 6040  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
19:36:28.0861 6040  wuauserv - ok
19:36:28.0892 6040  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:36:28.0986 6040  WudfPf - ok
19:36:29.0017 6040  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:36:29.0095 6040  WUDFRd - ok
19:36:29.0142 6040  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:36:29.0220 6040  wudfsvc - ok
19:36:29.0251 6040  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
19:36:29.0313 6040  WwanSvc - ok
19:36:29.0376 6040  [ AD9DEE1257C7659083268F298890CE16 ] X6XSEx          C:\Program Files\Free Ride Games\X6XSEx.Sys
19:36:29.0423 6040  X6XSEx - ok
19:36:29.0469 6040  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:36:29.0532 6040  ZTEusbmdm6k - ok
19:36:29.0563 6040  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
19:36:29.0610 6040  ZTEusbnmea - ok
19:36:29.0625 6040  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
19:36:29.0672 6040  ZTEusbser6k - ok
19:36:29.0688 6040  ================ Scan global ===============================
19:36:29.0735 6040  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
19:36:29.0781 6040  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
19:36:29.0813 6040  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
19:36:29.0844 6040  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
19:36:29.0875 6040  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
19:36:29.0891 6040  [Global] - ok
19:36:29.0891 6040  ================ Scan MBR ==================================
19:36:29.0906 6040  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:30.0374 6040  \Device\Harddisk0\DR0 - ok
19:36:30.0390 6040  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:36:30.0624 6040  \Device\Harddisk1\DR1 - ok
19:36:30.0624 6040  ================ Scan VBR ==================================
19:36:30.0639 6040  [ 2E62207F18A60CE3F739C51565CD202E ] \Device\Harddisk0\DR0\Partition1
19:36:30.0639 6040  \Device\Harddisk0\DR0\Partition1 - ok
19:36:30.0811 6040  [ FEA4022A4B2C6C5407630923910EB93C ] \Device\Harddisk0\DR0\Partition2
19:36:30.0811 6040  \Device\Harddisk0\DR0\Partition2 - ok
19:36:30.0827 6040  [ B61BD478B1FD6AD25B5A09EC3D57B3D3 ] \Device\Harddisk1\DR1\Partition1
19:36:30.0827 6040  \Device\Harddisk1\DR1\Partition1 - ok
19:36:30.0842 6040  ============================================================
19:36:30.0842 6040  Scan finished
19:36:30.0842 6040  ============================================================
19:36:30.0858 2128  Detected object count: 3
19:36:30.0858 2128  Actual detected object count: 3

Hab mit den 3 Objekten bis jetzt erstmal noch gar nix gemacht. Warte auf deine Anweisungen ;-)

cosinus · 23.10.2012, 11:27

Log ist leider unvollständig denn die untere Zusammenfassung fehlt

jj84 · 23.10.2012, 14:09

Diesmal hoffentlich vollständig:

Code:

ATTFilter

19:34:23.0234 1528  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:34:23.0748 1528  ============================================================
19:34:23.0748 1528  Current date / time: 2012/10/22 19:34:23.0748
19:34:23.0748 1528  SystemInfo:
19:34:23.0748 1528  
19:34:23.0748 1528  OS Version: 6.1.7601 ServicePack: 1.0
19:34:23.0748 1528  Product type: Workstation
19:34:23.0748 1528  ComputerName: ***
19:34:23.0748 1528  UserName: ***
19:34:23.0748 1528  Windows directory: C:\windows
19:34:23.0748 1528  System windows directory: C:\windows
19:34:23.0748 1528  Processor architecture: Intel x86
19:34:23.0748 1528  Number of processors: 4
19:34:23.0748 1528  Page size: 0x1000
19:34:23.0748 1528  Boot type: Normal boot
19:34:23.0748 1528  ============================================================
19:34:24.0840 1528  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:24.0950 1528  Drive \Device\Harddisk1\DR1 - Size: 0x3D680000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:24.0950 1528  ============================================================
19:34:24.0950 1528  \Device\Harddisk0\DR0:
19:34:24.0950 1528  MBR partitions:
19:34:24.0950 1528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
19:34:24.0950 1528  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0x16E25800
19:34:24.0950 1528  \Device\Harddisk1\DR1:
19:34:24.0950 1528  MBR partitions:
19:34:24.0950 1528  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x1EB30D
19:34:24.0950 1528  ============================================================
19:34:25.0028 1528  C: <-> \Device\Harddisk0\DR0\Partition1
19:34:25.0074 1528  D: <-> \Device\Harddisk0\DR0\Partition2
19:34:25.0121 1528  ============================================================
19:34:25.0121 1528  Initialize success
19:34:25.0121 1528  ============================================================
19:35:39.0534 6040  ============================================================
19:35:39.0534 6040  Scan started
19:35:39.0534 6040  Mode: Manual; SigCheck; TDLFS; 
19:35:39.0534 6040  ============================================================
19:35:41.0640 6040  ================ Scan system memory ========================
19:35:41.0640 6040  System memory - ok
19:35:41.0655 6040  ================ Scan services =============================
19:35:41.0843 6040  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:35:42.0201 6040  1394ohci - ok
19:35:42.0264 6040  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:35:42.0311 6040  ACPI - ok
19:35:42.0342 6040  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:35:42.0482 6040  AcpiPmi - ok
19:35:42.0576 6040  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:42.0638 6040  AdobeFlashPlayerUpdateSvc - ok
19:35:42.0701 6040  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:35:42.0779 6040  adp94xx - ok
19:35:42.0794 6040  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:35:42.0841 6040  adpahci - ok
19:35:42.0857 6040  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:35:42.0903 6040  adpu320 - ok
19:35:42.0966 6040  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:35:43.0215 6040  AeLookupSvc - ok
19:35:43.0262 6040  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
19:35:43.0371 6040  AFD - ok
19:35:43.0449 6040  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
19:35:43.0496 6040  agp440 - ok
19:35:43.0527 6040  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\drivers\djsvs.sys
19:35:43.0559 6040  aic78xx - ok
19:35:43.0605 6040  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
19:35:43.0699 6040  ALG - ok
19:35:43.0730 6040  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
19:35:43.0761 6040  aliide - ok
19:35:43.0777 6040  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
19:35:43.0808 6040  amdagp - ok
19:35:43.0839 6040  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
19:35:43.0871 6040  amdide - ok
19:35:43.0902 6040  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:35:43.0980 6040  AmdK8 - ok
19:35:44.0011 6040  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
19:35:44.0058 6040  AmdPPM - ok
19:35:44.0120 6040  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:35:44.0151 6040  amdsata - ok
19:35:44.0183 6040  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:35:44.0229 6040  amdsbs - ok
19:35:44.0245 6040  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:35:44.0276 6040  amdxata - ok
19:35:44.0401 6040  [ 6EAC742B758E110DD12EBC8446C07B6C ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:35:44.0479 6040  Amsp - ok
19:35:44.0495 6040  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
19:35:44.0588 6040  AppID - ok
19:35:44.0619 6040  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:35:44.0713 6040  AppIDSvc - ok
19:35:44.0744 6040  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
19:35:44.0822 6040  Appinfo - ok
19:35:44.0869 6040  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\drivers\arc.sys
19:35:44.0900 6040  arc - ok
19:35:44.0931 6040  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:35:44.0963 6040  arcsas - ok
19:35:45.0009 6040  [ 956C7177DBDA0F02436868AD644CCF31 ] AsIO            C:\windows\system32\drivers\AsIO.sys
19:35:45.0041 6040  AsIO - ok
19:35:45.0290 6040  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:35:45.0353 6040  aspnet_state - ok
19:35:45.0384 6040  [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
19:35:45.0415 6040  AsUpIO - ok
19:35:45.0462 6040  [ BDF2196D34BB224E5B11C2B0FC3A55CB ] AsusService     C:\windows\system32\AsusService.exe
19:35:45.0493 6040  AsusService - ok
19:35:45.0524 6040  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:35:45.0665 6040  AsyncMac - ok
19:35:45.0711 6040  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
19:35:45.0743 6040  atapi - ok
19:35:45.0805 6040  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\windows\system32\DRIVERS\athr.sys
19:35:45.0961 6040  athr - ok
19:35:45.0992 6040  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:35:46.0086 6040  AudioEndpointBuilder - ok
19:35:46.0117 6040  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
19:35:46.0195 6040  Audiosrv - ok
19:35:46.0226 6040  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:35:46.0367 6040  AxInstSV - ok
19:35:46.0398 6040  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\drivers\bxvbdx.sys
19:35:46.0476 6040  b06bdrv - ok
19:35:46.0507 6040  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
19:35:46.0569 6040  b57nd60x - ok
19:35:46.0663 6040  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:35:46.0710 6040  BBSvc - ok
19:35:46.0819 6040  [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
19:35:46.0991 6040  BCM43XX - ok
19:35:47.0022 6040  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
19:35:47.0131 6040  BDESVC - ok
19:35:47.0147 6040  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
19:35:47.0240 6040  Beep - ok
19:35:47.0303 6040  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
19:35:47.0396 6040  BFE - ok
19:35:47.0443 6040  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
19:35:47.0615 6040  BITS - ok
19:35:47.0677 6040  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:35:47.0724 6040  blbdrive - ok
19:35:47.0786 6040  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:35:47.0880 6040  bowser - ok
19:35:47.0927 6040  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:35:48.0020 6040  BrFiltLo - ok
19:35:48.0051 6040  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:35:48.0114 6040  BrFiltUp - ok
19:35:48.0161 6040  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
19:35:48.0285 6040  Browser - ok
19:35:48.0332 6040  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:35:48.0441 6040  Brserid - ok
19:35:48.0473 6040  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:35:48.0535 6040  BrSerWdm - ok
19:35:48.0551 6040  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:35:48.0613 6040  BrUsbMdm - ok
19:35:48.0629 6040  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:35:48.0691 6040  BrUsbSer - ok
19:35:48.0753 6040  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
19:35:48.0972 6040  BthEnum - ok
19:35:49.0019 6040  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:35:49.0065 6040  BTHMODEM - ok
19:35:49.0112 6040  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:35:49.0175 6040  BthPan - ok
19:35:49.0221 6040  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
19:35:49.0299 6040  BTHPORT - ok
19:35:49.0331 6040  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
