2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy

kiwibiwi · 22.05.2013, 17:34

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-22 18:16:21
-----------------------------
18:16:21.516    OS Version: Windows 6.1.7601 Service Pack 1
18:16:21.516    Number of processors: 2 586 0xF0D
18:16:21.516    ComputerName: Y-PC  UserName: y
18:16:22.811    Initialize success
18:17:47.481    AVAST engine defs: 13052200
18:18:42.393    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:18:42.393    Disk 0 Vendor: ST980811AS 3.ALE Size: 76319MB BusType: 11
18:18:42.517    Disk 0 MBR read successfully
18:18:42.533    Disk 0 MBR scan
18:18:42.549    Disk 0 Windows 7 default MBR code
18:18:42.564    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          109 MB offset 63
18:18:42.595    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        38075 MB offset 224910
18:18:42.611    Disk 0 Partition - 00     05     Extended             38133 MB offset 78204420
18:18:42.642    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        38130 MB offset 78204483
18:18:42.689    Disk 0 scanning sectors +156301488
18:18:43.095    Disk 0 scanning C:\Windows\system32\drivers
18:19:09.303    Service scanning
18:19:54.153    Modules scanning
18:20:07.085    Disk 0 trace - called modules:
18:20:07.194    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys intelppm.sys 
18:20:07.210    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a928a0]
18:20:07.226    3 CLASSPNP.SYS[88e0459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x855a6908]
18:20:07.662    AVAST engine scan C:\Windows
18:20:12.093    AVAST engine scan C:\Windows\system32
18:26:51.454    AVAST engine scan C:\Windows\system32\drivers
18:27:14.495    AVAST engine scan C:\Users\y
18:29:44.770    AVAST engine scan C:\ProgramData
18:31:14.688    Scan finished successfully
18:32:36.557    Disk 0 MBR has been saved successfully to "C:\Users\y\Desktop\MBR.dat"
18:32:36.573    The log file has been saved successfully to "C:\Users\y\Desktop\aswMBR.txt"

Kann ich asw jetzt schließen ohne auf fix mbr zu klicken
und dann TDSSKiller starten?

Hey cosinus, ich warte noch auf dein 'Go'

Hab das aws Programm noch auf. Kann ich es jetzt einfach schließen & TDSSKiller starten?

cosinus · 22.05.2013, 20:20

Du solltest nur das Log erstellen, wenn du fixmbr machen sollst hätte ich das schon geschrieben
Mach bitte mit dem tdsskiller weiter, auch da nur das Log erstellen, nichts löschen!

kiwibiwi · 22.05.2013, 20:27

Code:

ATTFilter

21:25:09.0986 5680  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:25:10.0189 5680  ============================================================
21:25:10.0189 5680  Current date / time: 2013/05/22 21:25:10.0189
21:25:10.0189 5680  SystemInfo:
21:25:10.0189 5680  
21:25:10.0189 5680  OS Version: 6.1.7601 ServicePack: 1.0
21:25:10.0189 5680  Product type: Workstation
21:25:10.0189 5680  ComputerName: Y-PC
21:25:10.0189 5680  UserName: y
21:25:10.0189 5680  Windows directory: C:\Windows
21:25:10.0189 5680  System windows directory: C:\Windows
21:25:10.0189 5680  Processor architecture: Intel x86
21:25:10.0189 5680  Number of processors: 2
21:25:10.0189 5680  Page size: 0x1000
21:25:10.0189 5680  Boot type: Normal boot
21:25:10.0189 5680  ============================================================
21:25:11.0390 5680  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:25:11.0422 5680  ============================================================
21:25:11.0422 5680  \Device\Harddisk0\DR0:
21:25:11.0422 5680  MBR partitions:
21:25:11.0422 5680  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36E4F
21:25:11.0422 5680  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0x4A5DF76
21:25:11.0437 5680  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4A94E43, BlocksNum 0x4A7967E
21:25:11.0437 5680  ============================================================
21:25:11.0500 5680  C: <-> \Device\Harddisk0\DR0\Partition2
21:25:11.0531 5680  E: <-> \Device\Harddisk0\DR0\Partition3
21:25:11.0531 5680  ============================================================
21:25:11.0531 5680  Initialize success
21:25:11.0531 5680  ============================================================
21:25:18.0077 4888  ============================================================
21:25:18.0077 4888  Scan started
21:25:18.0077 4888  Mode: Manual; 
21:25:18.0077 4888  ============================================================
21:25:19.0497 4888  ================ Scan system memory ========================
21:25:19.0497 4888  System memory - ok
21:25:19.0497 4888  ================ Scan services =============================
21:25:19.0840 4888  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:25:19.0840 4888  1394ohci - ok
21:25:19.0887 4888  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:25:19.0887 4888  ACPI - ok
21:25:19.0918 4888  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:25:19.0934 4888  AcpiPmi - ok
21:25:20.0027 4888  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:25:20.0027 4888  AdobeARMservice - ok
21:25:20.0090 4888  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:25:20.0105 4888  adp94xx - ok
21:25:20.0199 4888  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:25:20.0214 4888  adpahci - ok
21:25:20.0230 4888  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:25:20.0230 4888  adpu320 - ok
21:25:20.0277 4888  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:25:20.0277 4888  AeLookupSvc - ok
21:25:20.0339 4888  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:25:20.0339 4888  AFD - ok
21:25:20.0402 4888  [ 48091A2374A69F473273C44951195452 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
21:25:20.0402 4888  AgereModemAudio - ok
21:25:20.0480 4888  [ 0A5838AE776C4D489003CDD161557D39 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
21:25:20.0542 4888  AgereSoftModem - ok
21:25:20.0573 4888  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:25:20.0573 4888  agp440 - ok
21:25:20.0620 4888  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:25:20.0620 4888  aic78xx - ok
21:25:20.0667 4888  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:25:20.0667 4888  ALG - ok
21:25:20.0698 4888  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:25:20.0698 4888  aliide - ok
21:25:20.0714 4888  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:25:20.0714 4888  amdagp - ok
21:25:20.0729 4888  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:25:20.0745 4888  amdide - ok
21:25:20.0760 4888  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:25:20.0760 4888  AmdK8 - ok
21:25:20.0776 4888  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:25:20.0776 4888  AmdPPM - ok
21:25:20.0823 4888  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:25:20.0823 4888  amdsata - ok
21:25:20.0870 4888  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:25:20.0870 4888  amdsbs - ok
21:25:20.0885 4888  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:25:20.0885 4888  amdxata - ok
21:25:20.0979 4888  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:25:20.0979 4888  AntiVirSchedulerService - ok
21:25:21.0026 4888  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:25:21.0026 4888  AntiVirService - ok
21:25:21.0072 4888  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:25:21.0088 4888  AppID - ok
21:25:21.0135 4888  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:25:21.0135 4888  AppIDSvc - ok
21:25:21.0182 4888  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
21:25:21.0182 4888  Appinfo - ok
21:25:21.0228 4888  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:25:21.0228 4888  AppMgmt - ok
21:25:21.0260 4888  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
21:25:21.0260 4888  arc - ok
21:25:21.0291 4888  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:25:21.0291 4888  arcsas - ok
21:25:21.0322 4888  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:21.0322 4888  AsyncMac - ok
21:25:21.0369 4888  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:25:21.0369 4888  atapi - ok
21:25:21.0556 4888  [ 274C792DBE80437452F6FC110E4DA742 ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:25:21.0650 4888  athr - ok
21:25:21.0712 4888  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:21.0743 4888  AudioEndpointBuilder - ok
21:25:21.0759 4888  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:25:21.0759 4888  Audiosrv - ok
21:25:21.0806 4888  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:25:21.0806 4888  avgntflt - ok
21:25:21.0868 4888  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:25:21.0884 4888  avipbb - ok
21:25:21.0899 4888  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:25:21.0899 4888  avkmgr - ok
21:25:21.0946 4888  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:25:21.0946 4888  AxInstSV - ok
21:25:22.0008 4888  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
21:25:22.0040 4888  b06bdrv - ok
21:25:22.0242 4888  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:25:22.0258 4888  b57nd60x - ok
21:25:22.0305 4888  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:25:22.0305 4888  BDESVC - ok
21:25:22.0352 4888  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:25:22.0352 4888  Beep - ok
21:25:22.0414 4888  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:25:22.0430 4888  BFE - ok
21:25:22.0492 4888  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:25:22.0523 4888  BITS - ok
21:25:22.0570 4888  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:22.0570 4888  blbdrive - ok
21:25:22.0617 4888  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:25:22.0617 4888  bowser - ok
21:25:22.0664 4888  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:25:22.0664 4888  BrFiltLo - ok
21:25:22.0695 4888  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:25:22.0695 4888  BrFiltUp - ok
21:25:22.0726 4888  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:25:22.0726 4888  BridgeMP - ok
21:25:22.0788 4888  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:25:22.0788 4888  Browser - ok
21:25:22.0820 4888  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:25:22.0835 4888  Brserid - ok
21:25:22.0835 4888  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:22.0851 4888  BrSerWdm - ok
21:25:22.0866 4888  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:22.0866 4888  BrUsbMdm - ok
21:25:22.0898 4888  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:22.0898 4888  BrUsbSer - ok
21:25:22.0944 4888  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:25:22.0960 4888  BthEnum - ok
21:25:22.0960 4888  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:25:22.0976 4888  BTHMODEM - ok
21:25:23.0007 4888  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:25:23.0007 4888  BthPan - ok
21:25:23.0054 4888  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:25:23.0069 4888  BTHPORT - ok
21:25:23.0116 4888  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:25:23.0116 4888  bthserv - ok
21:25:23.0132 4888  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:25:23.0147 4888  BTHUSB - ok
21:25:23.0256 4888  catchme - ok
21:25:23.0303 4888  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:25:23.0303 4888  cdfs - ok
21:25:23.0350 4888  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:25:23.0350 4888  cdrom - ok
21:25:23.0397 4888  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:25:23.0412 4888  CertPropSvc - ok
21:25:23.0428 4888  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:25:23.0428 4888  circlass - ok
21:25:23.0475 4888  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:25:23.0475 4888  CLFS - ok
21:25:23.0553 4888  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:23.0584 4888  clr_optimization_v2.0.50727_32 - ok
21:25:23.0662 4888  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:23.0678 4888  clr_optimization_v4.0.30319_32 - ok
21:25:23.0709 4888  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:23.0709 4888  CmBatt - ok
21:25:23.0724 4888  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:25:23.0740 4888  cmdide - ok
21:25:23.0771 4888  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:25:23.0802 4888  CNG - ok
21:25:23.0834 4888  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:25:23.0834 4888  Compbatt - ok
21:25:23.0880 4888  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:25:23.0880 4888  CompositeBus - ok
21:25:23.0896 4888  COMSysApp - ok
21:25:23.0943 4888  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:25:23.0943 4888  crcdisk - ok
21:25:23.0990 4888  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:25:24.0005 4888  CryptSvc - ok
21:25:24.0052 4888  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
21:25:24.0068 4888  CSC - ok
21:25:24.0114 4888  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
21:25:24.0146 4888  CscService - ok
21:25:24.0208 4888  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:25:24.0224 4888  DcomLaunch - ok
21:25:24.0255 4888  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:25:24.0270 4888  defragsvc - ok
21:25:24.0302 4888  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:25:24.0302 4888  DfsC - ok
21:25:24.0348 4888  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:25:24.0348 4888  Dhcp - ok
21:25:24.0395 4888  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:25:24.0395 4888  discache - ok
21:25:24.0426 4888  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
21:25:24.0426 4888  Disk - ok
21:25:24.0458 4888  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:25:24.0473 4888  dmvsc - ok
21:25:24.0520 4888  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:25:24.0520 4888  Dnscache - ok
21:25:24.0629 4888  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:25:24.0660 4888  dot3svc - ok
21:25:24.0723 4888  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:25:24.0723 4888  DPS - ok
21:25:24.0770 4888  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:25:24.0770 4888  drmkaud - ok
21:25:24.0848 4888  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:25:24.0879 4888  DXGKrnl - ok
21:25:24.0926 4888  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
21:25:24.0941 4888  e1express - ok
21:25:24.0972 4888  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:25:24.0972 4888  EapHost - ok
21:25:25.0144 4888  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
21:25:25.0269 4888  ebdrv - ok
21:25:25.0300 4888  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:25:25.0300 4888  EFS - ok
21:25:25.0378 4888  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:25:25.0440 4888  ehRecvr - ok
21:25:25.0472 4888  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:25:25.0487 4888  ehSched - ok
21:25:25.0550 4888  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:25:25.0565 4888  elxstor - ok
21:25:25.0596 4888  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:25:25.0596 4888  ErrDev - ok
21:25:25.0643 4888  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:25:25.0659 4888  EventSystem - ok
21:25:25.0674 4888  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:25:25.0690 4888  exfat - ok
21:25:25.0706 4888  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:25:25.0721 4888  fastfat - ok
21:25:25.0768 4888  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:25:25.0799 4888  Fax - ok
21:25:25.0815 4888  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
21:25:25.0830 4888  fdc - ok
21:25:25.0846 4888  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:25:25.0862 4888  fdPHost - ok
21:25:25.0877 4888  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:25:25.0877 4888  FDResPub - ok
21:25:25.0908 4888  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:25:25.0908 4888  FileInfo - ok
21:25:25.0940 4888  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:25:25.0940 4888  Filetrace - ok
21:25:25.0955 4888  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:25:25.0955 4888  flpydisk - ok
21:25:26.0002 4888  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:25:26.0002 4888  FltMgr - ok
21:25:26.0080 4888  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
21:25:26.0127 4888  FontCache - ok
21:25:26.0189 4888  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:25:26.0205 4888  FontCache3.0.0.0 - ok
21:25:26.0236 4888  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:25:26.0236 4888  FsDepends - ok
21:25:26.0267 4888  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:25:26.0267 4888  Fs_Rec - ok
21:25:26.0314 4888  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:25:26.0314 4888  fvevol - ok
21:25:26.0345 4888  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:25:26.0361 4888  gagp30kx - ok
21:25:26.0423 4888  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:25:26.0454 4888  gpsvc - ok
21:25:26.0486 4888  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:25:26.0486 4888  hcw85cir - ok
21:25:26.0517 4888  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:26.0548 4888  HdAudAddService - ok
21:25:26.0579 4888  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:26.0579 4888  HDAudBus - ok
21:25:26.0610 4888  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:25:26.0610 4888  HidBatt - ok
21:25:26.0626 4888  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:25:26.0626 4888  HidBth - ok
21:25:26.0642 4888  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:25:26.0657 4888  HidIr - ok
21:25:26.0688 4888  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
21:25:26.0688 4888  hidserv - ok
21:25:26.0704 4888  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:25:26.0720 4888  HidUsb - ok
21:25:26.0751 4888  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:25:26.0766 4888  hkmsvc - ok
21:25:26.0782 4888  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:26.0798 4888  HomeGroupListener - ok
21:25:26.0844 4888  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:26.0844 4888  HomeGroupProvider - ok
21:25:26.0876 4888  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:25:26.0876 4888  HpSAMD - ok
21:25:26.0922 4888  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:25:26.0938 4888  HTTP - ok
21:25:26.0985 4888  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:25:26.0985 4888  hwpolicy - ok
21:25:27.0000 4888  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:27.0016 4888  i8042prt - ok
21:25:27.0047 4888  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:25:27.0063 4888  iaStorV - ok
21:25:27.0141 4888  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:25:27.0359 4888  idsvc - ok
21:25:27.0593 4888  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:25:27.0796 4888  igfx - ok
21:25:27.0827 4888  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:25:27.0827 4888  iirsp - ok
21:25:27.0890 4888  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:25:27.0936 4888  IKEEXT - ok
21:25:28.0170 4888  [ EEE7AF1955C638EEB7BC8D9EBABBA54F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:25:28.0342 4888  IntcAzAudAddService - ok
21:25:28.0373 4888  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:25:28.0389 4888  intelide - ok
21:25:28.0420 4888  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:25:28.0436 4888  intelppm - ok
21:25:28.0467 4888  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:25:28.0467 4888  IPBusEnum - ok
21:25:28.0498 4888  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:28.0498 4888  IpFilterDriver - ok
21:25:28.0560 4888  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:25:28.0576 4888  iphlpsvc - ok
21:25:28.0592 4888  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:25:28.0592 4888  IPMIDRV - ok
21:25:28.0607 4888  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:25:28.0623 4888  IPNAT - ok
21:25:28.0654 4888  [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda            C:\Windows\system32\DRIVERS\irda.sys
21:25:28.0654 4888  irda - ok
21:25:28.0685 4888  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:25:28.0685 4888  IRENUM - ok
21:25:28.0732 4888  [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon           C:\Windows\System32\irmon.dll
21:25:28.0732 4888  Irmon - ok
21:25:28.0748 4888  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:25:28.0748 4888  isapnp - ok
21:25:28.0810 4888  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:25:28.0826 4888  iScsiPrt - ok
21:25:28.0872 4888  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:25:28.0872 4888  kbdclass - ok
21:25:28.0904 4888  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:25:28.0904 4888  kbdhid - ok
21:25:28.0919 4888  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:25:28.0935 4888  KeyIso - ok
21:25:28.0950 4888  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:25:28.0966 4888  KSecDD - ok
21:25:28.0982 4888  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:25:28.0997 4888  KSecPkg - ok
21:25:29.0028 4888  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:25:29.0044 4888  KtmRm - ok
21:25:29.0106 4888  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:25:29.0138 4888  LanmanServer - ok
21:25:29.0169 4888  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:29.0184 4888  LanmanWorkstation - ok
21:25:29.0247 4888  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:25:29.0247 4888  lltdio - ok
21:25:29.0278 4888  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:25:29.0294 4888  lltdsvc - ok
21:25:29.0309 4888  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:25:29.0309 4888  lmhosts - ok
21:25:29.0356 4888  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:25:29.0356 4888  LSI_FC - ok
21:25:29.0387 4888  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:25:29.0387 4888  LSI_SAS - ok
21:25:29.0418 4888  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:25:29.0418 4888  LSI_SAS2 - ok
21:25:29.0434 4888  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:25:29.0434 4888  LSI_SCSI - ok
21:25:29.0465 4888  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:25:29.0481 4888  luafv - ok
21:25:29.0543 4888  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:25:29.0543 4888  MBAMProtector - ok
21:25:29.0621 4888  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:25:29.0637 4888  MBAMScheduler - ok
21:25:29.0668 4888  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:29.0715 4888  MBAMService - ok
21:25:29.0746 4888  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:25:29.0746 4888  Mcx2Svc - ok
21:25:29.0793 4888  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:25:29.0793 4888  megasas - ok
21:25:29.0840 4888  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:25:29.0855 4888  MegaSR - ok
21:25:29.0886 4888  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:25:29.0886 4888  MMCSS - ok
21:25:29.0918 4888  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:25:29.0918 4888  Modem - ok
21:25:29.0949 4888  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:25:29.0949 4888  monitor - ok
21:25:29.0980 4888  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:25:29.0980 4888  mouclass - ok
21:25:30.0011 4888  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:25:30.0011 4888  mouhid - ok
21:25:30.0042 4888  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:25:30.0042 4888  mountmgr - ok
21:25:30.0105 4888  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:25:30.0136 4888  MozillaMaintenance - ok
21:25:30.0167 4888  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:25:30.0183 4888  mpio - ok
21:25:30.0198 4888  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:25:30.0214 4888  mpsdrv - ok
21:25:30.0245 4888  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:25:30.0292 4888  MpsSvc - ok
21:25:30.0308 4888  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:25:30.0308 4888  MRxDAV - ok
21:25:30.0354 4888  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:30.0354 4888  mrxsmb - ok
21:25:30.0386 4888  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:30.0401 4888  mrxsmb10 - ok
21:25:30.0417 4888  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:30.0432 4888  mrxsmb20 - ok
21:25:30.0448 4888  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:25:30.0448 4888  msahci - ok
21:25:30.0479 4888  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:25:30.0479 4888  msdsm - ok
21:25:30.0510 4888  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:25:30.0526 4888  MSDTC - ok
21:25:30.0573 4888  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:25:30.0573 4888  Msfs - ok
21:25:30.0588 4888  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:25:30.0588 4888  mshidkmdf - ok
21:25:30.0620 4888  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:25:30.0620 4888  msisadrv - ok
21:25:30.0666 4888  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:25:30.0666 4888  MSiSCSI - ok
21:25:30.0682 4888  msiserver - ok
21:25:30.0729 4888  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:25:30.0729 4888  MSKSSRV - ok
21:25:30.0744 4888  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:30.0760 4888  MSPCLOCK - ok
21:25:30.0760 4888  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:25:30.0776 4888  MSPQM - ok
21:25:30.0791 4888  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:25:30.0807 4888  MsRPC - ok
21:25:30.0838 4888  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:30.0838 4888  mssmbios - ok
21:25:30.0854 4888  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:25:30.0854 4888  MSTEE - ok
21:25:30.0854 4888  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:25:30.0869 4888  MTConfig - ok
21:25:30.0885 4888  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:25:30.0900 4888  Mup - ok
21:25:30.0932 4888  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:25:30.0963 4888  napagent - ok
21:25:31.0010 4888  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:25:31.0010 4888  NativeWifiP - ok
21:25:31.0088 4888  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:25:31.0119 4888  NDIS - ok
21:25:31.0134 4888  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:31.0150 4888  NdisCap - ok
21:25:31.0181 4888  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:31.0181 4888  NdisTapi - ok
21:25:31.0212 4888  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:31.0212 4888  Ndisuio - ok
21:25:31.0244 4888  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:31.0244 4888  NdisWan - ok
21:25:31.0259 4888  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:25:31.0275 4888  NDProxy - ok
21:25:31.0306 4888  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:25:31.0306 4888  NetBIOS - ok
21:25:31.0337 4888  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:25:31.0353 4888  NetBT - ok
21:25:31.0384 4888  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:25:31.0384 4888  Netlogon - ok