19:35:49.0440 6040  bthserv - ok
19:35:49.0471 6040  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:35:49.0518 6040  BTHUSB - ok
19:35:49.0533 6040  btwampfl - ok
19:35:49.0565 6040  btwaudio - ok
19:35:49.0580 6040  btwavdt - ok
19:35:49.0580 6040  btwl2cap - ok
19:35:49.0596 6040  btwrchid - ok
19:35:49.0689 6040  [ 7D2F2FC9FBF5BD98748BBC74FDA7BE84 ] C88EDF03-FB60-44F4-AC70-FFF129414098 C:\Program Files\SURF-SITTER PC\cy-Service_2.exe
19:35:49.0736 6040  C88EDF03-FB60-44F4-AC70-FFF129414098 ( UnsignedFile.Multi.Generic ) - warning
19:35:49.0736 6040  C88EDF03-FB60-44F4-AC70-FFF129414098 - detected UnsignedFile.Multi.Generic (1)
19:35:49.0783 6040  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:35:49.0861 6040  cdfs - ok
19:35:49.0908 6040  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:35:49.0970 6040  cdrom - ok
19:35:50.0017 6040  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
19:35:50.0095 6040  CertPropSvc - ok
19:35:50.0126 6040  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\drivers\circlass.sys
19:35:50.0189 6040  circlass - ok
19:35:50.0220 6040  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
19:35:50.0267 6040  CLFS - ok
19:35:50.0329 6040  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:50.0376 6040  clr_optimization_v2.0.50727_32 - ok
19:35:50.0438 6040  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:50.0532 6040  clr_optimization_v4.0.30319_32 - ok
19:35:50.0563 6040  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:35:50.0625 6040  CmBatt - ok
19:35:50.0657 6040  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:35:50.0688 6040  cmdide - ok
19:35:50.0719 6040  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
19:35:50.0828 6040  CNG - ok
19:35:50.0859 6040  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\drivers\compbatt.sys
19:35:50.0891 6040  Compbatt - ok
19:35:50.0937 6040  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:35:51.0000 6040  CompositeBus - ok
19:35:51.0031 6040  COMSysApp - ok
19:35:51.0062 6040  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:35:51.0093 6040  crcdisk - ok
19:35:51.0156 6040  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:35:51.0265 6040  CryptSvc - ok
19:35:51.0374 6040  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:35:51.0452 6040  cvhsvc - ok
19:35:51.0530 6040  [ CFFEA2E4DAB18AACA81AAD8163316CA2 ] cy_System       C:\windows\system32\drivers\cy-driver.sys
19:35:51.0561 6040  cy_System - ok
19:35:51.0608 6040  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
19:35:51.0702 6040  DcomLaunch - ok
19:35:51.0749 6040  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
19:35:51.0827 6040  defragsvc - ok
19:35:51.0858 6040  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:35:51.0936 6040  DfsC - ok
19:35:51.0983 6040  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
19:35:52.0076 6040  Dhcp - ok
19:35:52.0107 6040  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
19:35:52.0185 6040  discache - ok
19:35:52.0232 6040  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\drivers\disk.sys
19:35:52.0263 6040  Disk - ok
19:35:52.0310 6040  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:35:52.0404 6040  Dnscache - ok
19:35:52.0451 6040  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
19:35:52.0544 6040  dot3svc - ok
19:35:52.0560 6040  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
19:35:52.0669 6040  DPS - ok
19:35:52.0716 6040  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:35:52.0763 6040  drmkaud - ok
19:35:52.0825 6040  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:35:52.0903 6040  DXGKrnl - ok
19:35:52.0934 6040  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
19:35:53.0028 6040  EapHost - ok
19:35:53.0246 6040  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\drivers\evbdx.sys
19:35:53.0480 6040  ebdrv - ok
19:35:53.0511 6040  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
19:35:53.0636 6040  EFS - ok
19:35:53.0699 6040  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:35:53.0745 6040  elxstor - ok
19:35:53.0761 6040  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:35:53.0823 6040  ErrDev - ok
19:35:53.0855 6040  [ 7C87DF14552A5E0270DBD906BAFF85FB ] ETD             C:\windows\system32\DRIVERS\ETD.sys
19:35:53.0886 6040  ETD - ok
19:35:54.0011 6040  [ 12CEA7B401A32E7F08179DB587060121 ] eType Manager   C:\ProgramData\eType Manager\2.2.580.183\52de144c-c70b-4e0a-9b16-29a2e18c255e\etypemngr.exe
19:35:54.0151 6040  eType Manager - ok
19:35:54.0213 6040  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
19:35:54.0323 6040  EventSystem - ok
19:35:54.0338 6040  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
19:35:54.0432 6040  exfat - ok
19:35:54.0463 6040  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:35:54.0557 6040  fastfat - ok
19:35:54.0603 6040  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
19:35:54.0744 6040  Fax - ok
19:35:54.0759 6040  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\drivers\fdc.sys
19:35:54.0822 6040  fdc - ok
19:35:54.0853 6040  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
19:35:54.0947 6040  fdPHost - ok
19:35:54.0978 6040  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
19:35:55.0056 6040  FDResPub - ok
19:35:55.0087 6040  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:35:55.0134 6040  FileInfo - ok
19:35:55.0149 6040  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:35:55.0227 6040  Filetrace - ok
19:35:55.0259 6040  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:35:55.0305 6040  flpydisk - ok
19:35:55.0337 6040  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:35:55.0368 6040  FltMgr - ok
19:35:55.0430 6040  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
19:35:55.0555 6040  FontCache - ok
19:35:55.0617 6040  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:55.0649 6040  FontCache3.0.0.0 - ok
19:35:55.0680 6040  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:35:55.0711 6040  FsDepends - ok
19:35:55.0758 6040  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
19:35:55.0773 6040  fssfltr - ok
19:35:55.0867 6040  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:55.0976 6040  fsssvc - ok
19:35:56.0007 6040  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:35:56.0039 6040  Fs_Rec - ok
19:35:56.0070 6040  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:35:56.0117 6040  fvevol - ok
19:35:56.0148 6040  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:35:56.0179 6040  gagp30kx - ok
19:35:56.0226 6040  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
19:35:56.0335 6040  gpsvc - ok
19:35:56.0366 6040  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:35:56.0475 6040  hcw85cir - ok
19:35:56.0522 6040  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:35:56.0585 6040  HdAudAddService - ok
19:35:56.0600 6040  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:35:56.0663 6040  HDAudBus - ok
19:35:56.0678 6040  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:35:56.0741 6040  HidBatt - ok
19:35:56.0756 6040  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:35:56.0819 6040  HidBth - ok
19:35:56.0850 6040  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\drivers\hidir.sys
19:35:56.0912 6040  HidIr - ok
19:35:56.0943 6040  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
19:35:57.0037 6040  hidserv - ok
19:35:57.0068 6040  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
19:35:57.0115 6040  HidUsb - ok
19:35:57.0146 6040  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:35:57.0224 6040  hkmsvc - ok
19:35:57.0255 6040  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:35:57.0380 6040  HomeGroupListener - ok
19:35:57.0427 6040  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:35:57.0489 6040  HomeGroupProvider - ok
19:35:57.0536 6040  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:35:57.0567 6040  HpSAMD - ok
19:35:57.0614 6040  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:35:57.0723 6040  HTTP - ok
19:35:57.0770 6040  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:35:57.0801 6040  hwpolicy - ok
19:35:57.0833 6040  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:35:57.0895 6040  i8042prt - ok
19:35:57.0942 6040  [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor          C:\windows\system32\drivers\iaStor.sys
19:35:57.0989 6040  iaStor - ok
19:35:58.0035 6040  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:35:58.0082 6040  iaStorV - ok