21:25:31.0431 4888  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:25:31.0446 4888  Netman - ok
21:25:31.0493 4888  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:25:31.0509 4888  netprofm - ok
21:25:31.0556 4888  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:31.0571 4888  NetTcpPortSharing - ok
21:25:31.0618 4888  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:25:31.0634 4888  nfrd960 - ok
21:25:31.0665 4888  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:25:31.0665 4888  NlaSvc - ok
21:25:31.0680 4888  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:25:31.0696 4888  Npfs - ok
21:25:31.0727 4888  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
21:25:31.0743 4888  NSCIRDA - ok
21:25:31.0774 4888  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:25:31.0790 4888  nsi - ok
21:25:31.0805 4888  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:25:31.0805 4888  nsiproxy - ok
21:25:31.0883 4888  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:25:31.0946 4888  Ntfs - ok
21:25:31.0977 4888  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:25:31.0977 4888  Null - ok
21:25:32.0024 4888  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:25:32.0024 4888  nvraid - ok
21:25:32.0055 4888  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:25:32.0055 4888  nvstor - ok
21:25:32.0086 4888  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:25:32.0086 4888  nv_agp - ok
21:25:32.0133 4888  [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
21:25:32.0133 4888  O2FLASH - ok
21:25:32.0164 4888  [ 9BA48E9522BBBE594FB03EC5850D3127 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
21:25:32.0180 4888  O2MDRDR - ok
21:25:32.0211 4888  [ 13B43E968345CFA1C3BAEF007CD984B6 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
21:25:32.0211 4888  O2SDRDR - ok
21:25:32.0304 4888  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:25:32.0367 4888  odserv - ok
21:25:32.0414 4888  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:25:32.0414 4888  ohci1394 - ok
21:25:32.0476 4888  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:25:32.0492 4888  ose - ok
21:25:32.0554 4888  [ AB2B07AC4AFD38F574D903EAF9E98A60 ] OZSCR           C:\Windows\system32\DRIVERS\ozscr.sys
21:25:32.0554 4888  OZSCR - ok
21:25:32.0601 4888  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:25:32.0632 4888  p2pimsvc - ok
21:25:32.0663 4888  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:25:32.0679 4888  p2psvc - ok
21:25:32.0726 4888  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:25:32.0741 4888  Parport - ok
21:25:32.0819 4888  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:25:32.0819 4888  partmgr - ok
21:25:32.0850 4888  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:25:32.0850 4888  Parvdm - ok
21:25:32.0897 4888  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:25:32.0897 4888  PcaSvc - ok
21:25:32.0928 4888  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:25:32.0944 4888  pci - ok
21:25:32.0975 4888  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:25:32.0975 4888  pciide - ok
21:25:33.0006 4888  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:25:33.0006 4888  pcmcia - ok
21:25:33.0038 4888  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:25:33.0038 4888  pcw - ok
21:25:33.0084 4888  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:25:33.0100 4888  PEAUTH - ok
21:25:33.0162 4888  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:25:33.0209 4888  PeerDistSvc - ok
21:25:33.0318 4888  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:25:33.0396 4888  pla - ok
21:25:33.0443 4888  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:25:33.0459 4888  PlugPlay - ok
21:25:33.0490 4888  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:25:33.0506 4888  PNRPAutoReg - ok
21:25:33.0537 4888  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:25:33.0537 4888  PNRPsvc - ok
21:25:33.0584 4888  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:25:33.0615 4888  PolicyAgent - ok
21:25:33.0646 4888  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:25:33.0677 4888  Power - ok
21:25:33.0724 4888  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:25:33.0740 4888  PptpMiniport - ok
21:25:33.0755 4888  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
21:25:33.0771 4888  Processor - ok
21:25:33.0818 4888  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:25:33.0818 4888  ProfSvc - ok
21:25:33.0849 4888  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:25:33.0849 4888  ProtectedStorage - ok
21:25:33.0880 4888  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:25:33.0896 4888  Psched - ok
21:25:33.0942 4888  [ C50DE6D0C04B230F185A13FDE0F047FA ] pwdrvio         C:\Windows\system32\pwdrvio.sys
21:25:33.0942 4888  pwdrvio - ok
21:25:33.0989 4888  [ CDC5704308222400AD606BCF87B006A5 ] pwdspio         C:\Windows\system32\pwdspio.sys
21:25:33.0989 4888  pwdspio - ok
21:25:34.0067 4888  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:25:34.0130 4888  ql2300 - ok
21:25:34.0145 4888  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:25:34.0161 4888  ql40xx - ok
21:25:34.0192 4888  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:25:34.0223 4888  QWAVE - ok
21:25:34.0239 4888  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:25:34.0239 4888  QWAVEdrv - ok
21:25:34.0270 4888  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:25:34.0286 4888  RasAcd - ok
21:25:34.0317 4888  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:34.0332 4888  RasAgileVpn - ok
21:25:34.0364 4888  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:25:34.0379 4888  RasAuto - ok
21:25:34.0410 4888  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:34.0426 4888  Rasl2tp - ok
21:25:34.0457 4888  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:25:34.0473 4888  RasMan - ok
21:25:34.0488 4888  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:34.0488 4888  RasPppoe - ok
21:25:34.0520 4888  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:25:34.0535 4888  RasSstp - ok
21:25:34.0566 4888  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:25:34.0566 4888  rdbss - ok
21:25:34.0598 4888  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:25:34.0598 4888  rdpbus - ok
21:25:34.0629 4888  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:34.0629 4888  RDPCDD - ok
21:25:34.0676 4888  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:25:34.0676 4888  RDPDR - ok
21:25:34.0707 4888  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:25:34.0707 4888  RDPENCDD - ok
21:25:34.0738 4888  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:25:34.0754 4888  RDPREFMP - ok
21:25:34.0785 4888  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:25:34.0800 4888  RdpVideoMiniport - ok
21:25:34.0832 4888  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:25:34.0847 4888  RDPWD - ok
21:25:34.0894 4888  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:25:34.0894 4888  rdyboost - ok
21:25:34.0941 4888  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:25:34.0941 4888  RemoteAccess - ok
21:25:34.0988 4888  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:25:35.0003 4888  RemoteRegistry - ok
21:25:35.0050 4888  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:25:35.0050 4888  RFCOMM - ok
21:25:35.0081 4888  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:25:35.0081 4888  RpcEptMapper - ok
21:25:35.0112 4888  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:25:35.0128 4888  RpcLocator - ok
21:25:35.0159 4888  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:25:35.0175 4888  RpcSs - ok
21:25:35.0222 4888  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:25:35.0222 4888  rspndr - ok
21:25:35.0253 4888  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:25:35.0253 4888  s3cap - ok
21:25:35.0300 4888  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:25:35.0300 4888  SamSs - ok
21:25:35.0346 4888  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:25:35.0346 4888  sbp2port - ok
21:25:35.0378 4888  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:25:35.0393 4888  SCardSvr - ok
21:25:35.0409 4888  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:25:35.0424 4888  scfilter - ok
21:25:35.0471 4888  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:25:35.0518 4888  Schedule - ok
21:25:35.0534 4888  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:25:35.0549 4888  SCPolicySvc - ok
21:25:35.0580 4888  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:25:35.0580 4888  sdbus - ok
21:25:35.0612 4888  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:25:35.0643 4888  SDRSVC - ok
21:25:35.0674 4888  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:25:35.0690 4888  secdrv - ok
21:25:35.0705 4888  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:25:35.0705 4888  seclogon - ok
21:25:35.0768 4888  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
21:25:35.0783 4888  SENS - ok
21:25:35.0799 4888  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:25:35.0814 4888  SensrSvc - ok
21:25:35.0830 4888  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:25:35.0830 4888  Serenum - ok
21:25:35.0861 4888  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:25:35.0861 4888  Serial - ok
21:25:35.0877 4888  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:25:35.0892 4888  sermouse - ok
21:25:35.0939 4888  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:25:35.0939 4888  SessionEnv - ok
21:25:35.0955 4888  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:25:35.0955 4888  sffdisk - ok
21:25:35.0970 4888  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:25:35.0970 4888  sffp_mmc - ok
21:25:35.0986 4888  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:25:35.0986 4888  sffp_sd - ok
21:25:36.0002 4888  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:25:36.0002 4888  sfloppy - ok
21:25:36.0064 4888  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:25:36.0080 4888  SharedAccess - ok
21:25:36.0126 4888  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:25:36.0142 4888  ShellHWDetection - ok
21:25:36.0158 4888  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:25:36.0173 4888  sisagp - ok
21:25:36.0220 4888  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:25:36.0220 4888  SiSRaid2 - ok
21:25:36.0236 4888  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:25:36.0236 4888  SiSRaid4 - ok
21:25:36.0329 4888  [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:25:36.0329 4888  SkypeUpdate - ok
21:25:36.0376 4888  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:25:36.0376 4888  Smb - ok
21:25:36.0423 4888  [ D1BF7148144AD1851893E84363F78130 ] SMSCIRDA        C:\Windows\system32\DRIVERS\SMSCirda.sys
21:25:36.0438 4888  SMSCIRDA - ok
21:25:36.0501 4888  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:25:36.0516 4888  SNMPTRAP - ok
21:25:36.0548 4888  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:25:36.0548 4888  spldr - ok
21:25:36.0594 4888  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:25:36.0610 4888  Spooler - ok
21:25:36.0766 4888  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:25:36.0906 4888  sppsvc - ok
21:25:36.0938 4888  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:25:36.0938 4888  sppuinotify - ok
21:25:36.0984 4888  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:25:37.0016 4888  srv - ok
21:25:37.0031 4888  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:25:37.0047 4888  srv2 - ok
21:25:37.0109 4888  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:25:37.0109 4888  SrvHsfHDA - ok
21:25:37.0156 4888  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:25:37.0203 4888  SrvHsfV92 - ok
21:25:37.0250 4888  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:25:37.0296 4888  SrvHsfWinac - ok
21:25:37.0328 4888  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:25:37.0328 4888  srvnet - ok
21:25:37.0374 4888  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:25:37.0374 4888  SSDPSRV - ok
21:25:37.0452 4888  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:25:37.0452 4888  ssmdrv - ok
21:25:37.0499 4888  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:25:37.0499 4888  SstpSvc - ok
21:25:37.0530 4888  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:25:37.0530 4888  stexstor - ok
21:25:37.0577 4888  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:25:37.0624 4888  StiSvc - ok
21:25:37.0655 4888  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:25:37.0655 4888  storflt - ok
21:25:37.0686 4888  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:25:37.0686 4888  storvsc - ok
21:25:37.0702 4888  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:25:37.0718 4888  swenum - ok
21:25:37.0749 4888  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:25:37.0780 4888  swprv - ok
21:25:37.0796 4888  [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
21:25:37.0796 4888  Synth3dVsc - ok
21:25:37.0874 4888  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:25:37.0889 4888  SysMain - ok
21:25:37.0920 4888  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:25:37.0952 4888  TabletInputService - ok
21:25:37.0983 4888  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:25:37.0998 4888  TapiSrv - ok
21:25:38.0014 4888  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:25:38.0030 4888  TBS - ok
21:25:38.0108 4888  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:25:38.0154 4888  Tcpip - ok
21:25:38.0248 4888  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:25:38.0264 4888  TCPIP6 - ok
21:25:38.0310 4888  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:25:38.0310 4888  tcpipreg - ok
21:25:38.0342 4888  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:25:38.0342 4888  TDPIPE - ok
21:25:38.0373 4888  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:25:38.0373 4888  TDTCP - ok
21:25:38.0404 4888  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:25:38.0420 4888  tdx - ok
21:25:38.0451 4888  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:25:38.0451 4888  TermDD - ok
21:25:38.0482 4888  [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt        C:\Windows\system32\drivers\terminpt.sys
21:25:38.0482 4888  terminpt - ok
21:25:38.0529 4888  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:25:38.0560 4888  TermService - ok
21:25:38.0591 4888  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:25:38.0591 4888  Themes - ok
21:25:38.0622 4888  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:25:38.0638 4888  THREADORDER - ok
21:25:38.0685 4888  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:25:38.0685 4888  TPM - ok
21:25:38.0732 4888  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:25:38.0747 4888  TrkWks - ok
21:25:38.0794 4888  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:25:38.0810 4888  TrustedInstaller - ok
21:25:38.0841 4888  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:38.0841 4888  tssecsrv - ok
21:25:38.0888 4888  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:25:38.0888 4888  TsUsbFlt - ok
21:25:38.0919 4888  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:25:38.0919 4888  TsUsbGD - ok
21:25:38.0966 4888  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
21:25:38.0966 4888  tsusbhub - ok
21:25:39.0012 4888  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:25:39.0028 4888  tunnel - ok
21:25:39.0044 4888  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:25:39.0044 4888  uagp35 - ok
21:25:39.0075 4888  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:25:39.0090 4888  udfs - ok
21:25:39.0137 4888  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:25:39.0153 4888  UI0Detect - ok
21:25:39.0184 4888  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:25:39.0184 4888  uliagpkx - ok
21:25:39.0231 4888  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:25:39.0231 4888  umbus - ok
21:25:39.0246 4888  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:25:39.0246 4888  UmPass - ok
21:25:39.0293 4888  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:25:39.0309 4888  UmRdpService - ok
21:25:39.0340 4888  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:25:39.0371 4888  upnphost - ok
21:25:39.0402 4888  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:39.0402 4888  usbccgp - ok
21:25:39.0449 4888  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:25:39.0449 4888  usbcir - ok
21:25:39.0480 4888  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:25:39.0480 4888  usbehci - ok
21:25:39.0527 4888  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:25:39.0543 4888  usbhub - ok
21:25:39.0574 4888  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:25:39.0574 4888  usbohci - ok
21:25:39.0605 4888  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:25:39.0605 4888  usbprint - ok
21:25:39.0636 4888  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:25:39.0652 4888  usbscan - ok
21:25:39.0683 4888  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:39.0699 4888  USBSTOR - ok
21:25:39.0714 4888  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:25:39.0714 4888  usbuhci - ok
21:25:39.0746 4888  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:25:39.0746 4888  UxSms - ok
21:25:39.0777 4888  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:25:39.0777 4888  VaultSvc - ok
21:25:39.0824 4888  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:25:39.0824 4888  vdrvroot - ok
21:25:39.0870 4888  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:25:39.0902 4888  vds - ok
21:25:39.0933 4888  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:39.0933 4888  vga - ok
21:25:39.0948 4888  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:25:39.0964 4888  VgaSave - ok
21:25:39.0964 4888  VGPU - ok
21:25:39.0995 4888  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:25:39.0995 4888  vhdmp - ok
21:25:40.0026 4888  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:25:40.0026 4888  viaagp - ok
21:25:40.0042 4888  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:25:40.0042 4888  ViaC7 - ok
21:25:40.0073 4888  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:25:40.0073 4888  viaide - ok
21:25:40.0104 4888  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:25:40.0120 4888  vmbus - ok
21:25:40.0136 4888  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:25:40.0151 4888  VMBusHID - ok
21:25:40.0167 4888  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:25:40.0167 4888  volmgr - ok
21:25:40.0198 4888  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:25:40.0214 4888  volmgrx - ok
21:25:40.0245 4888  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:25:40.0260 4888  volsnap - ok
21:25:40.0292 4888  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:25:40.0307 4888  vsmraid - ok
21:25:40.0370 4888  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:25:40.0448 4888  VSS - ok
21:25:40.0479 4888  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:40.0479 4888  vwifibus - ok
21:25:40.0526 4888  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:40.0526 4888  vwififlt - ok
21:25:40.0557 4888  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:25:40.0588 4888  W32Time - ok
21:25:40.0635 4888  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:25:40.0635 4888  WacomPen - ok
21:25:40.0666 4888  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:25:40.0666 4888  WANARP - ok
21:25:40.0682 4888  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:25:40.0697 4888  Wanarpv6 - ok
21:25:40.0775 4888  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:25:40.0838 4888  wbengine - ok
21:25:40.0869 4888  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:25:40.0916 4888  WbioSrvc - ok
21:25:40.0947 4888  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:25:40.0962 4888  wcncsvc - ok
21:25:40.0994 4888  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:25:40.0994 4888  WcsPlugInService - ok
21:25:41.0040 4888  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
21:25:41.0040 4888  Wd - ok
21:25:41.0072 4888  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:25:41.0103 4888  Wdf01000 - ok
21:25:41.0134 4888  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:25:41.0150 4888  WdiServiceHost - ok
21:25:41.0165 4888  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:25:41.0165 4888  WdiSystemHost - ok
21:25:41.0196 4888  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:25:41.0212 4888  WebClient - ok
21:25:41.0243 4888  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:25:41.0259 4888  Wecsvc - ok
21:25:41.0274 4888  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:25:41.0290 4888  wercplsupport - ok
21:25:41.0321 4888  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:25:41.0337 4888  WerSvc - ok
21:25:41.0368 4888  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:41.0368 4888  WfpLwf - ok
21:25:41.0399 4888  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:25:41.0399 4888  WIMMount - ok
21:25:41.0477 4888  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:25:41.0555 4888  WinDefend - ok
21:25:41.0586 4888  WinHttpAutoProxySvc - ok
21:25:41.0633 4888  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:25:41.0680 4888  Winmgmt - ok
21:25:41.0758 4888  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:25:41.0820 4888  WinRM - ok
21:25:41.0898 4888  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:25:41.0945 4888  Wlansvc - ok
21:25:41.0992 4888  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:25:41.0992 4888  WmiAcpi - ok
21:25:42.0039 4888  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:25:42.0054 4888  wmiApSrv - ok
21:25:42.0148 4888  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:25:42.0195 4888  WMPNetworkSvc - ok
21:25:42.0226 4888  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:25:42.0242 4888  WPCSvc - ok
21:25:42.0257 4888  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:25:42.0257 4888  WPDBusEnum - ok
21:25:42.0304 4888  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:25:42.0304 4888  ws2ifsl - ok
21:25:42.0335 4888  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
21:25:42.0335 4888  wscsvc - ok
21:25:42.0351 4888  WSearch - ok
21:25:42.0476 4888  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:25:42.0569 4888  wuauserv - ok
21:25:42.0600 4888  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:25:42.0616 4888  WudfPf - ok
21:25:42.0663 4888  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:42.0663 4888  WUDFRd - ok
21:25:42.0694 4888  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:25:42.0694 4888  wudfsvc - ok
21:25:42.0741 4888  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:25:42.0756 4888  WwanSvc - ok
21:25:42.0834 4888  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
21:25:42.0850 4888  yukonw7 - ok
21:25:42.0897 4888  ================ Scan global ===============================
21:25:42.0928 4888  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:25:42.0975 4888  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:25:43.0006 4888  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:25:43.0037 4888  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:25:43.0084 4888  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:25:43.0100 4888  [Global] - ok
21:25:43.0100 4888  ================ Scan MBR ==================================
21:25:43.0115 4888  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:25:43.0256 4888  \Device\Harddisk0\DR0 - ok
21:25:43.0256 4888  ================ Scan VBR ==================================
21:25:43.0271 4888  [ 348BC5E8D782CD2984EC52BBE7B2B339 ] \Device\Harddisk0\DR0\Partition1
21:25:43.0271 4888  \Device\Harddisk0\DR0\Partition1 - ok
21:25:43.0287 4888  [ 8F8CFCA14184542F6C25C2D6CD330C69 ] \Device\Harddisk0\DR0\Partition2
21:25:43.0287 4888  \Device\Harddisk0\DR0\Partition2 - ok
21:25:43.0302 4888  [ 83B62635C343AC98BA33AC83C09EA3C6 ] \Device\Harddisk0\DR0\Partition3
21:25:43.0318 4888  \Device\Harddisk0\DR0\Partition3 - ok
21:25:43.0318 4888  ============================================================
21:25:43.0318 4888  Scan finished
21:25:43.0318 4888  ============================================================
21:25:43.0334 4548  Detected object count: 0
21:25:43.0334 4548  Actual detected object count: 0

cosinus · 22.05.2013, 20:34

Zitat:

21:25:18.0077 4888 Scan started
21:25:18.0077 4888 Mode: Manual;

Anleitung nicht gelesen? Du hast den tdsskiller falsch eingestellt

kiwibiwi · 22.05.2013, 21:49

sorry, dachte du meintest die anleitung des programms. hab den link erst gerade gesehen. hier die neue logdatei:

Code:

ATTFilter

22:46:17.0156 5252  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:46:17.0374 5252  ============================================================
22:46:17.0374 5252  Current date / time: 2013/05/22 22:46:17.0374
22:46:17.0374 5252  SystemInfo:
22:46:17.0374 5252  
22:46:17.0374 5252  OS Version: 6.1.7601 ServicePack: 1.0
22:46:17.0374 5252  Product type: Workstation
22:46:17.0374 5252  ComputerName: Y-PC
22:46:17.0374 5252  UserName: y
22:46:17.0374 5252  Windows directory: C:\Windows
22:46:17.0374 5252  System windows directory: C:\Windows
22:46:17.0374 5252  Processor architecture: Intel x86
22:46:17.0374 5252  Number of processors: 2
22:46:17.0374 5252  Page size: 0x1000
22:46:17.0374 5252  Boot type: Normal boot
22:46:17.0374 5252  ============================================================
22:46:18.0139 5252  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:46:18.0154 5252  ============================================================
22:46:18.0154 5252  \Device\Harddisk0\DR0:
22:46:18.0154 5252  MBR partitions:
22:46:18.0154 5252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36E4F
22:46:18.0154 5252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0x4A5DF76
22:46:18.0170 5252  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4A94E43, BlocksNum 0x4A7967E
22:46:18.0170 5252  ============================================================
22:46:18.0248 5252  C: <-> \Device\Harddisk0\DR0\Partition2
22:46:18.0310 5252  E: <-> \Device\Harddisk0\DR0\Partition3
22:46:18.0310 5252  ============================================================
22:46:18.0310 5252  Initialize success
22:46:18.0310 5252  ============================================================
22:47:00.0212 6100  ============================================================
22:47:00.0212 6100  Scan started
22:47:00.0212 6100  Mode: Manual; SigCheck; TDLFS; 
22:47:00.0212 6100  ============================================================
22:47:00.0789 6100  ================ Scan system memory ========================
22:47:00.0789 6100  System memory - ok
22:47:00.0789 6100  ================ Scan services =============================
22:47:01.0226 6100  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:47:01.0460 6100  1394ohci - ok
22:47:01.0507 6100  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:47:01.0554 6100  ACPI - ok
22:47:01.0585 6100  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:47:01.0694 6100  AcpiPmi - ok
22:47:01.0788 6100  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:47:01.0819 6100  AdobeARMservice - ok
22:47:01.0881 6100  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:47:01.0944 6100  adp94xx - ok
22:47:02.0006 6100  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:47:02.0053 6100  adpahci - ok
22:47:02.0115 6100  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:47:02.0146 6100  adpu320 - ok
22:47:02.0178 6100  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:47:02.0380 6100  AeLookupSvc - ok
22:47:02.0443 6100  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:47:02.0536 6100  AFD - ok
22:47:02.0583 6100  [ 48091A2374A69F473273C44951195452 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
22:47:02.0630 6100  AgereModemAudio - ok
22:47:02.0708 6100  [ 0A5838AE776C4D489003CDD161557D39 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
22:47:02.0786 6100  AgereSoftModem - ok
22:47:02.0817 6100  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:47:02.0848 6100  agp440 - ok
22:47:02.0895 6100  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:47:02.0926 6100  aic78xx - ok
22:47:02.0973 6100  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:47:03.0020 6100  ALG - ok
22:47:03.0067 6100  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:47:03.0098 6100  aliide - ok
22:47:03.0114 6100  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:47:03.0160 6100  amdagp - ok
22:47:03.0176 6100  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:47:03.0207 6100  amdide - ok
22:47:03.0223 6100  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:47:03.0285 6100  AmdK8 - ok
22:47:03.0316 6100  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:47:03.0363 6100  AmdPPM - ok
22:47:03.0426 6100  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:47:03.0457 6100  amdsata - ok
22:47:03.0504 6100  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:47:03.0550 6100  amdsbs - ok
22:47:03.0566 6100  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:47:03.0613 6100  amdxata - ok
22:47:03.0753 6100  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:47:03.0784 6100  AntiVirSchedulerService - ok
22:47:03.0831 6100  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:47:03.0862 6100  AntiVirService - ok
22:47:03.0909 6100  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:47:03.0987 6100  AppID - ok
22:47:04.0034 6100  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:47:04.0112 6100  AppIDSvc - ok
22:47:04.0159 6100  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
22:47:04.0221 6100  Appinfo - ok
22:47:04.0252 6100  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:47:04.0315 6100  AppMgmt - ok
22:47:04.0346 6100  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
22:47:04.0377 6100  arc - ok
22:47:04.0408 6100  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:47:04.0440 6100  arcsas - ok
22:47:04.0471 6100  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:47:04.0627 6100  AsyncMac - ok
22:47:04.0642 6100  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:47:04.0689 6100  atapi - ok
22:47:04.0830 6100  [ 274C792DBE80437452F6FC110E4DA742 ] athr            C:\Windows\system32\DRIVERS\athr.sys
22:47:04.0954 6100  athr - ok
22:47:05.0017 6100  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:47:05.0126 6100  AudioEndpointBuilder - ok
22:47:05.0157 6100  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:47:05.0235 6100  Audiosrv - ok
22:47:05.0282 6100  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:47:05.0329 6100  avgntflt - ok
22:47:05.0376 6100  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:47:05.0422 6100  avipbb - ok
22:47:05.0438 6100  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:47:05.0469 6100  avkmgr - ok
22:47:05.0516 6100  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:47:05.0594 6100  AxInstSV - ok
22:47:05.0641 6100  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
22:47:05.0703 6100  b06bdrv - ok
22:47:05.0750 6100  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:47:05.0844 6100  b57nd60x - ok
22:47:05.0890 6100  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:47:05.0984 6100  BDESVC - ok
22:47:06.0015 6100  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:47:06.0109 6100  Beep - ok
22:47:06.0202 6100  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:47:06.0296 6100  BFE - ok
22:47:06.0343 6100  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
22:47:06.0436 6100  BITS - ok
22:47:06.0468 6100  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:47:06.0514 6100  blbdrive - ok
22:47:06.0546 6100  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:47:06.0608 6100  bowser - ok
22:47:06.0639 6100  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:47:06.0686 6100  BrFiltLo - ok
22:47:06.0717 6100  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:47:06.0748 6100  BrFiltUp - ok
22:47:06.0811 6100  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:47:06.0889 6100  BridgeMP - ok
22:47:06.0920 6100  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:47:06.0982 6100  Browser - ok
22:47:07.0014 6100  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:47:07.0092 6100  Brserid - ok
22:47:07.0107 6100  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:47:07.0170 6100  BrSerWdm - ok
22:47:07.0170 6100  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:47:07.0216 6100  BrUsbMdm - ok
22:47:07.0232 6100  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:47:07.0279 6100  BrUsbSer - ok
22:47:07.0341 6100  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:47:07.0404 6100  BthEnum - ok
22:47:07.0419 6100  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:47:07.0466 6100  BTHMODEM - ok
22:47:07.0513 6100  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:47:07.0575 6100  BthPan - ok
22:47:07.0622 6100  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:47:07.0684 6100  BTHPORT - ok
22:47:07.0731 6100  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:47:07.0809 6100  bthserv - ok
22:47:07.0840 6100  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:47:07.0887 6100  BTHUSB - ok
22:47:08.0012 6100  catchme - ok
22:47:08.0059 6100  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:47:08.0137 6100  cdfs - ok
22:47:08.0184 6100  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:47:08.0230 6100  cdrom - ok
22:47:08.0277 6100  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:47:08.0355 6100  CertPropSvc - ok
22:47:08.0402 6100  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:47:08.0433 6100  circlass - ok
22:47:08.0480 6100  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:47:08.0527 6100  CLFS - ok
22:47:08.0605 6100  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:47:08.0636 6100  clr_optimization_v2.0.50727_32 - ok
22:47:08.0714 6100  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:47:08.0745 6100  clr_optimization_v4.0.30319_32 - ok
22:47:08.0776 6100  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:47:08.0823 6100  CmBatt - ok
22:47:08.0854 6100  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:47:08.0886 6100  cmdide - ok
22:47:08.0932 6100  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:47:09.0010 6100  CNG - ok
22:47:09.0057 6100  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:47:09.0088 6100  Compbatt - ok
22:47:09.0120 6100  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:47:09.0182 6100  CompositeBus - ok
22:47:09.0198 6100  COMSysApp - ok
22:47:09.0244 6100  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:47:09.0276 6100  crcdisk - ok
22:47:09.0322 6100  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:47:09.0385 6100  CryptSvc - ok
22:47:09.0432 6100  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
22:47:09.0510 6100  CSC - ok
22:47:09.0556 6100  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
22:47:09.0619 6100  CscService - ok
22:47:09.0681 6100  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:47:09.0806 6100  DcomLaunch - ok
22:47:09.0837 6100  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:47:09.0915 6100  defragsvc - ok
22:47:09.0962 6100  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:47:10.0040 6100  DfsC - ok
22:47:10.0102 6100  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:47:10.0165 6100  Dhcp - ok
22:47:10.0196 6100  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:47:10.0274 6100  discache - ok
22:47:10.0305 6100  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
22:47:10.0352 6100  Disk - ok
22:47:10.0383 6100  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
22:47:10.0430 6100  dmvsc - ok
22:47:10.0477 6100  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:47:10.0555 6100  Dnscache - ok
22:47:10.0602 6100  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:47:10.0680 6100  dot3svc - ok
22:47:10.0711 6100  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:47:10.0804 6100  DPS - ok
22:47:10.0851 6100  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:47:10.0898 6100  drmkaud - ok
22:47:10.0960 6100  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:47:11.0023 6100  DXGKrnl - ok
22:47:11.0070 6100  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
22:47:11.0116 6100  e1express - ok
22:47:11.0163 6100  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:47:11.0272 6100  EapHost - ok
22:47:11.0428 6100  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
22:47:11.0569 6100  ebdrv - ok
22:47:11.0600 6100  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:47:11.0662 6100  EFS - ok
22:47:11.0740 6100  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:47:11.0834 6100  ehRecvr - ok
22:47:11.0850 6100  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:47:11.0896 6100  ehSched - ok
22:47:11.0943 6100  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:47:12.0006 6100  elxstor - ok
22:47:12.0021 6100  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:47:12.0068 6100  ErrDev - ok
22:47:12.0115 6100  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:47:12.0208 6100  EventSystem - ok
22:47:12.0224 6100  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:47:12.0302 6100  exfat - ok
22:47:12.0333 6100  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:47:12.0411 6100  fastfat - ok
22:47:12.0458 6100  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:47:12.0552 6100  Fax - ok
22:47:12.0583 6100  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
22:47:12.0630 6100  fdc - ok
22:47:12.0661 6100  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:47:12.0739 6100  fdPHost - ok
22:47:12.0770 6100  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:47:12.0848 6100  FDResPub - ok
22:47:12.0879 6100  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:47:12.0910 6100  FileInfo - ok
22:47:12.0957 6100  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:47:13.0020 6100  Filetrace - ok
22:47:13.0035 6100  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:47:13.0082 6100  flpydisk - ok
22:47:13.0129 6100  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:47:13.0176 6100  FltMgr - ok
22:47:13.0254 6100  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
22:47:13.0332 6100  FontCache - ok
22:47:13.0394 6100  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:47:13.0425 6100  FontCache3.0.0.0 - ok
22:47:13.0456 6100  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:47:13.0488 6100  FsDepends - ok
22:47:13.0519 6100  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:47:13.0550 6100  Fs_Rec - ok
22:47:13.0597 6100  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:47:13.0644 6100  fvevol - ok
22:47:13.0675 6100  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:47:13.0722 6100  gagp30kx - ok
22:47:13.0768 6100  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:47:13.0862 6100  gpsvc - ok
22:47:13.0909 6100  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:47:13.0956 6100  hcw85cir - ok
22:47:14.0002 6100  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:47:14.0065 6100  HdAudAddService - ok
22:47:14.0112 6100  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:47:14.0143 6100  HDAudBus - ok
22:47:14.0174 6100  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:47:14.0221 6100  HidBatt - ok
22:47:14.0236 6100  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:47:14.0283 6100  HidBth - ok
22:47:14.0314 6100  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:47:14.0377 6100  HidIr - ok
22:47:14.0408 6100  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
22:47:14.0486 6100  hidserv - ok
22:47:14.0580 6100  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:47:14.0642 6100  HidUsb - ok
22:47:14.0673 6100  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:47:14.0751 6100  hkmsvc - ok
22:47:14.0798 6100  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:47:14.0860 6100  HomeGroupListener - ok
22:47:14.0892 6100  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:47:14.0970 6100  HomeGroupProvider - ok
22:47:15.0001 6100  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:47:15.0032 6100  HpSAMD - ok
22:47:15.0079 6100  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:47:15.0157 6100  HTTP - ok
22:47:15.0188 6100  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:47:15.0219 6100  hwpolicy - ok
22:47:15.0250 6100  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:47:15.0297 6100  i8042prt - ok
22:47:15.0344 6100  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:47:15.0391 6100  iaStorV - ok