19:35:58.0145 6040  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:58.0223 6040  idsvc - ok
19:35:58.0379 6040  [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
19:35:58.0675 6040  igfx - ok
19:35:58.0706 6040  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:35:58.0737 6040  iirsp - ok
19:35:58.0784 6040  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
19:35:58.0925 6040  IKEEXT - ok
19:35:58.0971 6040  InstallBrainService - ok
19:35:59.0112 6040  [ E8B6F7896DB2EE6A7AF7A177A9BBC526 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
19:35:59.0299 6040  IntcAzAudAddService - ok
19:35:59.0330 6040  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
19:35:59.0361 6040  intelide - ok
19:35:59.0393 6040  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:35:59.0455 6040  intelppm - ok
19:35:59.0486 6040  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:35:59.0595 6040  IPBusEnum - ok
19:35:59.0611 6040  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:35:59.0705 6040  IpFilterDriver - ok
19:35:59.0736 6040  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:35:59.0845 6040  iphlpsvc - ok
19:35:59.0876 6040  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:35:59.0923 6040  IPMIDRV - ok
19:35:59.0939 6040  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:36:00.0032 6040  IPNAT - ok
19:36:00.0063 6040  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:36:00.0173 6040  IRENUM - ok
19:36:00.0204 6040  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:36:00.0235 6040  isapnp - ok
19:36:00.0251 6040  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:36:00.0297 6040  iScsiPrt - ok
19:36:00.0329 6040  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:36:00.0360 6040  kbdclass - ok
19:36:00.0391 6040  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:36:00.0438 6040  kbdhid - ok
19:36:00.0485 6040  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
19:36:00.0500 6040  kbfiltr - ok
19:36:00.0531 6040  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
19:36:00.0563 6040  KeyIso - ok
19:36:00.0594 6040  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:36:00.0625 6040  KSecDD - ok
19:36:00.0656 6040  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:36:00.0687 6040  KSecPkg - ok
19:36:00.0734 6040  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
19:36:00.0843 6040  KtmRm - ok
19:36:00.0875 6040  [ C8FA09049E640B0A27E4B4446D958FE5 ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
19:36:00.0906 6040  L1C - ok
19:36:00.0937 6040  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
19:36:01.0031 6040  LanmanServer - ok
19:36:01.0062 6040  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:36:01.0155 6040  LanmanWorkstation - ok
19:36:01.0187 6040  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:36:01.0265 6040  lltdio - ok
19:36:01.0296 6040  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:36:01.0405 6040  lltdsvc - ok
19:36:01.0421 6040  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
19:36:01.0483 6040  lmhosts - ok
19:36:01.0530 6040  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:36:01.0577 6040  LSI_FC - ok
19:36:01.0577 6040  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:36:01.0623 6040  LSI_SAS - ok
19:36:01.0639 6040  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:36:01.0670 6040  LSI_SAS2 - ok
19:36:01.0686 6040  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:36:01.0717 6040  LSI_SCSI - ok
19:36:01.0748 6040  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
19:36:01.0826 6040  luafv - ok
19:36:01.0889 6040  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\windows\system32\drivers\massfilter.sys
19:36:01.0951 6040  massfilter - ok
19:36:01.0998 6040  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
19:36:02.0029 6040  MBAMProtector - ok
19:36:02.0107 6040  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:02.0154 6040  MBAMScheduler - ok
19:36:02.0216 6040  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:02.0294 6040  MBAMService - ok
19:36:02.0325 6040  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\drivers\megasas.sys
19:36:02.0357 6040  megasas - ok
19:36:02.0388 6040  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:36:02.0435 6040  MegaSR - ok
19:36:02.0466 6040  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
19:36:02.0575 6040  MMCSS - ok
19:36:02.0606 6040  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
19:36:02.0684 6040  Modem - ok
19:36:02.0715 6040  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:36:02.0778 6040  monitor - ok
19:36:02.0825 6040  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:36:02.0856 6040  mouclass - ok
19:36:02.0887 6040  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:36:02.0934 6040  mouhid - ok
19:36:02.0949 6040  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:36:02.0996 6040  mountmgr - ok
19:36:03.0090 6040  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:03.0137 6040  MozillaMaintenance - ok
19:36:03.0183 6040  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
19:36:03.0215 6040  mpio - ok
19:36:03.0230 6040  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:36:03.0308 6040  mpsdrv - ok
19:36:03.0355 6040  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:36:03.0480 6040  MpsSvc - ok
19:36:03.0511 6040  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:36:03.0573 6040  MRxDAV - ok
19:36:03.0620 6040  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:36:03.0683 6040  mrxsmb - ok
19:36:03.0714 6040  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:36:03.0761 6040  mrxsmb10 - ok
19:36:03.0776 6040  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:36:03.0839 6040  mrxsmb20 - ok
19:36:03.0870 6040  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
19:36:03.0901 6040  msahci - ok
19:36:03.0932 6040  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:36:03.0963 6040  msdsm - ok
19:36:03.0995 6040  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
19:36:04.0026 6040  MSDTC - ok
19:36:04.0073 6040  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:36:04.0166 6040  Msfs - ok
19:36:04.0182 6040  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:36:04.0275 6040  mshidkmdf - ok
19:36:04.0307 6040  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:36:04.0338 6040  msisadrv - ok
19:36:04.0369 6040  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:36:04.0463 6040  MSiSCSI - ok
19:36:04.0478 6040  msiserver - ok
19:36:04.0494 6040  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:36:04.0587 6040  MSKSSRV - ok
19:36:04.0619 6040  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:36:04.0697 6040  MSPCLOCK - ok
19:36:04.0728 6040  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:36:04.0837 6040  MSPQM - ok
19:36:04.0853 6040  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:36:04.0884 6040  MsRPC - ok
19:36:04.0915 6040  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:36:04.0946 6040  mssmbios - ok
19:36:04.0977 6040  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:36:05.0040 6040  MSTEE - ok
19:36:05.0071 6040  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:36:05.0118 6040  MTConfig - ok
19:36:05.0149 6040  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
19:36:05.0180 6040  Mup - ok
19:36:05.0227 6040  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
19:36:05.0321 6040  napagent - ok
19:36:05.0383 6040  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:36:05.0445 6040  NativeWifiP - ok
19:36:05.0508 6040  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
19:36:05.0570 6040  NDIS - ok
19:36:05.0601 6040  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:36:05.0695 6040  NdisCap - ok
19:36:05.0711 6040  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:36:05.0804 6040  NdisTapi - ok
19:36:05.0820 6040  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:36:05.0898 6040  Ndisuio - ok
19:36:05.0913 6040  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:36:06.0007 6040  NdisWan - ok
19:36:06.0038 6040  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:36:06.0116 6040  NDProxy - ok
19:36:06.0147 6040  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:36:06.0225 6040  NetBIOS - ok
19:36:06.0272 6040  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:36:06.0350 6040  NetBT - ok
19:36:06.0381 6040  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
19:36:06.0428 6040  Netlogon - ok
19:36:06.0475 6040  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
19:36:06.0569 6040  Netman - ok