22:47:15.0469 6100  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:47:15.0531 6100  idsvc - ok
22:47:16.0249 6100  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
22:47:16.0452 6100  igfx - ok
22:47:16.0498 6100  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:47:16.0545 6100  iirsp - ok
22:47:16.0608 6100  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:47:16.0717 6100  IKEEXT - ok
22:47:16.0951 6100  [ EEE7AF1955C638EEB7BC8D9EBABBA54F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:47:17.0138 6100  IntcAzAudAddService - ok
22:47:17.0216 6100  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:47:17.0247 6100  intelide - ok
22:47:17.0278 6100  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:47:17.0310 6100  intelppm - ok
22:47:17.0341 6100  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:47:17.0434 6100  IPBusEnum - ok
22:47:17.0466 6100  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:47:17.0544 6100  IpFilterDriver - ok
22:47:17.0622 6100  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:47:17.0684 6100  iphlpsvc - ok
22:47:17.0715 6100  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:47:17.0762 6100  IPMIDRV - ok
22:47:17.0778 6100  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:47:17.0856 6100  IPNAT - ok
22:47:17.0902 6100  [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda            C:\Windows\system32\DRIVERS\irda.sys
22:47:17.0965 6100  irda - ok
22:47:17.0996 6100  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:47:18.0058 6100  IRENUM - ok
22:47:18.0105 6100  [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon           C:\Windows\System32\irmon.dll
22:47:18.0168 6100  Irmon - ok
22:47:18.0183 6100  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:47:18.0214 6100  isapnp - ok
22:47:18.0277 6100  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:47:18.0339 6100  iScsiPrt - ok
22:47:18.0370 6100  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:47:18.0417 6100  kbdclass - ok
22:47:18.0448 6100  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:47:18.0495 6100  kbdhid - ok
22:47:18.0526 6100  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:47:18.0558 6100  KeyIso - ok
22:47:18.0589 6100  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:47:18.0620 6100  KSecDD - ok
22:47:18.0651 6100  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:47:18.0682 6100  KSecPkg - ok
22:47:18.0729 6100  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:47:18.0807 6100  KtmRm - ok
22:47:18.0870 6100  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:47:18.0948 6100  LanmanServer - ok
22:47:18.0994 6100  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:47:19.0057 6100  LanmanWorkstation - ok
22:47:19.0119 6100  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:47:19.0197 6100  lltdio - ok
22:47:19.0244 6100  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:47:19.0322 6100  lltdsvc - ok
22:47:19.0353 6100  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:47:19.0431 6100  lmhosts - ok
22:47:19.0478 6100  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:47:19.0525 6100  LSI_FC - ok
22:47:19.0540 6100  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:47:19.0587 6100  LSI_SAS - ok
22:47:19.0603 6100  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:47:19.0634 6100  LSI_SAS2 - ok
22:47:19.0665 6100  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:47:19.0696 6100  LSI_SCSI - ok
22:47:19.0728 6100  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:47:19.0806 6100  luafv - ok
22:47:19.0899 6100  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:47:19.0930 6100  MBAMProtector - ok
22:47:19.0993 6100  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:47:20.0040 6100  MBAMScheduler - ok
22:47:20.0086 6100  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:47:20.0164 6100  MBAMService - ok
22:47:20.0211 6100  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:47:20.0242 6100  Mcx2Svc - ok
22:47:20.0289 6100  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:47:20.0320 6100  megasas - ok
22:47:20.0352 6100  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:47:20.0398 6100  MegaSR - ok
22:47:20.0430 6100  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:47:20.0508 6100  MMCSS - ok
22:47:20.0539 6100  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:47:20.0617 6100  Modem - ok
22:47:20.0664 6100  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:47:20.0710 6100  monitor - ok
22:47:20.0757 6100  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:47:20.0788 6100  mouclass - ok
22:47:20.0820 6100  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:47:20.0882 6100  mouhid - ok
22:47:20.0929 6100  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:47:20.0960 6100  mountmgr - ok
22:47:21.0022 6100  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:47:21.0054 6100  MozillaMaintenance - ok
22:47:21.0100 6100  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:47:21.0147 6100  mpio - ok
22:47:21.0163 6100  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:47:21.0225 6100  mpsdrv - ok
22:47:21.0272 6100  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:47:21.0381 6100  MpsSvc - ok
22:47:21.0428 6100  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:47:21.0490 6100  MRxDAV - ok
22:47:21.0522 6100  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:47:21.0584 6100  mrxsmb - ok
22:47:21.0615 6100  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:47:21.0678 6100  mrxsmb10 - ok
22:47:21.0709 6100  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:47:21.0756 6100  mrxsmb20 - ok
22:47:21.0787 6100  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:47:21.0818 6100  msahci - ok
22:47:21.0849 6100  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:47:21.0880 6100  msdsm - ok
22:47:21.0912 6100  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:47:21.0974 6100  MSDTC - ok
22:47:22.0021 6100  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:47:22.0083 6100  Msfs - ok
22:47:22.0130 6100  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:47:22.0208 6100  mshidkmdf - ok
22:47:22.0224 6100  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:47:22.0270 6100  msisadrv - ok
22:47:22.0317 6100  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:47:22.0411 6100  MSiSCSI - ok
22:47:22.0426 6100  msiserver - ok
22:47:22.0489 6100  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:47:22.0567 6100  MSKSSRV - ok
22:47:22.0598 6100  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:47:22.0692 6100  MSPCLOCK - ok
22:47:22.0707 6100  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:47:22.0770 6100  MSPQM - ok
22:47:22.0816 6100  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:47:22.0863 6100  MsRPC - ok
22:47:22.0894 6100  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:47:22.0926 6100  mssmbios - ok
22:47:22.0957 6100  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:47:23.0035 6100  MSTEE - ok
22:47:23.0035 6100  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:47:23.0082 6100  MTConfig - ok
22:47:23.0113 6100  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:47:23.0144 6100  Mup - ok
22:47:23.0191 6100  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:47:23.0300 6100  napagent - ok
22:47:23.0347 6100  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:47:23.0409 6100  NativeWifiP - ok
22:47:23.0487 6100  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:47:23.0581 6100  NDIS - ok
22:47:23.0596 6100  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:47:23.0690 6100  NdisCap - ok
22:47:23.0721 6100  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:47:23.0799 6100  NdisTapi - ok
22:47:23.0830 6100  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:47:23.0908 6100  Ndisuio - ok
22:47:23.0940 6100  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:47:24.0018 6100  NdisWan - ok
22:47:24.0064 6100  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:47:24.0127 6100  NDProxy - ok
22:47:24.0174 6100  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:47:24.0252 6100  NetBIOS - ok
22:47:24.0283 6100  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:47:24.0376 6100  NetBT - ok
22:47:24.0392 6100  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:47:24.0423 6100  Netlogon - ok
22:47:24.0486 6100  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:47:24.0564 6100  Netman - ok
22:47:24.0610 6100  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:47:24.0704 6100  netprofm - ok
22:47:24.0735 6100  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:47:24.0766 6100  NetTcpPortSharing - ok
22:47:24.0813 6100  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:47:24.0844 6100  nfrd960 - ok
22:47:24.0891 6100  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:47:24.0938 6100  NlaSvc - ok
22:47:24.0969 6100  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:47:25.0047 6100  Npfs - ok
22:47:25.0094 6100  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
22:47:25.0156 6100  NSCIRDA - ok
22:47:25.0188 6100  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:47:25.0281 6100  nsi - ok
22:47:25.0312 6100  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:47:25.0390 6100  nsiproxy - ok
22:47:25.0468 6100  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:47:25.0562 6100  Ntfs - ok
22:47:25.0593 6100  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:47:25.0671 6100  Null - ok
22:47:25.0718 6100  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:47:25.0765 6100  nvraid - ok
22:47:25.0780 6100  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:47:25.0827 6100  nvstor - ok
22:47:25.0858 6100  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:47:25.0890 6100  nv_agp - ok
22:47:25.0936 6100  [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
22:47:25.0968 6100  O2FLASH - ok
22:47:25.0999 6100  [ 9BA48E9522BBBE594FB03EC5850D3127 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
22:47:26.0030 6100  O2MDRDR - ok
22:47:26.0077 6100  [ 13B43E968345CFA1C3BAEF007CD984B6 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
22:47:26.0092 6100  O2SDRDR - ok
22:47:26.0186 6100  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:47:26.0233 6100  odserv - ok
22:47:26.0280 6100  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:47:26.0326 6100  ohci1394 - ok
22:47:26.0373 6100  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:47:26.0404 6100  ose - ok
22:47:26.0467 6100  [ AB2B07AC4AFD38F574D903EAF9E98A60 ] OZSCR           C:\Windows\system32\DRIVERS\ozscr.sys
22:47:26.0529 6100  OZSCR - ok
22:47:26.0576 6100  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:47:26.0638 6100  p2pimsvc - ok
22:47:26.0685 6100  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:47:26.0748 6100  p2psvc - ok
22:47:26.0779 6100  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:47:26.0826 6100  Parport - ok
22:47:26.0857 6100  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:47:26.0888 6100  partmgr - ok
22:47:26.0904 6100  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:47:26.0950 6100  Parvdm - ok
22:47:26.0982 6100  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:47:27.0028 6100  PcaSvc - ok
22:47:27.0060 6100  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:47:27.0091 6100  pci - ok
22:47:27.0122 6100  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:47:27.0153 6100  pciide - ok
22:47:27.0200 6100  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:47:27.0231 6100  pcmcia - ok
22:47:27.0262 6100  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:47:27.0294 6100  pcw - ok
22:47:27.0340 6100  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:47:27.0465 6100  PEAUTH - ok
22:47:27.0543 6100  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:47:27.0621 6100  PeerDistSvc - ok
22:47:27.0730 6100  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:47:27.0871 6100  pla - ok
22:47:27.0964 6100  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:47:28.0027 6100  PlugPlay - ok
22:47:28.0058 6100  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:47:28.0105 6100  PNRPAutoReg - ok
22:47:28.0136 6100  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:47:28.0183 6100  PNRPsvc - ok
22:47:28.0230 6100  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:47:28.0308 6100  PolicyAgent - ok
22:47:28.0370 6100  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:47:28.0448 6100  Power - ok
22:47:28.0495 6100  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:47:28.0588 6100  PptpMiniport - ok
22:47:28.0620 6100  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
22:47:28.0666 6100  Processor - ok
22:47:28.0729 6100  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:47:28.0791 6100  ProfSvc - ok
22:47:28.0822 6100  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:47:28.0869 6100  ProtectedStorage - ok
22:47:28.0900 6100  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:47:28.0978 6100  Psched - ok
22:47:29.0025 6100  [ C50DE6D0C04B230F185A13FDE0F047FA ] pwdrvio         C:\Windows\system32\pwdrvio.sys
22:47:29.0056 6100  pwdrvio - ok
22:47:29.0088 6100  [ CDC5704308222400AD606BCF87B006A5 ] pwdspio         C:\Windows\system32\pwdspio.sys
22:47:29.0119 6100  pwdspio - ok
22:47:29.0197 6100  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:47:29.0322 6100  ql2300 - ok
22:47:29.0368 6100  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:47:29.0400 6100  ql40xx - ok
22:47:29.0446 6100  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:47:29.0509 6100  QWAVE - ok
22:47:29.0540 6100  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:47:29.0602 6100  QWAVEdrv - ok
22:47:29.0618 6100  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:47:29.0712 6100  RasAcd - ok
22:47:29.0743 6100  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:47:29.0821 6100  RasAgileVpn - ok
22:47:29.0852 6100  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:47:29.0946 6100  RasAuto - ok
22:47:29.0992 6100  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:47:30.0086 6100  Rasl2tp - ok
22:47:30.0133 6100  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:47:30.0226 6100  RasMan - ok
22:47:30.0273 6100  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:47:30.0351 6100  RasPppoe - ok
22:47:30.0367 6100  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:47:30.0445 6100  RasSstp - ok
22:47:30.0492 6100  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:47:30.0570 6100  rdbss - ok
22:47:30.0601 6100  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:47:30.0632 6100  rdpbus - ok
22:47:30.0663 6100  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:47:30.0741 6100  RDPCDD - ok
22:47:30.0788 6100  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:47:30.0850 6100  RDPDR - ok
22:47:30.0882 6100  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:47:30.0960 6100  RDPENCDD - ok
22:47:30.0991 6100  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:47:31.0069 6100  RDPREFMP - ok
22:47:31.0100 6100  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:47:31.0162 6100  RdpVideoMiniport - ok
22:47:31.0194 6100  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:47:31.0256 6100  RDPWD - ok
22:47:31.0303 6100  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:47:31.0334 6100  rdyboost - ok
22:47:31.0365 6100  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:47:31.0443 6100  RemoteAccess - ok
22:47:31.0474 6100  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:47:31.0568 6100  RemoteRegistry - ok
22:47:31.0615 6100  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:47:31.0662 6100  RFCOMM - ok
22:47:31.0708 6100  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:47:31.0802 6100  RpcEptMapper - ok
22:47:31.0849 6100  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:47:31.0896 6100  RpcLocator - ok
22:47:31.0927 6100  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
22:47:32.0005 6100  RpcSs - ok
22:47:32.0052 6100  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:47:32.0145 6100  rspndr - ok
22:47:32.0176 6100  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:47:32.0223 6100  s3cap - ok
22:47:32.0239 6100  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:47:32.0286 6100  SamSs - ok
22:47:32.0332 6100  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:47:32.0364 6100  sbp2port - ok