19:36:06.0631 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0662 6040  NetMsmqActivator - ok
19:36:06.0693 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0725 6040  NetPipeActivator - ok
19:36:06.0756 6040  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
19:36:06.0881 6040  netprofm - ok
19:36:06.0896 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0927 6040  NetTcpActivator - ok
19:36:06.0943 6040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:06.0974 6040  NetTcpPortSharing - ok
19:36:07.0005 6040  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:36:07.0037 6040  nfrd960 - ok
19:36:07.0068 6040  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:36:07.0177 6040  NlaSvc - ok
19:36:07.0208 6040  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:36:07.0302 6040  Npfs - ok
19:36:07.0317 6040  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
19:36:07.0427 6040  nsi - ok
19:36:07.0458 6040  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:36:07.0520 6040  nsiproxy - ok
19:36:07.0583 6040  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:36:07.0676 6040  Ntfs - ok
19:36:07.0692 6040  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
19:36:07.0785 6040  Null - ok
19:36:07.0817 6040  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:36:07.0848 6040  nvraid - ok
19:36:07.0895 6040  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:36:07.0941 6040  nvstor - ok
19:36:07.0973 6040  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:36:08.0004 6040  nv_agp - ok
19:36:08.0019 6040  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:36:08.0066 6040  ohci1394 - ok
19:36:08.0113 6040  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:08.0144 6040  ose - ok
19:36:08.0316 6040  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:08.0612 6040  osppsvc - ok
19:36:08.0659 6040  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:36:08.0784 6040  p2pimsvc - ok
19:36:08.0846 6040  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
19:36:08.0893 6040  p2psvc - ok
19:36:08.0955 6040  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\drivers\parport.sys
19:36:09.0002 6040  Parport - ok
19:36:09.0033 6040  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:36:09.0065 6040  partmgr - ok
19:36:09.0096 6040  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\drivers\parvdm.sys
19:36:09.0158 6040  Parvdm - ok
19:36:09.0205 6040  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
19:36:09.0283 6040  PcaSvc - ok
19:36:09.0299 6040  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
19:36:09.0330 6040  pci - ok
19:36:09.0361 6040  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
19:36:09.0392 6040  pciide - ok
19:36:09.0408 6040  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:36:09.0455 6040  pcmcia - ok
19:36:09.0470 6040  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
19:36:09.0501 6040  pcw - ok
19:36:09.0533 6040  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:36:09.0657 6040  PEAUTH - ok
19:36:09.0767 6040  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
19:36:09.0938 6040  pla - ok
19:36:09.0969 6040  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:36:10.0063 6040  PlugPlay - ok
19:36:10.0094 6040  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:36:10.0157 6040  PNRPAutoReg - ok
19:36:10.0188 6040  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:36:10.0235 6040  PNRPsvc - ok
19:36:10.0266 6040  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:36:10.0375 6040  PolicyAgent - ok
19:36:10.0422 6040  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
19:36:10.0515 6040  Power - ok
19:36:10.0562 6040  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:36:10.0671 6040  PptpMiniport - ok
19:36:10.0703 6040  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\drivers\processr.sys
19:36:10.0749 6040  Processor - ok
19:36:10.0781 6040  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
19:36:10.0859 6040  ProfSvc - ok
19:36:10.0874 6040  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
19:36:10.0905 6040  ProtectedStorage - ok
19:36:10.0937 6040  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:36:11.0015 6040  Psched - ok
19:36:11.0093 6040  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:36:11.0202 6040  ql2300 - ok
19:36:11.0217 6040  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:36:11.0249 6040  ql40xx - ok
19:36:11.0280 6040  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
19:36:11.0358 6040  QWAVE - ok
19:36:11.0373 6040  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:36:11.0436 6040  QWAVEdrv - ok
19:36:11.0467 6040  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:36:11.0545 6040  RasAcd - ok
19:36:11.0592 6040  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:36:11.0670 6040  RasAgileVpn - ok
19:36:11.0701 6040  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
19:36:11.0795 6040  RasAuto - ok
19:36:11.0810 6040  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:36:11.0904 6040  Rasl2tp - ok
19:36:11.0935 6040  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
19:36:12.0029 6040  RasMan - ok
19:36:12.0075 6040  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:36:12.0138 6040  RasPppoe - ok
19:36:12.0185 6040  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:36:12.0263 6040  RasSstp - ok
19:36:12.0294 6040  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:36:12.0387 6040  rdbss - ok
19:36:12.0403 6040  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:36:12.0450 6040  rdpbus - ok
19:36:12.0465 6040  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:36:12.0559 6040  RDPCDD - ok
19:36:12.0590 6040  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:36:12.0668 6040  RDPENCDD - ok
19:36:12.0699 6040  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:36:12.0777 6040  RDPREFMP - ok
19:36:12.0809 6040  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:36:12.0918 6040  RDPWD - ok
19:36:12.0965 6040  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:36:12.0996 6040  rdyboost - ok
19:36:13.0043 6040  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
19:36:13.0121 6040  RemoteAccess - ok
19:36:13.0167 6040  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:36:13.0245 6040  RemoteRegistry - ok
19:36:13.0292 6040  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:36:13.0339 6040  RFCOMM - ok
19:36:13.0401 6040  [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST          C:\windows\system32\DRIVERS\RMCAST.sys
19:36:13.0479 6040  RMCAST - ok
19:36:13.0511 6040  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:36:13.0604 6040  RpcEptMapper - ok
19:36:13.0620 6040  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
19:36:13.0667 6040  RpcLocator - ok
19:36:13.0698 6040  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
19:36:13.0776 6040  RpcSs - ok
19:36:13.0823 6040  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:36:13.0916 6040  rspndr - ok
19:36:13.0932 6040  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
19:36:13.0963 6040  SamSs - ok
19:36:14.0010 6040  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:36:14.0041 6040  sbp2port - ok
19:36:14.0072 6040  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:36:14.0181 6040  SCardSvr - ok
19:36:14.0213 6040  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:36:14.0291 6040  scfilter - ok
19:36:14.0337 6040  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
19:36:14.0462 6040  Schedule - ok
19:36:14.0478 6040  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
19:36:14.0556 6040  SCPolicySvc - ok
19:36:14.0571 6040  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:36:14.0681 6040  SDRSVC - ok
19:36:14.0712 6040  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:36:14.0743 6040  SeaPort - ok
19:36:14.0774 6040  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:36:14.0837 6040  secdrv - ok
19:36:14.0883 6040  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
19:36:14.0961 6040  seclogon - ok
19:36:14.0993 6040  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
19:36:15.0086 6040  SENS - ok
19:36:15.0117 6040  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\drivers\serenum.sys
19:36:15.0149 6040  Serenum - ok
19:36:15.0195 6040  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\drivers\serial.sys
19:36:15.0258 6040  Serial - ok
19:36:15.0273 6040  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:36:15.0320 6040  sermouse - ok
19:36:15.0383 6040  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