22:47:32.0395 6100  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:47:32.0488 6100  SCardSvr - ok
22:47:32.0520 6100  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:47:32.0598 6100  scfilter - ok
22:47:32.0644 6100  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:47:32.0754 6100  Schedule - ok
22:47:32.0769 6100  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:47:32.0847 6100  SCPolicySvc - ok
22:47:32.0878 6100  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:47:32.0925 6100  sdbus - ok
22:47:32.0972 6100  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:47:33.0034 6100  SDRSVC - ok
22:47:33.0066 6100  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:47:33.0159 6100  secdrv - ok
22:47:33.0175 6100  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:47:33.0268 6100  seclogon - ok
22:47:33.0300 6100  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
22:47:33.0393 6100  SENS - ok
22:47:33.0424 6100  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:47:33.0487 6100  SensrSvc - ok
22:47:33.0518 6100  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:47:33.0565 6100  Serenum - ok
22:47:33.0580 6100  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:47:33.0643 6100  Serial - ok
22:47:33.0674 6100  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:47:33.0721 6100  sermouse - ok
22:47:33.0752 6100  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:47:33.0846 6100  SessionEnv - ok
22:47:33.0861 6100  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:47:33.0908 6100  sffdisk - ok
22:47:33.0939 6100  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:47:33.0986 6100  sffp_mmc - ok
22:47:34.0002 6100  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:47:34.0048 6100  sffp_sd - ok
22:47:34.0064 6100  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:47:34.0111 6100  sfloppy - ok
22:47:34.0158 6100  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:47:34.0267 6100  SharedAccess - ok
22:47:34.0314 6100  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:47:34.0407 6100  ShellHWDetection - ok
22:47:34.0439 6100  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:47:34.0470 6100  sisagp - ok
22:47:34.0517 6100  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:47:34.0548 6100  SiSRaid2 - ok
22:47:34.0563 6100  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:47:34.0610 6100  SiSRaid4 - ok
22:47:34.0704 6100  [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:47:34.0735 6100  SkypeUpdate - ok
22:47:34.0766 6100  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:47:34.0829 6100  Smb - ok
22:47:34.0875 6100  [ D1BF7148144AD1851893E84363F78130 ] SMSCIRDA        C:\Windows\system32\DRIVERS\SMSCirda.sys
22:47:34.0907 6100  SMSCIRDA - ok
22:47:34.0969 6100  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:47:35.0016 6100  SNMPTRAP - ok
22:47:35.0047 6100  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:47:35.0078 6100  spldr - ok
22:47:35.0109 6100  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
22:47:35.0187 6100  Spooler - ok
22:47:35.0343 6100  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:47:35.0577 6100  sppsvc - ok
22:47:35.0671 6100  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:47:35.0765 6100  sppuinotify - ok
22:47:35.0811 6100  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:47:35.0874 6100  srv - ok
22:47:35.0889 6100  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:47:35.0967 6100  srv2 - ok
22:47:36.0061 6100  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:47:36.0123 6100  SrvHsfHDA - ok
22:47:36.0186 6100  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:47:36.0295 6100  SrvHsfV92 - ok
22:47:36.0357 6100  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:47:36.0420 6100  SrvHsfWinac - ok
22:47:36.0451 6100  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:47:36.0498 6100  srvnet - ok
22:47:36.0529 6100  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:47:36.0623 6100  SSDPSRV - ok
22:47:36.0685 6100  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:47:36.0747 6100  ssmdrv - ok
22:47:36.0779 6100  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:47:36.0857 6100  SstpSvc - ok
22:47:36.0888 6100  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:47:36.0935 6100  stexstor - ok
22:47:36.0981 6100  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:47:37.0059 6100  StiSvc - ok
22:47:37.0091 6100  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:47:37.0122 6100  storflt - ok
22:47:37.0153 6100  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:47:37.0184 6100  storvsc - ok
22:47:37.0215 6100  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:47:37.0247 6100  swenum - ok
22:47:37.0293 6100  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:47:37.0387 6100  swprv - ok
22:47:37.0434 6100  [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
22:47:37.0465 6100  Synth3dVsc - ok
22:47:37.0527 6100  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:47:37.0621 6100  SysMain - ok
22:47:37.0652 6100  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:47:37.0699 6100  TabletInputService - ok
22:47:37.0730 6100  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:47:37.0824 6100  TapiSrv - ok
22:47:37.0855 6100  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:47:37.0949 6100  TBS - ok
22:47:38.0027 6100  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:47:38.0136 6100  Tcpip - ok
22:47:38.0229 6100  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:47:38.0323 6100  TCPIP6 - ok
22:47:38.0354 6100  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:47:38.0385 6100  tcpipreg - ok
22:47:38.0432 6100  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:47:38.0479 6100  TDPIPE - ok
22:47:38.0510 6100  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:47:38.0557 6100  TDTCP - ok
22:47:38.0588 6100  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:47:38.0651 6100  tdx - ok
22:47:38.0682 6100  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:47:38.0713 6100  TermDD - ok
22:47:38.0729 6100  [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt        C:\Windows\system32\drivers\terminpt.sys
22:47:38.0775 6100  terminpt - ok
22:47:38.0822 6100  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:47:38.0931 6100  TermService - ok
22:47:38.0947 6100  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:47:39.0009 6100  Themes - ok
22:47:39.0041 6100  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:47:39.0103 6100  THREADORDER - ok
22:47:39.0150 6100  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
22:47:39.0197 6100  TPM - ok
22:47:39.0243 6100  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:47:39.0337 6100  TrkWks - ok
22:47:39.0399 6100  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:47:39.0477 6100  TrustedInstaller - ok
22:47:39.0524 6100  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:47:39.0618 6100  tssecsrv - ok
22:47:39.0649 6100  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:47:39.0696 6100  TsUsbFlt - ok
22:47:39.0727 6100  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:47:39.0758 6100  TsUsbGD - ok
22:47:39.0805 6100  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
22:47:39.0852 6100  tsusbhub - ok
22:47:39.0914 6100  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:47:39.0992 6100  tunnel - ok
22:47:40.0023 6100  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:47:40.0055 6100  uagp35 - ok
22:47:40.0086 6100  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:47:40.0179 6100  udfs - ok
22:47:40.0242 6100  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:47:40.0289 6100  UI0Detect - ok
22:47:40.0320 6100  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:47:40.0367 6100  uliagpkx - ok
22:47:40.0413 6100  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:47:40.0460 6100  umbus - ok
22:47:40.0476 6100  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:47:40.0523 6100  UmPass - ok
22:47:40.0569 6100  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:47:40.0632 6100  UmRdpService - ok
22:47:40.0663 6100  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:47:40.0757 6100  upnphost - ok
22:47:40.0788 6100  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:47:40.0835 6100  usbccgp - ok
22:47:40.0881 6100  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:47:40.0928 6100  usbcir - ok
22:47:40.0959 6100  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:47:41.0006 6100  usbehci - ok
22:47:41.0053 6100  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:47:41.0100 6100  usbhub - ok
22:47:41.0115 6100  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:47:41.0178 6100  usbohci - ok
22:47:41.0209 6100  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:47:41.0271 6100  usbprint - ok
22:47:41.0303 6100  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:47:41.0349 6100  usbscan - ok
22:47:41.0381 6100  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:47:41.0459 6100  USBSTOR - ok
22:47:41.0490 6100  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:47:41.0521 6100  usbuhci - ok
22:47:41.0552 6100  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:47:41.0630 6100  UxSms - ok
22:47:41.0646 6100  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:47:41.0693 6100  VaultSvc - ok
22:47:41.0739 6100  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:47:41.0755 6100  vdrvroot - ok
22:47:41.0802 6100  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:47:41.0911 6100  vds - ok
22:47:41.0942 6100  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:47:41.0973 6100  vga - ok
22:47:41.0989 6100  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:47:42.0051 6100  VgaSave - ok
22:47:42.0067 6100  VGPU - ok
22:47:42.0098 6100  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:47:42.0129 6100  vhdmp - ok
22:47:42.0145 6100  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:47:42.0176 6100  viaagp - ok
22:47:42.0192 6100  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:47:42.0223 6100  ViaC7 - ok
22:47:42.0239 6100  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:47:42.0254 6100  viaide - ok
22:47:42.0285 6100  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:47:42.0317 6100  vmbus - ok
22:47:42.0332 6100  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:47:42.0363 6100  VMBusHID - ok
22:47:42.0395 6100  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:47:42.0410 6100  volmgr - ok
22:47:42.0426 6100  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:47:42.0457 6100  volmgrx - ok
22:47:42.0473 6100  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:47:42.0504 6100  volsnap - ok
22:47:42.0535 6100  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:47:42.0582 6100  vsmraid - ok
22:47:42.0644 6100  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:47:42.0769 6100  VSS - ok
22:47:42.0785 6100  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:47:42.0831 6100  vwifibus - ok
22:47:42.0863 6100  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:47:42.0909 6100  vwififlt - ok
22:47:42.0956 6100  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:47:43.0050 6100  W32Time - ok
22:47:43.0081 6100  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:47:43.0128 6100  WacomPen - ok
22:47:43.0159 6100  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:47:43.0253 6100  WANARP - ok
22:47:43.0253 6100  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:47:43.0315 6100  Wanarpv6 - ok
22:47:43.0393 6100  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:47:43.0487 6100  wbengine - ok
22:47:43.0502 6100  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:47:43.0580 6100  WbioSrvc - ok
22:47:43.0611 6100  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:47:43.0674 6100  wcncsvc - ok
22:47:43.0705 6100  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:47:43.0767 6100  WcsPlugInService - ok
22:47:43.0814 6100  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
22:47:43.0845 6100  Wd - ok
22:47:43.0892 6100  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:47:43.0939 6100  Wdf01000 - ok
22:47:43.0970 6100  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:47:44.0173 6100  WdiServiceHost - ok
22:47:44.0189 6100  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:47:44.0235 6100  WdiSystemHost - ok
22:47:44.0267 6100  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:47:44.0345 6100  WebClient - ok
22:47:44.0376 6100  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:47:44.0454 6100  Wecsvc - ok
22:47:44.0485 6100  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:47:44.0563 6100  wercplsupport - ok
22:47:44.0594 6100  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:47:44.0688 6100  WerSvc - ok
22:47:44.0735 6100  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:47:44.0813 6100  WfpLwf - ok
22:47:44.0828 6100  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:47:44.0859 6100  WIMMount - ok
22:47:44.0937 6100  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:47:45.0000 6100  WinDefend - ok
22:47:45.0031 6100  WinHttpAutoProxySvc - ok
22:47:45.0093 6100  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:47:45.0156 6100  Winmgmt - ok
22:47:45.0234 6100  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:47:45.0359 6100  WinRM - ok
22:47:45.0452 6100  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:47:45.0530 6100  Wlansvc - ok
22:47:45.0577 6100  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:47:45.0608 6100  WmiAcpi - ok
22:47:45.0655 6100  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:47:45.0717 6100  wmiApSrv - ok
22:47:45.0795 6100  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:47:45.0905 6100  WMPNetworkSvc - ok
22:47:45.0936 6100  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:47:46.0014 6100  WPCSvc - ok
22:47:46.0029 6100  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:47:46.0092 6100  WPDBusEnum - ok
22:47:46.0123 6100  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:47:46.0201 6100  ws2ifsl - ok
22:47:46.0248 6100  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
22:47:46.0295 6100  wscsvc - ok
22:47:46.0310 6100  WSearch - ok
22:47:46.0419 6100  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:47:46.0544 6100  wuauserv - ok
22:47:46.0653 6100  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:47:46.0685 6100  WudfPf - ok
22:47:46.0731 6100  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:47:46.0794 6100  WUDFRd - ok
22:47:46.0825 6100  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:47:46.0872 6100  wudfsvc - ok
22:47:46.0919 6100  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:47:46.0981 6100  WwanSvc - ok
22:47:47.0075 6100  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
22:47:47.0106 6100  yukonw7 - ok
22:47:47.0168 6100  ================ Scan global ===============================
22:47:47.0199 6100  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:47:47.0231 6100  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:47:47.0246 6100  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:47:47.0293 6100  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:47:47.0340 6100  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:47:47.0340 6100  [Global] - ok
22:47:47.0355 6100  ================ Scan MBR ==================================
22:47:47.0355 6100  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:47:47.0621 6100  \Device\Harddisk0\DR0 - ok
22:47:47.0621 6100  ================ Scan VBR ==================================
22:47:47.0636 6100  [ 348BC5E8D782CD2984EC52BBE7B2B339 ] \Device\Harddisk0\DR0\Partition1
22:47:47.0636 6100  \Device\Harddisk0\DR0\Partition1 - ok
22:47:47.0667 6100  [ 8F8CFCA14184542F6C25C2D6CD330C69 ] \Device\Harddisk0\DR0\Partition2
22:47:47.0667 6100  \Device\Harddisk0\DR0\Partition2 - ok
22:47:47.0699 6100  [ 83B62635C343AC98BA33AC83C09EA3C6 ] \Device\Harddisk0\DR0\Partition3
22:47:47.0699 6100  \Device\Harddisk0\DR0\Partition3 - ok
22:47:47.0699 6100  ============================================================
22:47:47.0699 6100  Scan finished
22:47:47.0699 6100  ============================================================
22:47:47.0730 5168  Detected object count: 0
22:47:47.0730 5168  Actual detected object count: 0