19:36:15.0476 6040  SessionEnv - ok
19:36:15.0492 6040  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:36:15.0539 6040  sffdisk - ok
19:36:15.0570 6040  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:36:15.0617 6040  sffp_mmc - ok
19:36:15.0648 6040  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:36:15.0695 6040  sffp_sd - ok
19:36:15.0710 6040  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:36:15.0741 6040  sfloppy - ok
19:36:15.0819 6040  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:36:15.0913 6040  Sftfs - ok
19:36:15.0960 6040  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:36:16.0007 6040  sftlist - ok
19:36:16.0038 6040  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:36:16.0069 6040  Sftplay - ok
19:36:16.0100 6040  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:36:16.0116 6040  Sftredir - ok
19:36:16.0163 6040  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:36:16.0178 6040  Sftvol - ok
19:36:16.0209 6040  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:36:16.0241 6040  sftvsa - ok
19:36:16.0272 6040  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:36:16.0365 6040  SharedAccess - ok
19:36:16.0412 6040  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:36:16.0521 6040  ShellHWDetection - ok
19:36:16.0568 6040  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
19:36:16.0599 6040  sisagp - ok
19:36:16.0631 6040  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:36:16.0662 6040  SiSRaid2 - ok
19:36:16.0693 6040  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:36:16.0724 6040  SiSRaid4 - ok
19:36:16.0755 6040  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:36:16.0833 6040  Smb - ok
19:36:16.0880 6040  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:36:16.0927 6040  SNMPTRAP - ok
19:36:16.0943 6040  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
19:36:16.0974 6040  spldr - ok
19:36:17.0021 6040  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
19:36:17.0145 6040  Spooler - ok
19:36:17.0255 6040  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
19:36:17.0457 6040  sppsvc - ok
19:36:17.0504 6040  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:36:17.0582 6040  sppuinotify - ok
19:36:17.0629 6040  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
19:36:17.0738 6040  srv - ok
19:36:17.0769 6040  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:36:17.0832 6040  srv2 - ok
19:36:17.0847 6040  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:36:17.0894 6040  srvnet - ok
19:36:17.0941 6040  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:36:18.0035 6040  SSDPSRV - ok
19:36:18.0066 6040  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:36:18.0144 6040  SstpSvc - ok
19:36:18.0191 6040  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:36:18.0222 6040  stexstor - ok
19:36:18.0269 6040  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
19:36:18.0362 6040  StiSvc - ok
19:36:18.0456 6040  [ B2E85C0E21FFAF026DE366ABDE808604 ] surf-sitter     C:\Program Files\SURF-SITTER PC\cy-Service.exe
19:36:18.0518 6040  surf-sitter ( UnsignedFile.Multi.Generic ) - warning
19:36:18.0518 6040  surf-sitter - detected UnsignedFile.Multi.Generic (1)
19:36:18.0596 6040  [ 099449C8349267DD89E5523C53C11DEE ] surf-sitter-Updater C:\Program Files\SURF-SITTER PC\AutoUpdaterService.exe
19:36:18.0643 6040  surf-sitter-Updater ( UnsignedFile.Multi.Generic ) - warning
19:36:18.0643 6040  surf-sitter-Updater - detected UnsignedFile.Multi.Generic (1)
19:36:18.0674 6040  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:36:18.0721 6040  swenum - ok
19:36:18.0768 6040  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
19:36:18.0861 6040  swprv - ok
19:36:18.0924 6040  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
19:36:19.0049 6040  SysMain - ok
19:36:19.0080 6040  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
19:36:19.0127 6040  TabletInputService - ok
19:36:19.0158 6040  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
19:36:19.0251 6040  TapiSrv - ok
19:36:19.0267 6040  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
19:36:19.0361 6040  TBS - ok
19:36:19.0439 6040  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:36:19.0548 6040  Tcpip - ok
19:36:19.0610 6040  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:36:19.0688 6040  TCPIP6 - ok
19:36:19.0735 6040  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:36:19.0813 6040  tcpipreg - ok
19:36:19.0844 6040  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:36:19.0922 6040  TDPIPE - ok
19:36:19.0953 6040  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:36:20.0000 6040  TDTCP - ok
19:36:20.0016 6040  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:36:20.0094 6040  tdx - ok
19:36:20.0141 6040  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:36:20.0172 6040  TermDD - ok
19:36:20.0219 6040  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
19:36:20.0343 6040  TermService - ok
19:36:20.0375 6040  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
19:36:20.0437 6040  Themes - ok
19:36:20.0453 6040  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
19:36:20.0531 6040  THREADORDER - ok
19:36:20.0593 6040  [ E5EFD1068D24F9F052A027CAFED3AA5A ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
19:36:20.0609 6040  TiMiniService - ok
19:36:20.0640 6040  [ DE87A23D2DDC7378D1C7AB681E20DE47 ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
19:36:20.0671 6040  tmactmon - ok
19:36:20.0702 6040  [ 540C2B5DC47651C572C2804DC72FDDA8 ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
19:36:20.0733 6040  tmcomm - ok
19:36:20.0749 6040  [ 2DE1FA64EBAFF376F2C038F64492F62C ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
19:36:20.0780 6040  tmevtmgr - ok
19:36:20.0796 6040  [ 5A61679B2277B9AD550E30479A69503B ] tmtdi           C:\windows\system32\DRIVERS\tmtdi.sys
19:36:20.0827 6040  tmtdi - ok
19:36:20.0858 6040  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
19:36:20.0952 6040  TrkWks - ok
19:36:20.0999 6040  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:36:21.0077 6040  TrustedInstaller - ok
19:36:21.0123 6040  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:36:21.0186 6040  tssecsrv - ok
19:36:21.0217 6040  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:36:21.0326 6040  TsUsbFlt - ok
19:36:21.0342 6040  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:36:21.0389 6040  TsUsbGD - ok
19:36:21.0420 6040  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:36:21.0513 6040  tunnel - ok
19:36:21.0545 6040  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:36:21.0576 6040  uagp35 - ok
19:36:21.0591 6040  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:36:21.0685 6040  udfs - ok
19:36:21.0747 6040  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
19:36:21.0779 6040  UI Assistant Service - ok
19:36:21.0810 6040  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:36:21.0872 6040  UI0Detect - ok
19:36:21.0919 6040  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:36:21.0950 6040  uliagpkx - ok
19:36:21.0997 6040  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:36:22.0044 6040  umbus - ok
19:36:22.0075 6040  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\drivers\umpass.sys
19:36:22.0122 6040  UmPass - ok
19:36:22.0169 6040  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
19:36:22.0278 6040  upnphost - ok
19:36:22.0309 6040  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:36:22.0403 6040  usbccgp - ok
19:36:22.0449 6040  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:36:22.0496 6040  usbcir - ok
19:36:22.0543 6040  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
19:36:22.0574 6040  usbehci - ok
19:36:22.0605 6040  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:36:22.0652 6040  usbhub - ok
19:36:22.0683 6040  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:36:22.0730 6040  usbohci - ok
19:36:22.0761 6040  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\drivers\usbprint.sys
19:36:22.0808 6040  usbprint - ok
19:36:22.0824 6040  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:36:22.0917 6040  USBSTOR - ok
19:36:22.0949 6040  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:36:22.0980 6040  usbuhci - ok
19:36:23.0027 6040  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
19:36:23.0073 6040  usbvideo - ok
19:36:23.0105 6040  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
19:36:23.0167 6040  UxSms - ok
19:36:23.0198 6040  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