cosinus · 22.05.2013, 22:06

ok

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

kiwibiwi · 22.05.2013, 22:09

meinst du mit schutzsoftware beenden mein Avira deaktivieren?

cosinus · 22.05.2013, 22:18

ja genau das ist gemeint => Wächter (Hintergrundscanner bzw. residenter Schutz) soll deaktiviert werden

kiwibiwi · 22.05.2013, 22:19

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by y on 22.05.2013 at 23:15:14,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\y\AppData\Roaming\mozilla\firefox\profiles\nv6eky7x.default\user.js
Emptied folder: C:\Users\y\AppData\Roaming\mozilla\firefox\profiles\nv6eky7x.default\minidumps [68 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2013 at 23:18:37,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kann ich den adwCleaner nun starten?

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 22/05/2013 um 23:28:27 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : y - Y-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\y\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\y\AppData\Roaming\Mozilla\Firefox\Profiles\nv6eky7x.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [771 octets] - [22/05/2013 23:28:27]

########## EOF - C:\AdwCleaner[S1].txt - [830 octets] ##########

Code:

ATTFilter

OTL logfile created on: 22.05.2013 23:50:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\y\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,15% Memory free
3,98 Gb Paging File | 3,02 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,18 Gb Total Space | 19,41 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
Drive E: | 37,24 Gb Total Space | 37,15 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: Y-PC | User Name: y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\y\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (catchme) -- C:\Users\y\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (OZSCR) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 C0 34 87 BC 9D CC 01  [binary data]
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 21:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 21:39:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.08 04:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\y\AppData\Roaming\mozilla\Extensions
[2013.02.11 20:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\y\AppData\Roaming\mozilla\Firefox\Profiles\nv6eky7x.default\extensions
[2013.04.12 21:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 21:39:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.11 18:37:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.11 18:37:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.11 18:37:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.11 18:37:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.11 18:37:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.11 18:37:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 00:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-540140884-1441250459-233020522-1000..\Run: [Ytnaopy] C:\Users\y\AppData\Roaming\Wyah\xomae.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-540140884-1441250459-233020522-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0023E3B8-FAFB-4C01-AFD4-5AB39E83F64F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8AAA937-745D-437D-A29E-F4E2A7450CA4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E0699F-D7D4-4AAE-9E61-4F38D547B1BD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5BBEE0-0131-4A51-9FFE-817E0F3300E6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 23:15:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 23:14:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 23:07:16 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\y\Desktop\JRT.exe
[2013.05.22 18:12:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\y\Desktop\tdsskiller.exe
[2013.05.22 18:11:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\y\Desktop\aswMBR.exe
[2013.05.21 21:30:24 | 000,000,000 | ---D | C] -- C:\Users\y\Desktop\mbar
[2013.05.21 19:19:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.21 19:12:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.18 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Skype
[2013.05.18 17:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.18 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.18 17:45:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.05.18 17:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.05.17 00:15:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.17 00:02:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 00:02:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 00:02:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 00:01:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 00:01:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Local\Programs
[2013.05.16 11:07:02 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Malwarebytes
[2013.05.16 11:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 11:05:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.16 11:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.15 20:50:28 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 20:50:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 20:50:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.15 20:50:25 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 20:50:24 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 20:50:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 20:50:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 20:50:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.15 20:50:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.15 20:50:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 20:11:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 20:11:14 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 20:11:09 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 20:11:02 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 20:11:01 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.14 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.14 18:27:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.14 18:27:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.14 18:27:32 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.13 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Wyah
[2013.05.13 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Loobyr
[2013.05.13 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Gygous
[2013.05.07 23:20:35 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 23:47:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.22 23:47:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.22 23:47:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.22 23:47:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.22 23:38:28 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 23:38:28 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 23:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 23:30:40 | 1602,981,888 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 23:10:05 | 000,632,031 | ---- | M] () -- C:\Users\y\Desktop\adwcleaner.exe
[2013.05.22 23:07:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\y\Desktop\JRT.exe
[2013.05.22 18:32:36 | 000,000,512 | ---- | M] () -- C:\Users\y\Desktop\MBR.dat
[2013.05.22 18:13:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\y\Desktop\aswMBR.exe
[2013.05.22 18:12:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\y\Desktop\tdsskiller.exe
[2013.05.21 21:27:12 | 012,917,756 | ---- | M] () -- C:\Users\y\Desktop\mbar-1.05.0.1001.zip
[2013.05.21 21:24:48 | 000,377,856 | ---- | M] () -- C:\Users\y\Desktop\gmer_2.1.19163.exe
[2013.05.18 17:45:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 00:12:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.15 21:06:59 | 000,409,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 19:20:11 | 001,591,218 | ---- | M] () -- C:\Users\y\Desktop\4 07052013 Politik_Recht_Schule.pdf
[2013.05.07 23:20:16 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.22 23:09:52 | 000,632,031 | ---- | C] () -- C:\Users\y\Desktop\adwcleaner.exe
[2013.05.22 18:32:36 | 000,000,512 | ---- | C] () -- C:\Users\y\Desktop\MBR.dat
[2013.05.21 21:26:51 | 012,917,756 | ---- | C] () -- C:\Users\y\Desktop\mbar-1.05.0.1001.zip
[2013.05.21 21:24:39 | 000,377,856 | ---- | C] () -- C:\Users\y\Desktop\gmer_2.1.19163.exe
[2013.05.18 17:45:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 00:02:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 00:02:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 00:02:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 00:02:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 00:02:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.15 19:20:09 | 001,591,218 | ---- | C] () -- C:\Users\y\Desktop\4 07052013 Politik_Recht_Schule.pdf
[2013.03.24 13:20:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.01.31 17:02:34 | 000,223,608 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.11.04 15:39:22 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.11.04 15:39:21 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.11.04 15:39:18 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 22.05.2013 23:50:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\y\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,15% Memory free
3,98 Gb Paging File | 3,02 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,18 Gb Total Space | 19,41 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
Drive E: | 37,24 Gb Total Space | 37,15 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: Y-PC | User Name: y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46F14526-1922-463A-BC16-14F7A7549E35}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EA78080-C0DE-4398-9534-FFEBF146613F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{67613727-C158-466B-A0C9-EE1B43EDDD6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75572CFA-AA61-4AE6-9E5E-5A5F4540C32C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{83731113-5692-471A-85B8-55352C7152F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AEFE56AF-F53C-48D5-B5A3-E5D76366EA67}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"TCP Query User{2629B16E-DBEB-4313-9ECC-5AE1266D3D7D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{6F0D629C-A467-40F7-BD17-E4E7A98F9D4D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{79789C45-90F0-47DB-AA64-FFA517500698}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{BCE893FE-D4AC-4DAC-A025-9AEF7C2E8055}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E16A27B3-5CAD-40BF-88DF-0A7824B7E1BB}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{F920535C-0424-4A05-A070-FC2D471887DB}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{105FCC26-DF09-41EA-AB67-168648BA2B84}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{30860359-A2C9-40A2-B9C7-E32C64FDB537}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5F383793-5F8B-4B28-9774-EECAC8514CC4}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{A1DFBBAF-FFE5-4709-9AE3-D290FD352F47}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BFB46CBE-4C50-4236-A4FA-8237F0F8C12C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{F0580D81-434D-48AF-ADF6-B6F91ED1ECAF}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C31FFDC-E796-4884-B990-41B9A5B2A647}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.1.11
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.05.2013 17:32:30 | Computer Name = y-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.05.2013 17:28:22 | Computer Name = y-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