19:36:23.0229 6040  VaultSvc - ok
19:36:23.0276 6040  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:36:23.0307 6040  vdrvroot - ok
19:36:23.0339 6040  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
19:36:23.0463 6040  vds - ok
19:36:23.0495 6040  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:36:23.0557 6040  vga - ok
19:36:23.0573 6040  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
19:36:23.0666 6040  VgaSave - ok
19:36:23.0697 6040  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:36:23.0729 6040  vhdmp - ok
19:36:23.0760 6040  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
19:36:23.0807 6040  viaagp - ok
19:36:23.0822 6040  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\drivers\viac7.sys
19:36:23.0869 6040  ViaC7 - ok
19:36:23.0885 6040  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
19:36:23.0916 6040  viaide - ok
19:36:23.0963 6040  [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
19:36:23.0994 6040  VideAceWindowsService - ok
19:36:24.0009 6040  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:36:24.0056 6040  volmgr - ok
19:36:24.0072 6040  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:36:24.0119 6040  volmgrx - ok
19:36:24.0134 6040  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:36:24.0181 6040  volsnap - ok
19:36:24.0212 6040  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:36:24.0243 6040  vsmraid - ok
19:36:24.0306 6040  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
19:36:24.0431 6040  VSS - ok
19:36:24.0462 6040  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:36:24.0524 6040  vwifibus - ok
19:36:24.0555 6040  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:36:24.0618 6040  vwififlt - ok
19:36:24.0665 6040  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:36:24.0711 6040  vwifimp - ok
19:36:24.0743 6040  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
19:36:24.0852 6040  W32Time - ok
19:36:24.0883 6040  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:36:24.0930 6040  WacomPen - ok
19:36:24.0977 6040  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:36:25.0055 6040  WANARP - ok
19:36:25.0070 6040  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:36:25.0133 6040  Wanarpv6 - ok
19:36:25.0211 6040  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
19:36:25.0382 6040  wbengine - ok
19:36:25.0413 6040  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:36:25.0476 6040  WbioSrvc - ok
19:36:25.0523 6040  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:36:25.0585 6040  wcncsvc - ok
19:36:25.0616 6040  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:36:25.0710 6040  WcsPlugInService - ok
19:36:25.0741 6040  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\drivers\wd.sys
19:36:25.0772 6040  Wd - ok
19:36:25.0803 6040  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:36:25.0850 6040  Wdf01000 - ok
19:36:25.0881 6040  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:36:26.0006 6040  WdiServiceHost - ok
19:36:26.0022 6040  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:36:26.0069 6040  WdiSystemHost - ok
19:36:26.0100 6040  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
19:36:26.0162 6040  WebClient - ok
19:36:26.0178 6040  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:36:26.0271 6040  Wecsvc - ok
19:36:26.0287 6040  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:36:26.0381 6040  wercplsupport - ok
19:36:26.0412 6040  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
19:36:26.0505 6040  WerSvc - ok
19:36:26.0537 6040  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:36:26.0615 6040  WfpLwf - ok
19:36:26.0661 6040  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:36:26.0693 6040  WIMMount - ok
19:36:26.0755 6040  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:36:26.0833 6040  WinDefend - ok
19:36:26.0864 6040  WinHttpAutoProxySvc - ok
19:36:26.0927 6040  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:36:27.0005 6040  Winmgmt - ok
19:36:27.0067 6040  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
19:36:27.0223 6040  WinRM - ok
19:36:27.0301 6040  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
19:36:27.0379 6040  Wlansvc - ok
19:36:27.0441 6040  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:36:27.0473 6040  wlcrasvc - ok
19:36:27.0566 6040  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:27.0691 6040  wlidsvc - ok
19:36:27.0722 6040  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
19:36:27.0753 6040  WmiAcpi - ok
19:36:27.0785 6040  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:36:27.0847 6040  wmiApSrv - ok
19:36:27.0941 6040  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:28.0097 6040  WMPNetworkSvc - ok
19:36:28.0128 6040  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:36:28.0237 6040  WPCSvc - ok
19:36:28.0253 6040  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:36:28.0346 6040  WPDBusEnum - ok
19:36:28.0377 6040  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:36:28.0471 6040  ws2ifsl - ok
19:36:28.0487 6040  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
19:36:28.0549 6040  wscsvc - ok
19:36:28.0565 6040  WSearch - ok
19:36:28.0611 6040  [ BAEDC491374DEFD5E76336901D6D397D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
19:36:28.0643 6040  wsvd - ok
19:36:28.0721 6040  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
19:36:28.0861 6040  wuauserv - ok
19:36:28.0892 6040  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:36:28.0986 6040  WudfPf - ok
19:36:29.0017 6040  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:36:29.0095 6040  WUDFRd - ok
19:36:29.0142 6040  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:36:29.0220 6040  wudfsvc - ok
19:36:29.0251 6040  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
19:36:29.0313 6040  WwanSvc - ok
19:36:29.0376 6040  [ AD9DEE1257C7659083268F298890CE16 ] X6XSEx          C:\Program Files\Free Ride Games\X6XSEx.Sys
19:36:29.0423 6040  X6XSEx - ok
19:36:29.0469 6040  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:36:29.0532 6040  ZTEusbmdm6k - ok
19:36:29.0563 6040  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
19:36:29.0610 6040  ZTEusbnmea - ok
19:36:29.0625 6040  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
19:36:29.0672 6040  ZTEusbser6k - ok
19:36:29.0688 6040  ================ Scan global ===============================
19:36:29.0735 6040  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
19:36:29.0781 6040  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
19:36:29.0813 6040  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
19:36:29.0844 6040  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
19:36:29.0875 6040  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
19:36:29.0891 6040  [Global] - ok
19:36:29.0891 6040  ================ Scan MBR ==================================
19:36:29.0906 6040  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:30.0374 6040  \Device\Harddisk0\DR0 - ok
19:36:30.0390 6040  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:36:30.0624 6040  \Device\Harddisk1\DR1 - ok
19:36:30.0624 6040  ================ Scan VBR ==================================
19:36:30.0639 6040  [ 2E62207F18A60CE3F739C51565CD202E ] \Device\Harddisk0\DR0\Partition1
19:36:30.0639 6040  \Device\Harddisk0\DR0\Partition1 - ok
19:36:30.0811 6040  [ FEA4022A4B2C6C5407630923910EB93C ] \Device\Harddisk0\DR0\Partition2
19:36:30.0811 6040  \Device\Harddisk0\DR0\Partition2 - ok
19:36:30.0827 6040  [ B61BD478B1FD6AD25B5A09EC3D57B3D3 ] \Device\Harddisk1\DR1\Partition1
19:36:30.0827 6040  \Device\Harddisk1\DR1\Partition1 - ok
19:36:30.0842 6040  ============================================================
19:36:30.0842 6040  Scan finished
19:36:30.0842 6040  ============================================================
19:36:30.0858 2128  Detected object count: 3
19:36:30.0858 2128  Actual detected object count: 3
19:45:57.0737 2128  C88EDF03-FB60-44F4-AC70-FFF129414098 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:57.0737 2128  C88EDF03-FB60-44F4-AC70-FFF129414098 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:57.0747 2128  surf-sitter ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:57.0747 2128  surf-sitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:57.0747 2128  surf-sitter-Updater ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:57.0747 2128  surf-sitter-Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:46:25.0047 5624  Deinitialize success

cosinus · 23.10.2012, 20:17

Surf-Sitter? Ist diese Kindersicherung so gewollt?

jj84 · 23.10.2012, 20:30

Ja, eigentlich schon. Könnte ich aber löschen wenn's Mist ist, war eher dass mein Kind nicht ausversehen mal irgendwas anklickt was noch nix für ihn ist.

cosinus · 23.10.2012, 21:19

Nee nee, lass es ruhig wenn du es willst, ich wollte nur wissen ob das so gewollt/bekannt ist

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

jj84 · 24.10.2012, 17:22

Okay, hier die Logdateien:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-24 18:17:16
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003
Running: ncvp2yjl.exe; Driver: C:\Users\jj\AppData\Local\Temp\pxldqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81E86A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81EC04D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          cy-driver.sys (cy-Driver Component/Cybits AG)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                          cy-driver.sys (cy-Driver Component/Cybits AG)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                        cy-driver.sys (cy-Driver Component/Cybits AG)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

--- --- ---

[/code]

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:33:26 on 24.10.2012

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Opera Software Opera Internet Browser 12.02

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000Core.job" - "Google Inc." - C:\Users\jj\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-4272849766-2629686594-2337917180-1000UA.job" - "Google Inc." - C:\Users\jj\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsIO" (AsIO) - ? - C:\windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)
"Bluetooth AMP USB Filter" (btwampfl) - ? - C:\windows\System32\drivers\btwampfl.sys  (File not found)
"Bluetooth Audio Device Service" (btwaudio) - ? - C:\windows\System32\drivers\btwaudio.sys  (File not found)
"Bluetooth AVDT" (btwavdt) - ? - C:\windows\system32\drivers\btwavdt.sys  (File not found)
"Bluetooth L2CAP Service" (btwl2cap) - ? - C:\windows\System32\DRIVERS\btwl2cap.sys  (File not found)
"btwrchid" (btwrchid) - ? - C:\windows\system32\drivers\btwrchid.sys  (File not found)
"cy_System" (cy_System) - "Cybits AG" - C:\windows\System32\drivers\cy-driver.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys
"Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\windows\System32\DRIVERS\tmtdi.sys
"X6XSEx" (X6XSEx) - "Exent Technologies Ltd." - C:\Program Files\Free Ride Games\X6XSEx.Sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - ? - C:\Program Files\Audible\Bin\AudibleExt.dll  (File not found)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
{0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - ? - C:\Program Files\Audible\Bin\AudibleExt.dll  (File not found)
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6A060448-60F9-11D5-A6CD-0002B31F7455} "ExentInf Class" - "Exent Technologies Ltd." - C:\windows\Downloaded Program Files\ExentCtl.ocx / 
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} "TmBpIeBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
{1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\jj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"AsusVibeLauncher.lnk" - ? - C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ASUSPRP" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\APRP\APRP.EXE
"ASUSWebStorage" - "ecareme" - C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
"CapsHook" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
"Eee Docking" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
"HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
"HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
"LiveUpdate" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
"SuperHybridEngine" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
"SURF-SITTER PC" - ? - C:\Program Files\SURF-SITTER PC\cy-Software.exe start
"Trend Micro Client Framework" - "Trend Micro Inc." - "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
"Trend Micro Titanium" - "Trend Micro Inc." - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
"VAWinAgent" - ? - C:\ExpressGateUtil\VAWinAgent.exe  (File found, but it contains no detailed information)
"VizorHtmlDialog.exe" - "Trend Micro Inc." - "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Asus Launcher Service" (AsusService) - ? - C:\windows\system32\AsusService.exe  (File found, but it contains no detailed information)
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"C88EDF03-FB60-44F4-AC70-FFF129414098" (C88EDF03-FB60-44F4-AC70-FFF129414098) - ? - C:\Program Files\SURF-SITTER PC\cy-Service_2.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"eType Manager" (eType Manager) - "PerformerSoft LLC" - C:\ProgramData\eType Manager\2.2.580.183\52de144c-c70b-4e0a-9b16-29a2e18c255e\etypemngr.exe
"InstallBrain Updater Service" (InstallBrainService) - ? - "C:\ProgramData\InstallBrainService\ibsvc.exe" /SERVICE  (File not found)
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"surf-sitter-Service" (surf-sitter) - "Cybits AG" - C:\Program Files\SURF-SITTER PC\cy-Service.exe
"surf-sitter-Updater-Service" (surf-sitter-Updater) - "Cybits AG" - C:\Program Files\SURF-SITTER PC\AutoUpdaterService.exe
"TiMiniService" (TiMiniService) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
"Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe  (File found, but it contains no detailed information)
"VideAceWindowsService" (VideAceWindowsService) - ? - C:\ExpressGateUtil\VAWinService.exe  (File found, but it contains no detailed information)
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

[/code]

Hoffe ich hab alles richtig gemacht.

Lg

Hier noch das Log von asw

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 20:05:53
-----------------------------
20:05:53.838    OS Version: Windows 6.1.7601 Service Pack 1
20:05:53.838    Number of processors: 4 586 0x1C0A
20:05:53.854    ComputerName: **  UserName: ****
20:06:03.238    Initialize success
20:07:11.006    AVAST engine defs: 12102400
20:07:21.910    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:07:21.926    Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3
20:07:21.973    Disk 0 MBR read successfully
20:07:21.973    Disk 0 MBR scan
20:07:22.238    Disk 0 Windows 7 default MBR code
20:07:22.253    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
20:07:22.285    Disk 0 Partition 2 00     1B   Hidd FAT32 MSDOS5.0    15360 MB offset 209717248
20:07:22.331    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       187467 MB offset 241174528
20:07:22.363    Disk 0 Partition 4 00     EF      EFI FAT                16 MB offset 625106944
20:07:22.456    Disk 0 scanning sectors +625139712
20:07:22.612    Disk 0 scanning C:\windows\system32\drivers
20:07:42.487    Service scanning
20:08:25.724    Modules scanning
20:08:41.142    Disk 0 trace - called modules:
20:08:41.162    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
20:08:41.162    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4d368]
20:08:41.162    3 CLASSPNP.SYS[86d8359e] -> nt!IofCallDriver -> [0x84425288]
20:08:41.172    5 ACPI.sys[866b63d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8441b028]
20:08:42.232    AVAST engine scan C:\windows
20:08:46.662    AVAST engine scan C:\windows\system32
20:14:24.945    AVAST engine scan C:\windows\system32\drivers
20:14:52.488    AVAST engine scan C:\Users\jj
20:20:10.541    AVAST engine scan C:\ProgramData
20:21:27.025    Scan finished successfully
20:22:46.244    Disk 0 MBR has been saved successfully to "C:\Users\jj\Desktop\MBR.dat"
20:22:46.290    The log file has been saved successfully to "C:\Users\jj\Desktop\aswMBR.txt"

cosinus · 24.10.2012, 19:40

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

23.10.2012, 11:27	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "saving sidekicks" frisst und beschädigt meine Dateien Log ist leider unvollständig denn die untere Zusammenfassung fehlt __________________ Logfiles bitte immer in CODE-Tags posten

23.10.2012, 20:17	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "saving sidekicks" frisst und beschädigt meine Dateien Surf-Sitter? Ist diese Kindersicherung so gewollt? __________________ Logfiles bitte immer in CODE-Tags posten

24.10.2012, 19:40	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "saving sidekicks" frisst und beschädigt meine Dateien Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner "saving sidekicks" frisst und beschädigt meine Dateien

Plagegeister aller Art und deren Bekämpfung: Trojaner "saving sidekicks" frisst und beschädigt meine Dateien