cosinus · 23.05.2013, 08:54

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-21-540140884-1441250459-233020522-1000..\Run: [Ytnaopy] C:\Users\y\AppData\Roaming\Wyah\xomae.exe File not found
[2013.05.22 18:32:36 | 000,000,512 | ---- | C] () -- C:\Users\y\Desktop\MBR.dat
[2013.05.13 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Wyah
[2013.05.13 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Loobyr
[2013.05.13 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Gygous
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

kiwibiwi · 23.05.2013, 10:35

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-540140884-1441250459-233020522-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ytnaopy deleted successfully.
C:\Users\y\Desktop\MBR.dat moved successfully.
C:\Users\y\AppData\Roaming\Wyah folder moved successfully.
C:\Users\y\AppData\Roaming\Loobyr folder moved successfully.
C:\Users\y\AppData\Roaming\Gygous folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\y\Downloads\cmd.bat deleted successfully.
C:\Users\y\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: y
->Temp folder emptied: 107476845 bytes
->Temporary Internet Files folder emptied: 178194062 bytes
->Java cache emptied: 682278 bytes
->FireFox cache emptied: 71098138 bytes
->Flash cache emptied: 4058 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15600 bytes
RecycleBin emptied: 5069628 bytes
 
Total Files Cleaned = 346,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 05232013_112540

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Es gab nur eine kleine Zwischenstörung: Anweisung in 0x71826cfc verweist auf Speicher 0x000..... Vorgang read konnte nicht durchgeführt werden. Klicken Sie auf Programm beenden!

Ich hab es dann ignoriert & trotzdem einfach den Neustart gemacht. HAt der Fix jetzt trotzdem bei allen funktioniert?

cosinus · 23.05.2013, 11:19

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

kiwibiwi · 23.05.2013, 17:59

Code:

ATTFilter

OTL logfile created on: 23.05.2013 18:49:20 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\y\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,78% Memory free
3,98 Gb Paging File | 3,04 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,18 Gb Total Space | 19,61 Gb Free Space | 52,74% Space Free | Partition Type: NTFS
Drive E: | 37,24 Gb Total Space | 37,15 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: Y-PC | User Name: y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\y\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (catchme) -- C:\Users\y\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (OZSCR) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 C0 34 87 BC 9D CC 01  [binary data]
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-540140884-1441250459-233020522-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 21:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 21:39:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.08 04:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\y\AppData\Roaming\mozilla\Extensions
[2013.02.11 20:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\y\AppData\Roaming\mozilla\Firefox\Profiles\nv6eky7x.default\extensions
[2013.04.12 21:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 21:39:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.11 18:37:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.11 18:37:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.11 18:37:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.11 18:37:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.11 18:37:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.11 18:37:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 00:12:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-540140884-1441250459-233020522-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0023E3B8-FAFB-4C01-AFD4-5AB39E83F64F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8AAA937-745D-437D-A29E-F4E2A7450CA4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E0699F-D7D4-4AAE-9E61-4F38D547B1BD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5BBEE0-0131-4A51-9FFE-817E0F3300E6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 11:25:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 23:15:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 23:14:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 23:07:16 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\y\Desktop\JRT.exe
[2013.05.22 18:12:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\y\Desktop\tdsskiller.exe
[2013.05.22 18:11:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\y\Desktop\aswMBR.exe
[2013.05.21 21:30:24 | 000,000,000 | ---D | C] -- C:\Users\y\Desktop\mbar
[2013.05.21 19:19:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.21 19:12:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.18 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Skype
[2013.05.18 17:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.18 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.18 17:45:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.05.18 17:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.05.17 00:15:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.17 00:02:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 00:02:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 00:02:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 00:01:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 00:01:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Local\Programs
[2013.05.16 11:07:02 | 000,000,000 | ---D | C] -- C:\Users\y\AppData\Roaming\Malwarebytes
[2013.05.16 11:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 11:05:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.16 11:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.15 20:50:28 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 20:50:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 20:50:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.15 20:50:25 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 20:50:24 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 20:50:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 20:50:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 20:50:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.15 20:50:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.15 20:50:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 20:11:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 20:11:14 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 20:11:09 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 20:11:02 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 20:11:01 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.14 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.14 18:27:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.14 18:27:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.14 18:27:32 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.07 23:20:35 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 18:39:36 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 18:39:36 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 18:36:14 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.23 18:36:14 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.23 18:36:14 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.23 18:36:14 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.23 18:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 18:31:45 | 1602,981,888 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 23:10:05 | 000,632,031 | ---- | M] () -- C:\Users\y\Desktop\adwcleaner.exe
[2013.05.22 23:07:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\y\Desktop\JRT.exe
[2013.05.22 18:13:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\y\Desktop\aswMBR.exe
[2013.05.22 18:12:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\y\Desktop\tdsskiller.exe
[2013.05.21 21:27:12 | 012,917,756 | ---- | M] () -- C:\Users\y\Desktop\mbar-1.05.0.1001.zip
[2013.05.21 21:24:48 | 000,377,856 | ---- | M] () -- C:\Users\y\Desktop\gmer_2.1.19163.exe
[2013.05.18 17:45:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 00:12:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.15 21:06:59 | 000,409,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 19:20:11 | 001,591,218 | ---- | M] () -- C:\Users\y\Desktop\4 07052013 Politik_Recht_Schule.pdf
[2013.05.07 23:20:16 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.22 23:09:52 | 000,632,031 | ---- | C] () -- C:\Users\y\Desktop\adwcleaner.exe
[2013.05.21 21:26:51 | 012,917,756 | ---- | C] () -- C:\Users\y\Desktop\mbar-1.05.0.1001.zip
[2013.05.21 21:24:39 | 000,377,856 | ---- | C] () -- C:\Users\y\Desktop\gmer_2.1.19163.exe
[2013.05.18 17:45:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 00:02:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 00:02:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 00:02:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 00:02:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 00:02:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.15 19:20:09 | 001,591,218 | ---- | C] () -- C:\Users\y\Desktop\4 07052013 Politik_Recht_Schule.pdf
[2013.03.24 13:20:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.01.31 17:02:34 | 000,223,608 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.11.04 15:39:22 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.11.04 15:39:21 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.11.04 15:39:18 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.05.2013 18:49:20 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\y\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,78% Memory free
3,98 Gb Paging File | 3,04 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,18 Gb Total Space | 19,61 Gb Free Space | 52,74% Space Free | Partition Type: NTFS
Drive E: | 37,24 Gb Total Space | 37,15 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: Y-PC | User Name: y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-540140884-1441250459-233020522-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46F14526-1922-463A-BC16-14F7A7549E35}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EA78080-C0DE-4398-9534-FFEBF146613F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{67613727-C158-466B-A0C9-EE1B43EDDD6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75572CFA-AA61-4AE6-9E5E-5A5F4540C32C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{83731113-5692-471A-85B8-55352C7152F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AEFE56AF-F53C-48D5-B5A3-E5D76366EA67}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"TCP Query User{2629B16E-DBEB-4313-9ECC-5AE1266D3D7D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{6F0D629C-A467-40F7-BD17-E4E7A98F9D4D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{79789C45-90F0-47DB-AA64-FFA517500698}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{BCE893FE-D4AC-4DAC-A025-9AEF7C2E8055}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E16A27B3-5CAD-40BF-88DF-0A7824B7E1BB}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{F920535C-0424-4A05-A070-FC2D471887DB}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{105FCC26-DF09-41EA-AB67-168648BA2B84}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{30860359-A2C9-40A2-B9C7-E32C64FDB537}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5F383793-5F8B-4B28-9774-EECAC8514CC4}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{A1DFBBAF-FFE5-4709-9AE3-D290FD352F47}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BFB46CBE-4C50-4236-A4FA-8237F0F8C12C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{F0580D81-434D-48AF-ADF6-B6F91ED1ECAF}C:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\y\appdata\local\temp\rarsfx0\bie_kms.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C31FFDC-E796-4884-B990-41B9A5B2A647}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.1.11
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.05.2013 17:32:30 | Computer Name = y-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.05.2013 05:16:37 | Computer Name = y-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.05.2013 05:30:02 | Computer Name = y-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.05.2013 06:57:53 | Computer Name = y-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 23.05.2013 07:57:47 | Computer Name = y-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 23.05.2013 09:20:08 | Computer Name = y-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x594  Startzeit der fehlerhaften Anwendung: 0x01ce5798ae378a1e  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 7c85cba1-c3ab-11e2-83f7-00037abedbd2
 
Error - 23.05.2013 12:33:35 | Computer Name = y-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.05.2013 17:28:22 | Computer Name = y-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

cosinus · 23.05.2013, 21:42

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

kiwibiwi · 23.05.2013, 21:59

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.23.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
y :: Y-PC [Administrator]

Schutz: Aktiviert

23.05.2013 22:49:18
mbam-log-2013-05-23 (22-49-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201044
Laufzeit: 9 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

22.05.2013, 20:20	#32
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|Ytnaopy - Standard$ 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|Ytnaopy Du solltest nur das Log erstellen, wenn du fixmbr machen sollst hätte ich das schon geschrieben Mach bitte mit dem tdsskiller weiter, auch da nur das Log erstellen, nichts löschen! __________________ __________________

22.05.2013, 22:18	#38
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|Ytnaopy - Standard$ 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|Ytnaopy ja genau das ist gemeint => Wächter (Hintergrundscanner bzw. residenter Schutz) soll deaktiviert werden __________________ Logfiles bitte immer in CODE-Tags posten

2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy

Log-Analyse und Auswertung: 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy