Wie Rootkit 0 access entfernen?

sasa1 · 10.12.2013, 03:12

Hallo,
mein PC ist leider vom rootkit.0access Virus befallen. Wie werde ich den los? Da steht zwar, er wird erfolgreich entfernt, ist beim nächsten scan aber immernoch da. Hier noch logfiles:

Code:

ATTFilter

Datenbank Version: v2013.01.07.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Lara :: LARA-PC [Administrator]

10.12.2013 02:11:31
mbam-log-2013-12-10 (02-11-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200187
Laufzeit: 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:35 on 10/12/2013 (Lara)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by Lara (administrator) on LARA-PC on 10-12-2013 02:29:06
Running from C:\Users\Lara\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TaskTray] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [EMET Notifier] - C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Google Update] - C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-07] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

ProxyServer: 75.125.242.146:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zeit.de/index
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC02600405276CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {80217218-29AD-4019-BA0B-7F102706CC36} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {80217218-29AD-4019-BA0B-7F102706CC36} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.zeit.de/index
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Codecv - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\info@allpremiumplay.info
FF Extension: EPUBReader - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-0FHdJAAQ7Nb73Q - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi
FF Extension: prefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF Extension: bprivacyprefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.zeit.de/index"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Codecv) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg\1.0_0
CHR Extension: (Awesome XKCD Widget [ANTP]) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigeakmkgpgffiojjihhjlggonmomacp\2012.134.4.0_0
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (AdBlock) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0
CHR Extension: (Marble) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool\1.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (You are Awesome) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkhopfdenimipdamjmfpijifmmpnakpc\8_0
CHR Extension: (Skype Click to Call) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [ajhcekcffkpnaednoeoegnmnjdlnjjmg] - C:\ProgramData\Codecv\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [229520 2011-12-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
U5 BITS; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 02:29 - 2013-12-10 02:29 - 00021772 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-10 02:28 - 2013-12-10 02:28 - 01060641 _____ (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-10 02:28 - 2013-12-10 02:28 - 00000000 ___DC C:\FRST
2013-12-10 02:27 - 2013-12-10 02:27 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

2013-12-10 02:29 - 2013-12-10 02:29 - 00021772 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-10 02:29 - 2011-02-07 14:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000UA.job
2013-12-10 02:29 - 2011-02-07 14:50 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000Core.job
2013-12-10 02:28 - 2013-12-10 02:28 - 01060641 _____ (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-10 02:28 - 2013-12-10 02:28 - 00000000 ___DC C:\FRST
2013-12-10 02:28 - 2011-02-25 15:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 02:28 - 2011-02-25 15:31 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 02:27 - 2013-12-10 02:27 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:27 - 2011-01-28 05:11 - 00000000 ____D C:\Users\Lara
2013-12-10 02:27 - 2008-01-21 08:16 - 01453972 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe
2013-12-10 02:23 - 2013-01-05 02:49 - 00003584 _____ C:\Windows\WindowsUpdate.log
2013-12-10 02:20 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.dat
2013-12-10 02:20 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.001
2013-12-10 02:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 02:20 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 02:20 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 02:19 - 2013-01-05 03:45 - 00005386 _____ C:\Windows\PFRO.log
2013-12-10 02:08 - 2006-11-02 14:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:
C:\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
C:\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@
C:\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@
C:\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\80000000.@

ZeroAccess:
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 02:25

==================== End Of Log ============================

schrauber · 10.12.2013, 08:47

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

sasa1 · 10.12.2013, 12:18

Hallo. Danke für die Antwort.

Code:

ATTFilter

ComboFix 13-12-08.01 - Lara 10.12.2013  11:58:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1738 [GMT 1:00]
ausgeführt von:: c:\users\Lara\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\settings.ini
c:\programdata\Codecv\uninstall.exe
c:\programdata\Roaming
c:\windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
c:\windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@
c:\windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@
c:\windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\80000000.@
c:\windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\800000cb.@
.
c:\windows\system32\services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-10 bis 2013-12-10  ))))))))))))))))))))))))))))))
.
.
2013-12-10 01:28 . 2013-12-10 01:28	--------	dc----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 01:32 . 2012-04-01 20:38	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-10 01:32 . 2011-06-21 12:03	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-29 08:27 . 2012-12-27 03:50	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-02 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"EMET Notifier"="c:\program files\EMET\EMET_notifier.exe" [2012-05-09 152152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 01:32]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 14:31]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 14:31]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000Core.job
- c:\users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-07 13:50]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000UA.job
- c:\users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-07 13:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zeit.de/index
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 75.125.242.146:80
IE: Free YouTube Download - c:\users\Lara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Lara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TaskTray - (no file)
AddRemove-Amazon MP3-Downloader - c:\program files\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-Marvell Miniport Driver - c:\program files\Marvell\Miniport Driver\Uninst.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-12-10 12:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\mfevtps.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-10  12:12:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-10 11:12
.
Vor Suchlauf: 17 Verzeichnis(se), 22.774.620.160 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 22.742.884.352 Bytes frei
.
- - End Of File - - C85B15D3A4D6C836AC14C8EAD513AEEB
61A349592C4728853F4A90FF78F7628E

edt: Ich habe jetzt nochmal auf Viren gescannt und der Virus scheint weg zu sein

)
Kann ich den PC wieder normal benutzen? Ich habe nämlich gelesen, dass man vorsichtshalber, wenn man onlinebanking gemacht hat, bei der Bank anrufen soll, damit die einem neue Anmeldedaten geben und man alle Passwörter erneuern soll. Stimmt das?

schrauber · 10.12.2013, 14:09

Wir sind noch lange nicht fertig, aber den Anruf kannste schon mal machen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

sasa1 · 11.12.2013, 02:46

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.10.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lara :: LARA-PC [Administrator]

11.12.2013 01:30:06
mbam-log-2013-12-11 (01-30-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210858
Laufzeit: 14 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Lara\AppData\Local\temp\ICReinstall_realtek-ethernet-controller-driver.exe (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 11/12/2013 um 01:56:43
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Lara - LARA-PC
# Gestartet von : C:\Users\Lara\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Ordner Gelöscht : C:\Program Files\driver-soft
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Lara\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Lara\AppData\LocalLow\Codecv
Ordner Gelöscht : C:\Users\Lara\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\info@allpremiumplay.info
Ordner Gelöscht : C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v17.0.1 (en-US)

[ Datei : C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search[...]

-\\ Google Chrome v

[ Datei : C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3834 octets] - [11/12/2013 01:45:40]
AdwCleaner[S0].txt - [3769 octets] - [11/12/2013 01:56:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3829 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Lara on 11.12.2013 at  2:03:47,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0064EC24-09DB-40E2-849F-6AA5066422EB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0198DF59-D9C7-44E2-B3CF-2F9DE7B5362B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{01D6E8D7-9B3A-4B3F-97E7-08A531A5CF25}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{020BDEA8-1A2B-403D-B83C-BADC89C65BF4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{044D2744-AC56-43E0-A044-D3379AE1FCD0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{046C3A8B-08E7-4714-BACF-74B56C6BC983}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{04E923ED-A166-47D8-9242-5D87412FCC1D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{059075AA-8BE0-4989-BA80-16F1866494B8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{064E82F4-CD7D-4DBA-AFB1-6F118A9CA22E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{07D4DF52-3D6B-401C-8BFB-E1D028D147FA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0CC1394C-F4B1-4C03-BBC9-0EFAB607A235}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0EF081CC-16B5-4BB4-953A-3EC73C4872D7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1011601B-9B5C-45C9-AFB4-507367B8BA8A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1014E65F-380E-46A0-9C6B-16AED52161F8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{102706FE-7A1B-437B-9710-3ADE98E5D97C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{11363A09-E42F-4B48-9D04-73D6348C978A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1230386C-060E-44CA-88DC-BC8DE26A7B3A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{13226868-AD15-4ED0-9907-77743C45E26A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1364FE2C-C49A-48D2-9A73-EBF11ABF48F6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1442D64D-987C-4923-972B-BEC41045DEEA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{149E3F32-9134-401A-8737-C693283F68D6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1543F4DF-7761-4FDD-AB15-ADC5B6E8C70B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1690C437-5614-47AC-BE4F-1996526D956E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1735A37D-8987-415B-9C1D-B0D72F5AF4CF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1803BC69-15A2-4228-8BE2-D4D10D0B7283}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{18822DFB-C36F-4E29-BE79-04E42166A59A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{189A7349-57F0-457D-BE0B-3D3942FF6275}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1A494301-FD98-4943-89A5-752DEFCB4909}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1CC3A731-DAB8-4C06-B502-AA90620A62FD}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1DBB61D8-FECD-4E1C-AD85-95D38D5A705D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{21423F76-2B2F-4181-AC23-E30C59CE655E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{21A2CE66-D305-4B46-915C-E6549BD27577}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{21F6ADCA-5D78-4EC1-8302-99EC7AD28542}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{26301773-DE8B-48A6-A73E-D35E87821986}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{27883FA0-673A-4739-BDA7-C8BDA0926930}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2A508C46-C40D-4AE4-97D4-5EB2FD4C01DE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2A86730D-8BBC-4CFA-9042-BE2CA5A2F3B2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2AFB21EB-BF0E-43CC-A911-540B9E106704}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2B6C8D56-F904-4FD2-B71B-6529B05B409E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2BAA8200-203A-40B7-9385-322FF4BD1816}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2BD3069B-3B80-44DE-89BB-4C6F7E71DDC9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2C34D90D-75EF-4238-B9D3-95BC0522BB99}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2C915DF7-CD24-44C3-9649-EE352FA6D863}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2D9386E4-6007-46D4-B9E2-0CB700701260}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{30197AEE-9045-45E7-8D16-3C36716D0A8A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{341AD598-7FD0-4134-8FC4-91705BDD1A4A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{35A19C31-E9C4-40B3-A935-20116032D43B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3681ADF2-39F2-41D3-A2DA-56C2B67B8588}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{376077AC-849D-4146-91B9-EC3B41DF3808}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{378AB54B-AA46-425A-B09F-D6DB2F2854BB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{38952AE1-3A1E-4C77-B6EC-E425F3C1493C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{39BF0242-22DE-4F2A-B28B-5D6AC3F28C7D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3A2A5EB2-3BBE-4D59-BA70-2F381BA26F8B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3A7FCBFD-027D-43A1-A92B-3644C820C7C1}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3CFE5993-5EF6-404A-A9AD-2E095F5804D3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3EF67BAF-53D6-4042-9989-9ED2F8506C66}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3F40F48B-0D4F-4EC7-80B3-DCAA30EA5579}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{40F385DC-6CA9-4B8C-9B3A-BC11B39A73C3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{41537B54-BAF3-4BC2-B078-04AF09C35341}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{418598BB-A678-42AE-8B10-B054E1289132}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{441F2BD4-15B4-4FE8-BE25-03AC2D4E1BB6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{44FF0428-E68A-4EE9-9967-72D5724F4DAF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{450BED1D-7FDC-4458-8605-C7298D07B9E6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{46DCC8C9-26FD-4C22-AFC2-E380BF26ADD5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{48C39D93-C51B-4499-B5D5-2360C1F95EB8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{4963A88D-0D01-44F3-A3E4-B07C9CB888A2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{496AA639-BE11-4C18-91DF-FCC5CDBA1D94}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{4AA88D95-81C1-4A59-9A31-01024B5A7364}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{4BFF3BED-98CD-4A4C-9BAD-BEE0D9044DCF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{4D0A4E17-1825-4095-B726-B0A362255D4A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{50844044-0CB2-44BE-B430-D2BE488B0AF1}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{518A6B7D-7B66-478A-8638-FBB00BD49829}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{54F797AD-58BE-455A-8BC3-04C8C28D2942}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{55FA5793-FFE8-4E25-9297-D9DE18D266A1}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5784C91F-CD32-4AD7-9E54-57F9C77406BA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{57CECC48-8EFD-4204-8DBB-71E93EEB299A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5803750D-E529-4F42-B78D-2713D7689ED3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{581A7E1A-DB4F-4C01-A5AC-60A161FF802C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{594572C7-64C6-4480-AFA0-CE6FB93D289B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5AF99581-1952-49CE-9B8F-B63D0825195F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5B530BBB-F9D4-499C-AE0C-F5A79BFF34FA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5C2A5D46-D387-4968-B626-6B4D52DB3C79}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5D2ED365-2F08-450A-AE55-BD14623E67DF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5DBBD50D-FA54-4C4B-828A-40813EF0C1E5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5DF0B871-8705-4045-BAF7-94293D9F6E3E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5E7C1BD9-4EC4-42AB-8DA2-5A7E3FE346C8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5EA77D4C-D5E7-4CD5-81A8-E8A70E75741B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5F73D2A5-3EBB-4A5F-8896-A53976A1A94F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{60AA8C1C-6365-4A92-9F3F-8F540021F450}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{64324B3E-0F8E-4A0C-8DB5-888DC8BC8C31}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{656A71C9-CAC3-46C6-8AF3-4CFE740F8892}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{65FD4F38-2AAC-4035-B506-1FC230E549AB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6629E456-1F0B-4A87-9985-3FBAC602AB2F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{665D2236-AF3D-4923-BBB5-16B7DCA45A25}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{66A6D382-7EEF-471A-BC2B-CAADB89B3962}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{68B6184D-E4D8-4554-BED0-077883EF0F02}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{69C6BCD8-B18A-4826-864F-54E4D19E19C0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{69E01DF0-5436-40C2-AB89-B71246443F49}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6B3F5A03-F0AA-4615-9E98-76DAE4027163}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6C8B8BA4-6057-4651-91C5-62F3664F5352}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6CC75C9F-2136-4541-8838-70ABA49F8409}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6D590764-3DA8-42B3-8A97-3602CB77422F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6D68DCFA-FA6F-49C2-B148-7AE40A35F768}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6DD129FB-BFD2-409E-9899-A622092EF4A5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7050D14B-CB0A-478D-8007-C699AB169603}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{705F53F4-FDE0-446C-A6A1-C3D5553DAEA4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7104F9B9-29D2-415C-B117-837FAE2E192B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7157EFE5-63C8-4143-8144-2DEEDC86580F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7566761F-430D-4FCA-B273-3EB5AAF1D54C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{769B2967-40E1-4CDA-A328-F1807EF7E0A3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{76E640F0-EA7D-4A5C-92D4-0F5AB70A3803}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7796A670-262D-4405-A972-9E2043843FE7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{795E96CB-9369-4EDE-957D-FCE9EA28E626}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{79BDE67E-B9FB-46A0-AC6D-74282E79539A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8028634F-E888-4BC1-8027-8A4A5C886A0D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{81D49655-2FC2-4BFA-9B80-13740CF36618}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{839BB9E7-3E28-4522-9CDA-B090A359E2F5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{858835AB-374F-4595-AD91-53F62B65ACA8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8614C587-259F-4D47-9E46-ADA59F4766FF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8682CAD0-DEC1-4C0E-9453-3F333DF58445}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{87136EF2-CD7B-4E62-8730-41087B69217A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8737BA7F-D990-4A7A-9310-A841EAC9834F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8835B82B-DAA5-4E2F-87A6-A54EAB5F2691}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{89030A56-7933-4FD3-BB92-88955E5C5606}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{896C9F79-4BF9-4471-A2FF-6B2679A3E015}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{89F4D27A-1C80-4984-8070-86B028B2E270}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8BA78733-1AA5-4057-8B5E-1E51C213F9A0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8CB08961-ED99-4556-A82D-A657E4A12108}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{910DFD0F-35C1-4D81-9527-3CD8F07FB2A2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{917972B5-646B-4538-800F-4D470FF1D2C5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{92B66DE8-8D85-4693-87F6-67BAF78F088E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{94F9B9C8-4D63-4684-8F24-070B63742D68}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{960D65D9-C556-42E1-9879-775CBC12120D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{97666E41-3DEB-47F2-B70A-D26A35EAF0D0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9791A365-C7CF-49FA-AA4C-8C511B726EB6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9844AFBD-FFE0-43B5-ABE8-4E58E1BE02C8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{98AD4F9F-EEED-42D2-B14C-7117F5DB39E6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9D9BDE82-ED0B-48D5-8110-8DD8DA8E6593}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9DAE5575-3DD6-462B-8EF8-3153EC5D9794}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9E25D953-3765-4034-AB85-E54A72FCE4B2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9E49DEAE-973D-4685-B980-2C018D6DFA0F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9FBF4066-8419-4169-8F2A-E758652E83D9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A1C9AF05-C457-4155-B029-9AE8B332A22E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A2006894-B383-4E34-9F3A-176BDA63244F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A2452696-DA6A-4B97-908D-98C9DFC7FEDF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A43ECCBD-513D-4D72-B810-171E99772A04}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A492A7BD-A42B-46F9-AB33-49A56CB8AE82}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A656019B-4AC0-4E0B-810F-152541B3EA57}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A817BE02-DAB7-4B26-B4BB-7C40B64F665E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AA549223-E92F-4838-869A-7E84D888074A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ABB86052-79F5-4EA0-8C51-2106280AB197}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ABCAA29E-743D-486B-9E48-24DF6D9082DE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ABD317F1-345C-4131-9BCD-75610E77A6F9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AD0B432F-799D-4789-A60E-112B8BC911CE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AD734D51-7FDF-4A27-B0C1-F1DE812C76C2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ADB356B2-BE60-4AF5-B63A-678335349421}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AE22D203-030C-4F8D-8560-0F56117E33FE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AE71374D-6EBA-4F53-AF0C-AE2631169AE6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AEE1B54A-FE74-47F2-BCAC-5DF6900E9B08}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AF6B540E-9187-4310-8F40-6C11B2699445}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AFFE286A-87F6-4D03-BA19-9CF7B2BEC09B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B0D8566F-0273-471E-9405-2EA9D65DE100}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B320A978-8C98-4C8E-B92C-37B6C28F61DF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B39AC937-C608-4136-8B8E-FEBEC7F9B432}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B3F0630B-B84A-4B09-B198-7E280637A189}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B51E9D5C-F06F-41FB-9505-F902340AD719}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B7508D7F-38F5-421B-A713-AE61B87F67F6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B803B4FB-3AB5-4E12-B009-0F729B35562C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B804AE77-CE2C-4678-B8BD-8484AB04EF1F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B822C345-A8DB-408B-97DA-D12D0F650FE2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B91895C0-4231-4547-A230-176639B346EA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B9B08D4F-241E-4ADF-90B8-2845EB490370}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BBC3E438-0139-4354-A042-97CA4AB47488}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BC1D04FB-B2DF-45C5-9AE5-503D268627E0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BC56D638-830F-4D19-8D2D-390D61E1FD7B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BC6DCC57-4B75-4582-8B70-1E412D233F7B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C10CEC96-41AC-4E49-8BBF-33830BB348F9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C13F78F0-A8FD-4CFB-9880-0F4D5688AC71}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C3505286-0B7B-42F0-985E-345B274DADD4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C50736BE-56D4-4239-B828-E43A06F4BFD1}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C50A3B40-1951-4F0D-B094-F6E9B2F85556}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C7539FF3-1DD5-40E6-86B2-FC29ED0F0AC7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C78BE1AA-8913-4AF0-B6E7-4C56E572F9A0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C8281F27-35BC-4B78-8F6D-9EAB11F08776}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C863CE36-6039-4C43-88DD-AADD78472720}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C8BA5A9A-9C89-4F10-82C6-4E27885ED359}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C8C48EDA-3B29-4603-AB6C-75AAE137D08D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CBDFED6C-1AE6-4FA4-82C4-6D32D1F2143B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CD2515A9-2602-4D07-847F-BA248D5008D2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CD49A5DC-B9D8-4165-A0D4-675A64358976}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CD4F34EA-A45F-40B4-A6E2-3CBB393BF5F9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CD8FB9E0-1192-4E10-8ECE-287C6A5E41BB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CEABFCC5-BB95-4926-8CBD-77E98F7AF785}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CF0E256A-50C1-4C51-957C-4DE48571654E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CFA8DC09-F0FA-4532-9D41-350551906B72}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D108F1D9-C346-4BF8-886A-ABEE603725D8}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D1F9ACA6-DA5C-48B7-ADC4-CEC839ABBEC2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D24F5A47-B62B-4FB3-AB59-55C9B83679A7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D257E2EC-AA54-42D3-A4A9-8E2EBBC933BF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D280CAC6-D4ED-42E4-9C0E-4D5A7B661FEB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D32244D0-2459-48AC-A5C8-9D02D81748F3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D39F5F67-8725-4A39-91F6-FFD6C3364B27}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D5E8D53D-46B5-4351-A40C-EE3FBF97F04F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D753F2F1-93E9-4087-8F3A-EABD1F3E0BD4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D8EC50B9-D5DF-41F4-8058-F710FAFE01AA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D9087A00-4B87-4BDC-B933-302D63F1756B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D9C1A598-1A82-4EBE-93D1-4F73749506D4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DA8D48BA-E345-4036-B599-61BC13F513F3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DDBB1241-A3E5-4453-A5F2-5447D7477281}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DE73586F-76B7-4520-9DAD-8B300C072C5A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DEE1862C-E6FC-46A7-AFEA-629CBF2FC683}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DFC78A09-3F9B-42FA-AA78-72B50D6692F9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E004B296-CFEB-4352-B9F3-598EA12FAD1C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E1766FF3-C198-4859-B4A7-5098A3F690E4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E369131A-AA6D-4FCE-9F99-08A159D76F7F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E6243CAF-C1F1-44D7-AC75-2FD9605061D6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E656F020-A151-427E-B79B-8D51B3D8EB9A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E714ED11-9FD6-40AC-8FE6-1410FE0CEE4A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E750AFDE-72F2-442F-BDDB-6365D6637F90}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E991C92C-20C3-4F61-B01C-DC4D3FA34645}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E9A58380-62C8-467E-834D-E5F4483AA303}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EB23FFCC-061C-4F6D-96F1-7BA92FE48A94}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EB756BE8-7C1F-4012-AA69-FD648193E773}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ECCBD96C-05AF-4101-BAC8-749972B50978}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EE68AB7F-C5D5-4903-AA69-67E93B9579B9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F1C8BFD1-9914-4788-B5B2-473AACFF778C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F22BE7CE-7130-46E3-A733-A4F5DEBAA590}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F22D2D86-38BF-404C-BAF5-18C554DC09DA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F86D8193-0A9B-46C6-A6A5-A7D9C4CFCFFD}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F89142AC-E3E4-477A-8E09-130F95F24467}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F94A6CB4-B3AC-4DFC-9B28-1C56521D4B85}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FAB2080B-CC39-4E7F-81B4-CBBF750B118E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FBE76942-5A0C-4357-8C44-7A53FB3E953C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FBEFA27A-301A-429A-A3B5-878A685D5FB2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FD4D5119-1DB9-4AA1-A1D5-035996A05366}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FD56E1F6-0F3C-415D-90CC-B0825CA490E3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FE0ACE41-BB8B-465F-B913-0652E5F6360A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FF8DB218-ECDE-4E4F-8ED7-E08B9F65B889}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FFCC265E-827E-4562-9E10-8228FD4D102D}



~~~ FireFox

Emptied folder: C:\Users\Lara\AppData\Roaming\mozilla\firefox\profiles\mky5g0nt.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Lara\appdata\local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.12.2013 at  2:07:14,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013 01
Ran by Lara (administrator) on LARA-PC on 11-12-2013 02:08:54
Running from C:\Users\Lara\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [EMET Notifier] - C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

ProxyServer: 75.125.242.146:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zeit.de/index
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC02600405276CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {80217218-29AD-4019-BA0B-7F102706CC36} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.zeit.de/index
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: EPUBReader - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-0FHdJAAQ7Nb73Q - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi
FF Extension: prefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF Extension: bprivacyprefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.zeit.de/index"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Awesome XKCD Widget [ANTP]) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigeakmkgpgffiojjihhjlggonmomacp\2012.134.4.0_0
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (AdBlock) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0
CHR Extension: (Marble) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool\1.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (You are Awesome) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkhopfdenimipdamjmfpijifmmpnakpc\8_0
CHR Extension: (Skype Click to Call) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [229520 2011-12-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 02:08 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:07 - 2013-12-11 02:07 - 00026121 _____ C:\Users\Lara\Desktop\JRT.txt
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 02:00 - 2013-12-11 02:00 - 00003909 _____ C:\Users\Lara\Desktop\AdwCleaner[S0].txt
2013-12-11 01:40 - 2013-12-11 01:56 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2009-12-18 00:02 - 01203712 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2013-12-11 01:07 - 2009-05-01 02:14 - 00000589 _____ C:\Windows\dsetup.iss
2013-12-11 01:07 - 2009-03-19 04:31 - 02821120 _____ (Askey Computer Corporation.) C:\Windows\system32\AInst3141.exe
2013-12-11 01:07 - 2004-09-28 02:27 - 00000874 _____ C:\Windows\system32\WLL3141.cfgx
2013-12-11 00:39 - 2013-12-11 01:08 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:05 - 2013-12-10 12:05 - 00000552 _____ C:\Windows\PFRO.log
2013-12-10 11:56 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-10 11:56 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-10 11:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-10 11:51 - 2013-12-10 11:52 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:49 - 2013-12-11 02:06 - 01558317 _____ C:\Windows\WindowsUpdate.log
2013-12-10 02:29 - 2013-12-11 02:08 - 00019847 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-10 02:29 - 2013-12-10 02:33 - 00021306 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-10 02:28 - 2013-12-11 02:08 - 01061389 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-10 02:28 - 2013-12-11 02:08 - 00000000 ___DC C:\FRST
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

2013-12-11 02:09 - 2013-12-10 02:29 - 00019847 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-11 02:08 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:08 - 2013-12-10 02:28 - 01061389 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-11 02:08 - 2013-12-10 02:28 - 00000000 ___DC C:\FRST
2013-12-11 02:07 - 2013-12-11 02:07 - 00026121 _____ C:\Users\Lara\Desktop\JRT.txt
2013-12-11 02:07 - 2008-01-21 08:16 - 01453972 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 02:06 - 2013-12-10 11:49 - 01558317 _____ C:\Windows\WindowsUpdate.log
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 02:00 - 2013-12-11 02:00 - 00003909 _____ C:\Users\Lara\Desktop\AdwCleaner[S0].txt
2013-12-11 02:00 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.dat
2013-12-11 02:00 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.001
2013-12-11 02:00 - 2011-02-25 15:31 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 01:59 - 2012-04-01 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 01:59 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 01:59 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 01:59 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 01:57 - 2006-11-02 14:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 01:56 - 2013-12-11 01:40 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:56 - 2011-02-07 18:37 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-11 01:55 - 2011-02-25 15:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:34 - 2011-02-07 14:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000UA.job
2013-12-11 01:31 - 2012-04-01 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 01:31 - 2011-06-21 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 01:15 - 2013-01-05 03:26 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2013-12-11 01:08 - 2013-12-11 00:39 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2011-01-28 18:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-11 01:07 - 2011-01-28 05:11 - 00000000 ____D C:\Users\Lara
2013-12-10 13:14 - 2011-02-25 16:02 - 00000000 ____D C:\Program Files\Realtek
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:12 - 2012-07-13 04:04 - 00000000 ___DC C:\Qoobox
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-10 12:10 - 2012-07-13 04:04 - 00000000 ____D C:\Windows\erdnt
2013-12-10 12:06 - 2006-11-02 11:23 - 00000215 ____C C:\Windows\system.ini
2013-12-10 12:05 - 2013-12-10 12:05 - 00000552 _____ C:\Windows\PFRO.log
2013-12-10 11:52 - 2013-12-10 11:51 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:42 - 2011-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2013-12-10 02:36 - 2011-02-07 14:52 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-10 02:34 - 2011-02-07 14:50 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000Core.job
2013-12-10 02:33 - 2013-12-10 02:29 - 00021306 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe
2013-11-19 03:33 - 2011-02-07 15:00 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

ZeroAccess:
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@

Some content of TEMP:
====================
C:\Users\Lara\AppData\Local\temp\ICReinstall_realtek-ethernet-controller-driver.exe
C:\Users\Lara\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-11 02:04

==================== End Of Log ============================

--- --- ---

schrauber · 11.12.2013, 13:08

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
ProxyServer: 75.125.242.146:80
ZeroAccess:
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Wenn TDSSKiller die Datei services.exe anmeckert, gleich weiter mit Cure, dann das Logfile nach Cure posten und ein frisches FRST log.

sasa1 · 11.12.2013, 14:15

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2013 01
Ran by Lara at 2013-12-11 14:00:59 Run:1
Running from C:\Users\Lara\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
ProxyServer: 75.125.242.146:80
ZeroAccess:
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@
*****************

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d} => Moved successfully.
"C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\@" => File/Directory not found.
"C:\Users\Lara\AppData\Local\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@" => File/Directory not found.

==== End of Fixlog ====

Code:

ATTFilter

14:04:42.0198 2408  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:04:44.0912 2408  ============================================================
14:04:44.0912 2408  Current date / time: 2013/12/11 14:04:44.0912
14:04:44.0912 2408  SystemInfo:
14:04:44.0912 2408  
14:04:44.0912 2408  OS Version: 6.0.6002 ServicePack: 2.0
14:04:44.0912 2408  Product type: Workstation
14:04:44.0912 2408  ComputerName: LARA-PC
14:04:44.0912 2408  UserName: Lara
14:04:44.0912 2408  Windows directory: C:\Windows
14:04:44.0912 2408  System windows directory: C:\Windows
14:04:44.0912 2408  Processor architecture: Intel x86
14:04:44.0912 2408  Number of processors: 2
14:04:44.0912 2408  Page size: 0x1000
14:04:44.0912 2408  Boot type: Normal boot
14:04:44.0912 2408  ============================================================
14:04:47.0174 2408  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:04:47.0190 2408  ============================================================
14:04:47.0190 2408  \Device\Harddisk0\DR0:
14:04:47.0190 2408  MBR partitions:
14:04:47.0190 2408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x11940000
14:04:47.0190 2408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12D40800, BlocksNum 0x126ED800
14:04:47.0190 2408  ============================================================
14:04:47.0206 2408  C: <-> \Device\Harddisk0\DR0\Partition1
14:04:47.0315 2408  D: <-> \Device\Harddisk0\DR0\Partition2
14:04:47.0315 2408  ============================================================
14:04:47.0315 2408  Initialize success
14:04:47.0330 2408  ============================================================
14:06:39.0270 5812  ============================================================
14:06:39.0270 5812  Scan started
14:06:39.0270 5812  Mode: Manual; SigCheck; TDLFS; 
14:06:39.0270 5812  ============================================================
14:06:40.0144 5812  ================ Scan system memory ========================
14:06:40.0144 5812  System memory - ok
14:06:40.0144 5812  ================ Scan services =============================
14:06:40.0362 5812  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:06:40.0565 5812  ACPI - ok
14:06:40.0721 5812  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:06:40.0736 5812  AdobeARMservice - ok
14:06:40.0830 5812  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:06:40.0846 5812  AdobeFlashPlayerUpdateSvc - ok
14:06:40.0908 5812  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:06:40.0939 5812  adp94xx - ok
14:06:40.0986 5812  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:06:41.0002 5812  adpahci - ok
14:06:41.0033 5812  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:06:41.0048 5812  adpu160m - ok
14:06:41.0080 5812  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:06:41.0111 5812  adpu320 - ok
14:06:41.0142 5812  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:06:41.0236 5812  AeLookupSvc - ok
14:06:41.0298 5812  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
14:06:41.0360 5812  AFD - ok
14:06:41.0392 5812  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:06:41.0407 5812  agp440 - ok
14:06:41.0423 5812  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:06:41.0438 5812  aic78xx - ok
14:06:41.0485 5812  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:06:41.0548 5812  ALG - ok
14:06:41.0579 5812  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:06:41.0594 5812  aliide - ok
14:06:41.0626 5812  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:06:41.0641 5812  amdagp - ok
14:06:41.0657 5812  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:06:41.0672 5812  amdide - ok
14:06:41.0750 5812  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:06:41.0813 5812  AmdK7 - ok
14:06:41.0828 5812  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:06:41.0891 5812  AmdK8 - ok
14:06:41.0922 5812  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:06:41.0984 5812  Appinfo - ok
14:06:42.0062 5812  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:06:42.0078 5812  Apple Mobile Device - ok
14:06:42.0109 5812  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
14:06:42.0140 5812  arc - ok
14:06:42.0187 5812  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:06:42.0203 5812  arcsas - ok
14:06:42.0234 5812  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:06:42.0296 5812  AsyncMac - ok
14:06:42.0328 5812  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:06:42.0343 5812  atapi - ok
14:06:42.0515 5812  [ F32FEE7CB2EE32C1F808409BC8019701 ] athr            C:\Windows\system32\DRIVERS\athr.sys
14:06:42.0593 5812  athr - ok
14:06:42.0640 5812  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:06:42.0671 5812  AudioEndpointBuilder - ok
14:06:42.0702 5812  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:06:42.0733 5812  Audiosrv - ok
14:06:42.0827 5812  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
14:06:42.0858 5812  BBSvc - ok
14:06:42.0905 5812  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
14:06:42.0936 5812  BBUpdate - ok
14:06:42.0983 5812  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:06:43.0030 5812  Beep - ok
14:06:43.0123 5812  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
14:06:43.0232 5812  BFE - ok
14:06:43.0279 5812  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
14:06:43.0357 5812  BITS - ok
14:06:43.0404 5812  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:06:43.0451 5812  blbdrive - ok
14:06:43.0591 5812  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:06:43.0622 5812  Bonjour Service - ok
14:06:43.0654 5812  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:06:43.0700 5812  bowser - ok
14:06:43.0747 5812  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:06:43.0794 5812  BrFiltLo - ok
14:06:43.0825 5812  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:06:43.0903 5812  BrFiltUp - ok
14:06:43.0934 5812  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:06:43.0997 5812  Browser - ok
14:06:44.0044 5812  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:06:44.0293 5812  Brserid - ok
14:06:44.0309 5812  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:06:44.0387 5812  BrSerWdm - ok
14:06:44.0418 5812  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:06:44.0496 5812  BrUsbMdm - ok
14:06:44.0512 5812  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:06:44.0558 5812  BrUsbSer - ok
14:06:44.0605 5812  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:06:44.0668 5812  BTHMODEM - ok
14:06:44.0699 5812  catchme - ok
14:06:44.0714 5812  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:06:44.0761 5812  cdfs - ok
14:06:44.0792 5812  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:06:44.0839 5812  cdrom - ok
14:06:44.0870 5812  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:06:44.0917 5812  CertPropSvc - ok
14:06:44.0948 5812  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
14:06:45.0011 5812  circlass - ok
14:06:45.0073 5812  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:06:45.0104 5812  CLFS - ok
14:06:45.0307 5812  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:06:45.0338 5812  clr_optimization_v2.0.50727_32 - ok
14:06:45.0416 5812  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:06:45.0432 5812  clr_optimization_v4.0.30319_32 - ok
14:06:45.0510 5812  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:06:45.0572 5812  CmBatt - ok
14:06:45.0619 5812  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:06:45.0635 5812  cmdide - ok
14:06:45.0666 5812  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:06:45.0697 5812  Compbatt - ok
14:06:45.0775 5812  COMSysApp - ok
14:06:45.0822 5812  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:06:45.0853 5812  crcdisk - ok
14:06:45.0962 5812  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:06:46.0040 5812  Crusoe - ok
14:06:46.0087 5812  [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:06:46.0150 5812  CryptSvc - ok
14:06:46.0212 5812  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:06:46.0321 5812  DcomLaunch - ok
14:06:46.0352 5812  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:06:46.0415 5812  DfsC - ok
14:06:46.0602 5812  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:06:46.0742 5812  DFSR - ok
14:06:46.0805 5812  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:06:46.0852 5812  Dhcp - ok
14:06:46.0898 5812  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:06:46.0914 5812  disk - ok
14:06:46.0992 5812  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:06:47.0039 5812  Dnscache - ok
14:06:47.0070 5812  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:06:47.0132 5812  dot3svc - ok
14:06:47.0179 5812  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:06:47.0242 5812  DPS - ok
14:06:47.0304 5812  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:06:47.0351 5812  drmkaud - ok
14:06:47.0460 5812  [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:06:47.0507 5812  DXGKrnl - ok
14:06:47.0538 5812  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:06:47.0600 5812  E1G60 - ok
14:06:47.0663 5812  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:06:47.0725 5812  EapHost - ok
14:06:47.0788 5812  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:06:47.0819 5812  Ecache - ok
14:06:47.0975 5812  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:06:48.0022 5812  ehRecvr - ok
14:06:48.0037 5812  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
14:06:48.0100 5812  ehSched - ok
14:06:48.0115 5812  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
14:06:48.0146 5812  ehstart - ok
14:06:48.0209 5812  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:06:48.0224 5812  elxstor - ok
14:06:48.0271 5812  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:06:48.0349 5812  EMDMgmt - ok
14:06:48.0349 5812  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:06:48.0396 5812  ErrDev - ok
14:06:48.0443 5812  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
14:06:48.0490 5812  EventSystem - ok
14:06:48.0552 5812  [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:06:48.0599 5812  EvtEng - ok
14:06:48.0677 5812  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
14:06:48.0724 5812  exfat - ok
14:06:48.0739 5812  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:06:48.0802 5812  fastfat - ok
14:06:48.0833 5812  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:06:48.0880 5812  fdc - ok
14:06:48.0911 5812  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:06:48.0942 5812  fdPHost - ok
14:06:48.0989 5812  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:06:49.0067 5812  FDResPub - ok
14:06:49.0098 5812  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:06:49.0114 5812  FileInfo - ok
14:06:49.0129 5812  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:06:49.0192 5812  Filetrace - ok
14:06:49.0223 5812  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:06:49.0270 5812  flpydisk - ok
14:06:49.0316 5812  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:06:49.0332 5812  FltMgr - ok
14:06:49.0426 5812  [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache       C:\Windows\system32\FntCache.dll
14:06:49.0504 5812  FontCache - ok
14:06:49.0582 5812  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:06:49.0597 5812  FontCache3.0.0.0 - ok
14:06:49.0675 5812  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:06:49.0784 5812  Fs_Rec - ok
14:06:49.0816 5812  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:06:49.0847 5812  gagp30kx - ok
14:06:49.0894 5812  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:06:49.0909 5812  GEARAspiWDM - ok
14:06:50.0065 5812  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:06:50.0159 5812  gpsvc - ok
14:06:50.0206 5812  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:06:50.0237 5812  gupdate - ok
14:06:50.0284 5812  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:06:50.0299 5812  gupdatem - ok
14:06:50.0362 5812  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:06:50.0440 5812  HdAudAddService - ok
14:06:50.0502 5812  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:06:50.0564 5812  HDAudBus - ok
14:06:50.0611 5812  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:06:50.0705 5812  HidBth - ok
14:06:50.0720 5812  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:06:50.0814 5812  HidIr - ok
14:06:50.0845 5812  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
14:06:50.0892 5812  hidserv - ok
14:06:50.0923 5812  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:06:50.0970 5812  HidUsb - ok
14:06:51.0001 5812  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:06:51.0032 5812  hkmsvc - ok
14:06:51.0064 5812  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:06:51.0064 5812  HpCISSs - ok
14:06:51.0142 5812  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:06:51.0266 5812  HTTP - ok
14:06:51.0282 5812  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:06:51.0298 5812  i2omp - ok
14:06:51.0329 5812  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:06:51.0376 5812  i8042prt - ok
14:06:51.0407 5812  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:06:51.0422 5812  iaStorV - ok
14:06:51.0563 5812  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:06:51.0610 5812  idsvc - ok
14:06:51.0625 5812  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:06:51.0641 5812  iirsp - ok
14:06:51.0703 5812  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:06:51.0734 5812  IKEEXT - ok
14:06:51.0953 5812  [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:06:52.0140 5812  IntcAzAudAddService - ok
14:06:52.0171 5812  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:06:52.0202 5812  intelide - ok
14:06:52.0234 5812  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:06:52.0296 5812  intelppm - ok
14:06:52.0358 5812  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:06:52.0436 5812  IPBusEnum - ok
14:06:52.0452 5812  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:06:52.0499 5812  IpFilterDriver - ok
14:06:52.0530 5812  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:06:52.0577 5812  iphlpsvc - ok
14:06:52.0592 5812  IpInIp - ok
14:06:52.0624 5812  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:06:52.0655 5812  IPMIDRV - ok
14:06:52.0670 5812  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:06:52.0702 5812  IPNAT - ok
14:06:52.0748 5812  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:06:52.0764 5812  iPod Service - ok
14:06:52.0795 5812  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:06:52.0811 5812  IRENUM - ok
14:06:52.0842 5812  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:06:52.0858 5812  isapnp - ok
14:06:52.0904 5812  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:06:52.0920 5812  iScsiPrt - ok
14:06:52.0936 5812  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:06:52.0951 5812  iteatapi - ok
14:06:52.0967 5812  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:06:52.0982 5812  iteraid - ok
14:06:52.0998 5812  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:06:53.0014 5812  kbdclass - ok
14:06:53.0029 5812  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:06:53.0076 5812  kbdhid - ok
14:06:53.0107 5812  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:06:53.0154 5812  KeyIso - ok
14:06:53.0201 5812  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
14:06:53.0232 5812  KMDFMEMIO - ok
14:06:53.0279 5812  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:06:53.0310 5812  KSecDD - ok
14:06:53.0357 5812  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:06:53.0419 5812  KtmRm - ok
14:06:53.0466 5812  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:06:53.0497 5812  LanmanServer - ok
14:06:53.0544 5812  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:06:53.0591 5812  LanmanWorkstation - ok
14:06:53.0638 5812  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:06:53.0700 5812  lltdio - ok
14:06:53.0794 5812  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:06:53.0887 5812  lltdsvc - ok
14:06:53.0918 5812  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:06:53.0996 5812  lmhosts - ok
14:06:54.0012 5812  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:06:54.0043 5812  LSI_FC - ok
14:06:54.0090 5812  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:06:54.0121 5812  LSI_SAS - ok
14:06:54.0152 5812  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:06:54.0184 5812  LSI_SCSI - ok
14:06:54.0215 5812  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:06:54.0246 5812  luafv - ok
14:06:54.0277 5812  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:06:54.0293 5812  MBAMProtector - ok
14:06:54.0464 5812  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:06:54.0480 5812  MBAMScheduler - ok
14:06:54.0527 5812  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:06:54.0574 5812  MBAMService - ok
14:06:54.0714 5812  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:06:54.0730 5812  McNASvc - ok
14:06:54.0808 5812  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:06:54.0823 5812  McProxy - ok
14:06:54.0870 5812  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:06:54.0917 5812  Mcx2Svc - ok
14:06:54.0964 5812  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:06:54.0979 5812  megasas - ok
14:06:55.0026 5812  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:06:55.0057 5812  MegaSR - ok
14:06:55.0088 5812  [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
14:06:55.0104 5812  mfeapfk - ok
14:06:55.0198 5812  [ D1E998748BA24A731106611D535C6BBF ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
14:06:55.0229 5812  mfehidk - ok
14:06:55.0276 5812  [ 2B8DFC60EDDDAA33EB5E9F7C91B48ACD ] mfevtp          C:\Windows\system32\mfevtps.exe
14:06:55.0291 5812  mfevtp - ok
14:06:55.0322 5812  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:06:55.0400 5812  MMCSS - ok
14:06:55.0432 5812  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:06:55.0494 5812  Modem - ok
14:06:55.0525 5812  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:06:55.0588 5812  monitor - ok
14:06:55.0603 5812  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:06:55.0619 5812  mouclass - ok
14:06:55.0634 5812  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:06:55.0681 5812  mouhid - ok
14:06:55.0728 5812  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:06:55.0759 5812  MountMgr - ok
14:06:55.0853 5812  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:06:55.0884 5812  MozillaMaintenance - ok
14:06:55.0931 5812  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:06:55.0962 5812  mpio - ok
14:06:55.0978 5812  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:06:56.0040 5812  mpsdrv - ok
14:06:56.0087 5812  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:06:56.0180 5812  MpsSvc - ok
14:06:56.0212 5812  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:06:56.0227 5812  Mraid35x - ok
14:06:56.0274 5812  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:06:56.0305 5812  MRxDAV - ok
14:06:56.0368 5812  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:06:56.0414 5812  mrxsmb - ok
14:06:56.0492 5812  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:06:56.0555 5812  mrxsmb10 - ok
14:06:56.0570 5812  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:06:56.0617 5812  mrxsmb20 - ok
14:06:56.0664 5812  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:06:56.0680 5812  msahci - ok
14:06:56.0758 5812  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:06:56.0773 5812  msdsm - ok
14:06:56.0804 5812  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:06:56.0851 5812  MSDTC - ok
14:06:56.0882 5812  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:06:56.0929 5812  Msfs - ok
14:06:56.0960 5812  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:06:56.0960 5812  msisadrv - ok
14:06:56.0992 5812  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:06:57.0038 5812  MSiSCSI - ok
14:06:57.0038 5812  msiserver - ok
14:06:57.0085 5812  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:06:57.0116 5812  MSKSSRV - ok
14:06:57.0163 5812  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:06:57.0194 5812  MSPCLOCK - ok
14:06:57.0210 5812  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:06:57.0257 5812  MSPQM - ok
14:06:57.0335 5812  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:06:57.0382 5812  MsRPC - ok
14:06:57.0413 5812  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:06:57.0428 5812  mssmbios - ok
14:06:57.0444 5812  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:06:57.0475 5812  MSTEE - ok
14:06:57.0506 5812  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:06:57.0522 5812  Mup - ok
14:06:57.0569 5812  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:06:57.0616 5812  napagent - ok
14:06:57.0662 5812  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:06:57.0678 5812  NativeWifiP - ok
14:06:57.0725 5812  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:06:57.0772 5812  NDIS - ok
14:06:57.0803 5812  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:06:57.0865 5812  NdisTapi - ok
14:06:57.0896 5812  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:06:57.0928 5812  Ndisuio - ok
14:06:57.0974 5812  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:06:58.0006 5812  NdisWan - ok
14:06:58.0037 5812  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:06:58.0084 5812  NDProxy - ok
14:06:58.0099 5812  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:06:58.0162 5812  NetBIOS - ok
14:06:58.0208 5812  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:06:58.0271 5812  netbt - ok
14:06:58.0286 5812  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:06:58.0318 5812  Netlogon - ok
14:06:58.0364 5812  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:06:58.0442 5812  Netman - ok
14:06:58.0474 5812  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:06:58.0536 5812  netprofm - ok
14:06:58.0598 5812  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:06:58.0614 5812  NetTcpPortSharing - ok
14:06:58.0645 5812  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:06:58.0661 5812  nfrd960 - ok
14:06:58.0754 5812  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:06:58.0801 5812  NlaSvc - ok
14:06:58.0832 5812  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:06:58.0926 5812  Npfs - ok
14:06:58.0957 5812  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:06:59.0035 5812  nsi - ok
14:06:59.0082 5812  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:06:59.0129 5812  nsiproxy - ok
14:06:59.0347 5812  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:06:59.0425 5812  Ntfs - ok
14:06:59.0472 5812  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:06:59.0503 5812  ntrigdigi - ok
14:06:59.0534 5812  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:06:59.0566 5812  Null - ok
14:06:59.0612 5812  [ B4F70FAC4EA61CF150823AA063A39FF9 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
14:06:59.0628 5812  NVHDA - ok
14:07:00.0268 5812  [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:07:00.0658 5812  nvlddmkm - ok
14:07:00.0704 5812  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:07:00.0720 5812  nvraid - ok
14:07:00.0751 5812  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:07:00.0767 5812  nvstor - ok
14:07:00.0798 5812  [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:07:00.0814 5812  nvsvc - ok
14:07:00.0829 5812  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:07:00.0845 5812  nv_agp - ok
14:07:00.0860 5812  NwlnkFlt - ok
14:07:00.0860 5812  NwlnkFwd - ok
14:07:00.0970 5812  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:07:01.0001 5812  odserv - ok
14:07:01.0032 5812  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:07:01.0110 5812  ohci1394 - ok
14:07:01.0126 5812  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:01.0141 5812  ose - ok
14:07:01.0313 5812  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:07:01.0484 5812  p2pimsvc - ok
14:07:01.0578 5812  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:07:01.0625 5812  p2psvc - ok
14:07:01.0687 5812  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
14:07:01.0765 5812  Parport - ok
14:07:01.0828 5812  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:07:01.0843 5812  partmgr - ok
14:07:01.0874 5812  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:07:01.0968 5812  Parvdm - ok
14:07:02.0030 5812  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:07:02.0124 5812  PcaSvc - ok
14:07:02.0155 5812  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
14:07:02.0186 5812  pci - ok
14:07:02.0233 5812  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
14:07:02.0264 5812  pciide - ok
14:07:02.0296 5812  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:07:02.0327 5812  pcmcia - ok
14:07:02.0374 5812  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:07:02.0483 5812  PEAUTH - ok
14:07:02.0608 5812  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:07:02.0686 5812  pla - ok
14:07:02.0732 5812  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:07:02.0779 5812  PlugPlay - ok
14:07:02.0810 5812  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:07:02.0826 5812  PNRPAutoReg - ok
14:07:02.0888 5812  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:07:02.0920 5812  PNRPsvc - ok
14:07:02.0966 5812  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:07:03.0029 5812  PolicyAgent - ok
14:07:03.0060 5812  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:07:03.0107 5812  PptpMiniport - ok
14:07:03.0122 5812  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
14:07:03.0169 5812  Processor - ok
14:07:03.0200 5812  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:07:03.0232 5812  ProfSvc - ok
14:07:03.0247 5812  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:07:03.0263 5812  ProtectedStorage - ok
14:07:03.0294 5812  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:07:03.0341 5812  PSched - ok
14:07:03.0388 5812  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:07:03.0434 5812  ql2300 - ok
14:07:03.0466 5812  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:07:03.0481 5812  ql40xx - ok
14:07:03.0544 5812  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:07:03.0575 5812  QWAVE - ok
14:07:03.0622 5812  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:07:03.0637 5812  QWAVEdrv - ok
14:07:03.0653 5812  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:07:03.0700 5812  RasAcd - ok
14:07:03.0731 5812  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:07:03.0778 5812  RasAuto - ok
14:07:03.0809 5812  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:03.0840 5812  Rasl2tp - ok
14:07:03.0871 5812  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:07:03.0918 5812  RasMan - ok
14:07:03.0949 5812  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:03.0965 5812  RasPppoe - ok
14:07:04.0012 5812  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:07:04.0027 5812  RasSstp - ok
14:07:04.0058 5812  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:07:04.0105 5812  rdbss - ok
14:07:04.0136 5812  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:07:04.0183 5812  RDPCDD - ok
14:07:04.0214 5812  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:07:04.0246 5812  rdpdr - ok
14:07:04.0246 5812  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:07:04.0308 5812  RDPENCDD - ok
14:07:04.0355 5812  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:07:04.0417 5812  RDPWD - ok
14:07:04.0542 5812  [ C96980CCCF84329824623B0B50383703 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:07:04.0573 5812  RegSrvc - ok
14:07:04.0604 5812  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:07:04.0651 5812  RemoteAccess - ok
14:07:04.0698 5812  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:07:04.0729 5812  RemoteRegistry - ok
14:07:04.0745 5812  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:07:04.0792 5812  RpcLocator - ok
14:07:04.0823 5812  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
14:07:04.0870 5812  RpcSs - ok
14:07:04.0916 5812  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:07:04.0994 5812  rspndr - ok
14:07:05.0010 5812  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
14:07:05.0041 5812  SamSs - ok
14:07:05.0072 5812  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:07:05.0088 5812  sbp2port - ok
14:07:05.0150 5812  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:07:05.0182 5812  SCardSvr - ok
14:07:05.0306 5812  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:07:05.0369 5812  Schedule - ok
14:07:05.0400 5812  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:07:05.0447 5812  SCPolicySvc - ok
14:07:05.0478 5812  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:07:05.0540 5812  SDRSVC - ok
14:07:05.0587 5812  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:07:05.0696 5812  secdrv - ok
14:07:05.0712 5812  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:07:05.0790 5812  seclogon - ok
14:07:05.0821 5812  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
14:07:05.0868 5812  SENS - ok
14:07:05.0899 5812  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:07:05.0977 5812  Serenum - ok
14:07:06.0024 5812  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:07:06.0118 5812  Serial - ok
14:07:06.0149 5812  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:07:06.0196 5812  sermouse - ok
14:07:06.0274 5812  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:07:06.0352 5812  SessionEnv - ok
14:07:06.0383 5812  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:07:06.0414 5812  sffdisk - ok
14:07:06.0445 5812  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:07:06.0539 5812  sffp_mmc - ok
14:07:06.0554 5812  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:07:06.0601 5812  sffp_sd - ok
14:07:06.0617 5812  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:07:06.0710 5812  sfloppy - ok
14:07:06.0773 5812  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:07:06.0851 5812  SharedAccess - ok
14:07:06.0929 5812  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:07:06.0976 5812  ShellHWDetection - ok
14:07:06.0991 5812  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:07:07.0007 5812  sisagp - ok
14:07:07.0069 5812  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:07:07.0085 5812  SiSRaid2 - ok
14:07:07.0132 5812  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:07:07.0147 5812  SiSRaid4 - ok
14:07:07.0210 5812  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:07:07.0241 5812  SkypeUpdate - ok
14:07:07.0366 5812  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
14:07:07.0475 5812  slsvc - ok
14:07:07.0537 5812  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:07:07.0568 5812  SLUINotify - ok
14:07:07.0600 5812  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:07:07.0615 5812  Smb - ok
14:07:07.0662 5812  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:07:07.0678 5812  SNMPTRAP - ok
14:07:07.0724 5812  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:07:07.0756 5812  spldr - ok
14:07:07.0787 5812  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
14:07:07.0849 5812  Spooler - ok
14:07:07.0880 5812  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:07:07.0943 5812  srv - ok
14:07:07.0974 5812  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:07:07.0990 5812  srv2 - ok
14:07:08.0005 5812  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:07:08.0036 5812  srvnet - ok
14:07:08.0052 5812  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:07:08.0114 5812  SSDPSRV - ok
14:07:08.0146 5812  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:07:08.0177 5812  SstpSvc - ok
14:07:08.0224 5812  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:07:08.0270 5812  stisvc - ok
14:07:08.0302 5812  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:07:08.0333 5812  swenum - ok
14:07:08.0364 5812  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
14:07:08.0426 5812  swprv - ok
14:07:08.0551 5812  [ CD77FD9B0071D2F36B14CC23DDE1AAD0 ] SXDS10          C:\Program Files\Common Files\soft Xpansion\sxds10.exe
14:07:08.0567 5812  SXDS10 ( UnsignedFile.Multi.Generic ) - warning
14:07:08.0567 5812  SXDS10 - detected UnsignedFile.Multi.Generic (1)
14:07:08.0614 5812  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:07:08.0645 5812  Symc8xx - ok
14:07:08.0660 5812  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:07:08.0692 5812  Sym_hi - ok
14:07:08.0738 5812  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:07:08.0754 5812  Sym_u3 - ok
14:07:08.0863 5812  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
14:07:08.0941 5812  SysMain - ok
14:07:09.0004 5812  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:07:09.0066 5812  TabletInputService - ok
14:07:09.0113 5812  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:07:09.0175 5812  TapiSrv - ok
14:07:09.0206 5812  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:07:09.0300 5812  TBS - ok
14:07:09.0425 5812  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:07:09.0487 5812  Tcpip - ok
14:07:09.0550 5812  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:07:09.0612 5812  Tcpip6 - ok
14:07:09.0643 5812  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:07:09.0690 5812  tcpipreg - ok
14:07:09.0721 5812  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:07:09.0768 5812  TDPIPE - ok
14:07:09.0799 5812  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:07:09.0862 5812  TDTCP - ok
14:07:09.0908 5812  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:07:09.0971 5812  tdx - ok
14:07:10.0002 5812  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:07:10.0033 5812  TermDD - ok
14:07:10.0127 5812  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
14:07:10.0205 5812  TermService - ok
14:07:10.0236 5812  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:07:10.0267 5812  Themes - ok
14:07:10.0298 5812  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:07:10.0345 5812  THREADORDER - ok
14:07:10.0423 5812  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:07:10.0470 5812  TrkWks - ok
14:07:10.0579 5812  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:07:10.0626 5812  TrustedInstaller - ok
14:07:10.0673 5812  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:10.0735 5812  tssecsrv - ok
14:07:10.0782 5812  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:07:10.0829 5812  tunmp - ok
14:07:10.0860 5812  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:07:10.0891 5812  tunnel - ok
14:07:10.0922 5812  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:07:10.0938 5812  uagp35 - ok
14:07:10.0985 5812  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:07:11.0016 5812  udfs - ok
14:07:11.0063 5812  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:07:11.0094 5812  UI0Detect - ok
14:07:11.0110 5812  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:07:11.0141 5812  uliagpkx - ok
14:07:11.0219 5812  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:07:11.0234 5812  uliahci - ok
14:07:11.0250 5812  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:07:11.0281 5812  UlSata - ok
14:07:11.0328 5812  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:07:11.0344 5812  ulsata2 - ok
14:07:11.0375 5812  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:07:11.0422 5812  umbus - ok
14:07:11.0484 5812  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:07:11.0578 5812  upnphost - ok
14:07:11.0640 5812  [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:11.0671 5812  usbccgp - ok
14:07:11.0718 5812  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:07:11.0812 5812  usbcir - ok
14:07:11.0843 5812  [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:07:11.0874 5812  usbehci - ok
14:07:11.0921 5812  [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:07:11.0952 5812  usbhub - ok
14:07:11.0983 5812  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:07:12.0061 5812  usbohci - ok
14:07:12.0139 5812  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:07:12.0186 5812  usbprint - ok
14:07:12.0233 5812  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:12.0295 5812  USBSTOR - ok
14:07:12.0311 5812  [ 44056325428A8E4C755830426E29878F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:07:12.0358 5812  usbuhci - ok
14:07:12.0404 5812  [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:07:12.0451 5812  usbvideo - ok
14:07:12.0514 5812  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
14:07:12.0560 5812  UxSms - ok
14:07:12.0592 5812  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
14:07:12.0670 5812  vds - ok
14:07:12.0701 5812  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:12.0794 5812  vga - ok
14:07:12.0826 5812  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:07:12.0888 5812  VgaSave - ok
14:07:12.0919 5812  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:07:12.0950 5812  viaagp - ok
14:07:12.0966 5812  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:07:13.0028 5812  ViaC7 - ok
14:07:13.0044 5812  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:07:13.0060 5812  viaide - ok
14:07:13.0106 5812  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:07:13.0138 5812  volmgr - ok
14:07:13.0216 5812  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:07:13.0247 5812  volmgrx - ok
14:07:13.0309 5812  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:07:13.0356 5812  volsnap - ok
14:07:13.0418 5812  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:07:13.0434 5812  vsmraid - ok
14:07:13.0590 5812  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
14:07:13.0684 5812  VSS - ok
14:07:13.0746 5812  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
14:07:13.0793 5812  W32Time - ok
14:07:13.0808 5812  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:07:13.0918 5812  WacomPen - ok
14:07:13.0949 5812  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:07:14.0011 5812  Wanarp - ok
14:07:14.0011 5812  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:07:14.0058 5812  Wanarpv6 - ok
14:07:14.0089 5812  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:07:14.0136 5812  wcncsvc - ok
14:07:14.0183 5812  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:07:14.0230 5812  WcsPlugInService - ok
14:07:14.0245 5812  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
14:07:14.0276 5812  Wd - ok
14:07:14.0308 5812  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:07:14.0354 5812  Wdf01000 - ok
14:07:14.0370 5812  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:07:14.0448 5812  WdiServiceHost - ok
14:07:14.0448 5812  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:07:14.0510 5812  WdiSystemHost - ok
14:07:14.0573 5812  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
14:07:14.0604 5812  WebClient - ok
14:07:14.0651 5812  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:07:14.0682 5812  Wecsvc - ok
14:07:14.0698 5812  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:07:14.0760 5812  wercplsupport - ok
14:07:14.0791 5812  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:07:14.0807 5812  WerSvc - ok
14:07:14.0885 5812  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:07:14.0900 5812  WinDefend - ok
14:07:14.0900 5812  WinHttpAutoProxySvc - ok
14:07:14.0994 5812  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:07:15.0010 5812  Winmgmt - ok
14:07:15.0119 5812  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:07:15.0166 5812  WinRM - ok
14:07:15.0275 5812  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:07:15.0337 5812  Wlansvc - ok
14:07:15.0431 5812  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:07:15.0634 5812  wlidsvc - ok
14:07:15.0696 5812  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:07:15.0774 5812  WmiAcpi - ok
14:07:15.0883 5812  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:07:15.0946 5812  wmiApSrv - ok
14:07:16.0070 5812  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:07:16.0164 5812  WMPNetworkSvc - ok
14:07:16.0195 5812  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:07:16.0258 5812  WPCSvc - ok
14:07:16.0289 5812  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:07:16.0336 5812  WPDBusEnum - ok
14:07:16.0523 5812  [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:07:16.0570 5812  WPFFontCache_v0400 - ok
14:07:16.0616 5812  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:07:16.0663 5812  ws2ifsl - ok
14:07:16.0694 5812  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
14:07:16.0741 5812  wscsvc - ok
14:07:16.0757 5812  WSearch - ok
14:07:17.0053 5812  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:07:17.0194 5812  wuauserv - ok
14:07:17.0240 5812  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:07:17.0272 5812  WudfPf - ok
14:07:17.0318 5812  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:17.0365 5812  WUDFRd - ok
14:07:17.0396 5812  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:07:17.0443 5812  wudfsvc - ok
14:07:17.0490 5812  [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
14:07:17.0568 5812  yukonwlh - ok
14:07:17.0584 5812  ================ Scan global ===============================
14:07:17.0615 5812  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:07:17.0662 5812  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:07:17.0693 5812  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:07:17.0740 5812  [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe
14:07:17.0740 5812  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
14:07:17.0740 5812  C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
14:07:17.0740 5812  ================ Scan MBR ==================================
14:07:17.0771 5812  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
14:07:19.0424 5812  \Device\Harddisk0\DR0 - ok
14:07:19.0424 5812  ================ Scan VBR ==================================
14:07:19.0456 5812  [ 52A7C86CADD8EE821359ACF4A2E22203 ] \Device\Harddisk0\DR0\Partition1
14:07:19.0471 5812  \Device\Harddisk0\DR0\Partition1 - ok
14:07:19.0487 5812  [ 24CA742ADC9A9E55FAC882AAE8AA1358 ] \Device\Harddisk0\DR0\Partition2
14:07:19.0487 5812  \Device\Harddisk0\DR0\Partition2 - ok
14:07:19.0487 5812  ============================================================
14:07:19.0487 5812  Scan finished
14:07:19.0487 5812  ============================================================
14:07:19.0502 1080  Detected object count: 2
14:07:19.0502 1080  Actual detected object count: 2
14:07:37.0302 1080  SXDS10 ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:37.0302 1080  SXDS10 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:07:37.0302 1080  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - skipped by user
14:07:37.0302 1080  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Skip

Es gab kein Problem mit services.exe, hier trotzdem ein neuer FRST log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013 01
Ran by Lara (administrator) on LARA-PC on 11-12-2013 14:26:37
Running from C:\Users\Lara\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [EMET Notifier] - C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [MRT] - C:\Windows\System32\mrt.exe [88123800 2013-12-01] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zeit.de/index
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC02600405276CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {80217218-29AD-4019-BA0B-7F102706CC36} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.zeit.de/index
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: EPUBReader - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-0FHdJAAQ7Nb73Q - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi
FF Extension: prefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF Extension: bprivacyprefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.zeit.de/index"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Awesome XKCD Widget [ANTP]) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigeakmkgpgffiojjihhjlggonmomacp\2012.134.4.0_0
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Marble) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool\1.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (You are Awesome) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkhopfdenimipdamjmfpijifmmpnakpc\8.2_0
CHR Extension: (Skype Click to Call) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0
CHR Extension: (Google Wallet) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [229520 2011-12-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 14:05 - 2013-12-11 14:05 - 00000000 ____D C:\Users\Lara\Downloads\tdsskiller
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller.zip
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller (1).zip
2013-12-11 14:01 - 2013-12-11 14:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lara\Downloads\tdsskiller.exe
2013-12-11 13:55 - 2013-12-11 13:55 - 00000000 ___DC C:\FRST
2013-12-11 03:06 - 2013-12-11 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 03:02 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 03:02 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 03:02 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 03:02 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 03:02 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 03:02 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 03:02 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 03:02 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 03:02 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 03:02 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 03:02 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 03:02 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 03:02 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 02:58 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-11 02:57 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-11 02:57 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-11 02:57 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-11 02:57 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-11 02:57 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-11 02:57 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-11 02:57 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-12-11 02:08 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 01:48 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 01:48 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-11 01:48 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-11 01:48 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-11 01:48 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-11 01:48 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-11 01:48 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-11 01:48 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 01:48 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-11 01:48 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-11 01:48 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-11 01:48 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-12-11 01:48 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-11 01:48 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-11 01:48 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-11 01:47 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 01:47 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 01:47 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 01:47 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 01:47 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 01:47 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 01:47 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 01:47 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 01:47 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-11 01:47 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-11 01:47 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 01:47 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-11 01:47 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-11 01:47 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-11 01:47 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-11 01:47 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-11 01:47 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-11 01:47 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-11 01:47 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-12-11 01:47 - 2013-03-03 20:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-11 01:47 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-12-11 01:47 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-11 01:47 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-12-11 01:47 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-11 01:47 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-12-11 01:47 - 2012-09-28 17:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-11 01:47 - 2012-08-21 12:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-12-11 01:47 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-11 01:47 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-11 01:47 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-11 01:46 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 01:46 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-11 01:46 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-11 01:46 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-12-11 01:46 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-11 01:46 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-12-11 01:46 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-11 01:46 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-11 01:46 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-11 01:46 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-11 01:46 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-11 01:46 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-11 01:46 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-11 01:46 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-11 01:46 - 2013-03-09 04:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-11 01:46 - 2013-03-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-11 01:46 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-11 01:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-11 01:45 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-11 01:45 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-11 01:45 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-11 01:45 - 2013-03-08 04:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-11 01:45 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-11 01:45 - 2013-02-12 02:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-11 01:40 - 2013-12-11 01:56 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:32 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-11 01:32 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-11 01:32 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2009-12-18 00:02 - 01203712 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2013-12-11 01:07 - 2009-05-01 02:14 - 00000589 _____ C:\Windows\dsetup.iss
2013-12-11 01:07 - 2009-03-19 04:31 - 02821120 _____ (Askey Computer Corporation.) C:\Windows\system32\AInst3141.exe
2013-12-11 01:07 - 2004-09-28 02:27 - 00000874 _____ C:\Windows\system32\WLL3141.cfgx
2013-12-11 00:39 - 2013-12-11 01:08 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:05 - 2013-12-11 04:21 - 00001276 _____ C:\Windows\PFRO.log
2013-12-10 11:56 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-10 11:56 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-10 11:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-10 11:51 - 2013-12-10 11:52 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:49 - 2013-12-11 13:52 - 01891342 _____ C:\Windows\WindowsUpdate.log
2013-12-10 02:29 - 2013-12-11 14:26 - 00019935 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-10 02:29 - 2013-12-10 02:33 - 00021306 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-10 02:28 - 2013-12-11 13:57 - 00000000 ___DC C:\Users\Lara\Desktop\FRST
2013-12-10 02:28 - 2013-12-11 02:08 - 01061389 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

2013-12-11 14:26 - 2013-12-10 02:29 - 00019935 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-11 14:26 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.001
2013-12-11 14:26 - 2011-02-25 15:31 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 14:05 - 2013-12-11 14:05 - 00000000 ____D C:\Users\Lara\Downloads\tdsskiller
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller.zip
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller (1).zip
2013-12-11 14:02 - 2013-12-11 14:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lara\Downloads\tdsskiller.exe
2013-12-11 13:57 - 2013-12-10 02:28 - 00000000 ___DC C:\Users\Lara\Desktop\FRST
2013-12-11 13:55 - 2013-12-11 13:55 - 00000000 ___DC C:\FRST
2013-12-11 13:55 - 2011-02-25 15:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 13:54 - 2008-01-21 08:16 - 01453972 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 13:52 - 2013-12-10 11:49 - 01891342 _____ C:\Windows\WindowsUpdate.log
2013-12-11 13:47 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.dat
2013-12-11 13:47 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 13:47 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 13:47 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 04:44 - 2006-11-02 14:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 04:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-12-11 04:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 04:34 - 2011-02-07 14:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000UA.job
2013-12-11 04:31 - 2012-04-01 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 04:21 - 2013-12-10 12:05 - 00001276 _____ C:\Windows\PFRO.log
2013-12-11 04:02 - 2011-01-28 23:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-11 04:01 - 2006-11-02 13:47 - 00398704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 03:58 - 2011-02-25 16:03 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-11 03:58 - 2008-01-21 08:15 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-12-11 03:58 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-12-11 03:58 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-11 03:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 03:51 - 2011-02-09 15:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-11 03:44 - 2011-04-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 03:06 - 2013-12-11 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 02:57 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini
2013-12-11 02:34 - 2011-02-07 14:50 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000Core.job
2013-12-11 02:31 - 2012-04-01 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 02:31 - 2011-06-21 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 02:08 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:08 - 2013-12-10 02:28 - 01061389 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 01:56 - 2013-12-11 01:40 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:56 - 2011-02-07 18:37 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:15 - 2013-01-05 03:26 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2013-12-11 01:08 - 2013-12-11 00:39 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2011-01-28 18:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-11 01:07 - 2011-01-28 05:11 - 00000000 ____D C:\Users\Lara
2013-12-10 13:14 - 2011-02-25 16:02 - 00000000 ____D C:\Program Files\Realtek
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:12 - 2012-07-13 04:04 - 00000000 ___DC C:\Qoobox
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-10 12:10 - 2012-07-13 04:04 - 00000000 ____D C:\Windows\erdnt
2013-12-10 12:06 - 2006-11-02 11:23 - 00000215 ____C C:\Windows\system.ini
2013-12-10 11:52 - 2013-12-10 11:51 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:42 - 2011-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2013-12-10 02:36 - 2011-02-07 14:52 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-10 02:33 - 2013-12-10 02:29 - 00021306 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe
2013-12-01 14:42 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-19 03:33 - 2011-02-07 15:00 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-15 00:13 - 2013-12-11 03:02 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 23:50 - 2013-12-11 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 23:50 - 2013-12-11 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 23:43 - 2013-12-11 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 23:42 - 2013-12-11 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 23:42 - 2013-12-11 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 23:41 - 2013-12-11 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 23:40 - 2013-12-11 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 23:38 - 2013-12-11 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 23:38 - 2013-12-11 03:02 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 23:38 - 2013-12-11 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 23:37 - 2013-12-11 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 23:36 - 2013-12-11 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 23:36 - 2013-12-11 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 23:35 - 2013-12-11 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 23:32 - 2013-12-11 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Some content of TEMP:
====================
C:\Users\Lara\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-11 13:54

==================== End Of Log ============================

--- --- ---

schrauber · 12.12.2013, 09:32

Zitat:

Es gab kein Problem mit services.exe, hier trotzdem ein neuer FRST log:

Zitat:

14:07:37.0302 1080 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - skipped by user
14:07:37.0302 1080 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Skip

Mach bitte nochmal TDSSKiller, dann wie oben beschrieben, Cure wählen, weiter, Logfile posten. Frischen Scan mit TDSSKiller, Log posten, Frisches FRST log.

sasa1 · 12.12.2013, 13:46

Da stand "Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
Wenn TDSSKiller die Datei services.exe anmeckert, gleich weiter mit Cure"
Das fand ich missverständlich, aber jetzt hab ichs:

Code:

ATTFilter

13:08:39.0853 3444  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:08:39.0915 3444  ============================================================
13:08:39.0915 3444  Current date / time: 2013/12/12 13:08:39.0915
13:08:39.0915 3444  SystemInfo:
13:08:39.0915 3444  
13:08:39.0915 3444  OS Version: 6.0.6002 ServicePack: 2.0
13:08:39.0915 3444  Product type: Workstation
13:08:39.0915 3444  ComputerName: LARA-PC
13:08:39.0915 3444  UserName: Lara
13:08:39.0915 3444  Windows directory: C:\Windows
13:08:39.0915 3444  System windows directory: C:\Windows
13:08:39.0915 3444  Processor architecture: Intel x86
13:08:39.0915 3444  Number of processors: 2
13:08:39.0915 3444  Page size: 0x1000
13:08:39.0915 3444  Boot type: Normal boot
13:08:39.0915 3444  ============================================================
13:08:43.0816 3444  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:08:43.0879 3444  ============================================================
13:08:43.0879 3444  \Device\Harddisk0\DR0:
13:08:43.0894 3444  MBR partitions:
13:08:43.0894 3444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x11940000
13:08:43.0894 3444  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12D40800, BlocksNum 0x126ED800
13:08:43.0894 3444  ============================================================
13:08:44.0206 3444  C: <-> \Device\Harddisk0\DR0\Partition1
13:08:44.0347 3444  D: <-> \Device\Harddisk0\DR0\Partition2
13:08:44.0347 3444  ============================================================
13:08:44.0347 3444  Initialize success
13:08:44.0347 3444  ============================================================
13:09:12.0583 3964  ============================================================
13:09:12.0583 3964  Scan started
13:09:12.0583 3964  Mode: Manual; 
13:09:12.0583 3964  ============================================================
13:09:15.0344 3964  ================ Scan system memory ========================
13:09:15.0344 3964  System memory - ok
13:09:15.0344 3964  ================ Scan services =============================
13:09:15.0812 3964  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:09:15.0828 3964  ACPI - ok
13:09:16.0062 3964  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:09:16.0077 3964  AdobeARMservice - ok
13:09:16.0202 3964  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:16.0264 3964  AdobeFlashPlayerUpdateSvc - ok
13:09:16.0436 3964  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:09:16.0498 3964  adp94xx - ok
13:09:16.0576 3964  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:09:16.0608 3964  adpahci - ok
13:09:16.0654 3964  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:09:16.0670 3964  adpu160m - ok
13:09:16.0686 3964  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:09:16.0717 3964  adpu320 - ok
13:09:16.0779 3964  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:09:16.0779 3964  AeLookupSvc - ok
13:09:16.0888 3964  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
13:09:16.0920 3964  AFD - ok
13:09:16.0982 3964  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:09:16.0982 3964  agp440 - ok
13:09:17.0044 3964  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:09:17.0060 3964  aic78xx - ok
13:09:17.0076 3964  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
13:09:17.0091 3964  ALG - ok
13:09:17.0122 3964  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:09:17.0138 3964  aliide - ok
13:09:17.0185 3964  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:09:17.0200 3964  amdagp - ok
13:09:17.0232 3964  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:09:17.0247 3964  amdide - ok
13:09:17.0278 3964  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:09:17.0294 3964  AmdK7 - ok
13:09:17.0325 3964  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:09:17.0325 3964  AmdK8 - ok
13:09:17.0403 3964  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
13:09:17.0403 3964  Appinfo - ok
13:09:17.0481 3964  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:17.0481 3964  Apple Mobile Device - ok
13:09:17.0528 3964  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
13:09:17.0528 3964  arc - ok
13:09:17.0590 3964  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:09:17.0590 3964  arcsas - ok
13:09:17.0637 3964  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:17.0637 3964  AsyncMac - ok
13:09:17.0684 3964  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:09:17.0684 3964  atapi - ok
13:09:17.0793 3964  [ F32FEE7CB2EE32C1F808409BC8019701 ] athr            C:\Windows\system32\DRIVERS\athr.sys
13:09:17.0934 3964  athr - ok
13:09:18.0012 3964  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:09:18.0043 3964  AudioEndpointBuilder - ok
13:09:18.0074 3964  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:09:18.0090 3964  Audiosrv - ok
13:09:18.0230 3964  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
13:09:18.0230 3964  BBSvc - ok
13:09:18.0308 3964  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
13:09:18.0355 3964  BBUpdate - ok
13:09:18.0433 3964  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:09:18.0433 3964  Beep - ok
13:09:18.0495 3964  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
13:09:18.0495 3964  BFE - ok
13:09:18.0589 3964  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
13:09:18.0682 3964  BITS - ok
13:09:18.0745 3964  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:09:18.0745 3964  blbdrive - ok
13:09:18.0823 3964  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:18.0870 3964  Bonjour Service - ok
13:09:18.0932 3964  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:09:18.0932 3964  bowser - ok
13:09:18.0994 3964  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:09:19.0026 3964  BrFiltLo - ok
13:09:19.0041 3964  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:09:19.0041 3964  BrFiltUp - ok
13:09:19.0150 3964  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
13:09:19.0150 3964  Browser - ok
13:09:19.0197 3964  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:09:19.0197 3964  Brserid - ok
13:09:19.0228 3964  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:09:19.0228 3964  BrSerWdm - ok
13:09:19.0275 3964  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:09:19.0291 3964  BrUsbMdm - ok
13:09:19.0306 3964  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:09:19.0306 3964  BrUsbSer - ok
13:09:19.0338 3964  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:09:19.0353 3964  BTHMODEM - ok
13:09:19.0384 3964  catchme - ok
13:09:19.0416 3964  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:09:19.0416 3964  cdfs - ok
13:09:19.0447 3964  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:09:19.0478 3964  cdrom - ok
13:09:19.0540 3964  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:09:19.0556 3964  CertPropSvc - ok
13:09:19.0587 3964  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
13:09:19.0603 3964  circlass - ok
13:09:19.0650 3964  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
13:09:19.0681 3964  CLFS - ok
13:09:19.0759 3964  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:19.0774 3964  clr_optimization_v2.0.50727_32 - ok
13:09:19.0837 3964  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:19.0852 3964  clr_optimization_v4.0.30319_32 - ok
13:09:19.0915 3964  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:19.0930 3964  CmBatt - ok
13:09:19.0962 3964  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:09:19.0977 3964  cmdide - ok
13:09:19.0993 3964  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:09:19.0993 3964  Compbatt - ok
13:09:20.0008 3964  COMSysApp - ok
13:09:20.0040 3964  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:09:20.0040 3964  crcdisk - ok
13:09:20.0071 3964  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:09:20.0086 3964  Crusoe - ok
13:09:20.0149 3964  [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:09:20.0164 3964  CryptSvc - ok
13:09:20.0258 3964  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:09:20.0305 3964  DcomLaunch - ok
13:09:20.0601 3964  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:09:20.0617 3964  DfsC - ok
13:09:20.0757 3964  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
13:09:21.0038 3964  DFSR - ok
13:09:21.0116 3964  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:09:21.0116 3964  Dhcp - ok
13:09:21.0147 3964  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
13:09:21.0163 3964  disk - ok
13:09:21.0225 3964  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:09:21.0225 3964  Dnscache - ok
13:09:21.0288 3964  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:09:21.0303 3964  dot3svc - ok
13:09:21.0350 3964  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
13:09:21.0366 3964  DPS - ok
13:09:21.0412 3964  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:09:21.0428 3964  drmkaud - ok
13:09:21.0490 3964  [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:09:21.0506 3964  DXGKrnl - ok
13:09:21.0568 3964  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:09:21.0568 3964  E1G60 - ok
13:09:21.0600 3964  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:09:21.0600 3964  EapHost - ok
13:09:21.0693 3964  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:09:21.0693 3964  Ecache - ok
13:09:21.0787 3964  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:09:21.0834 3964  ehRecvr - ok
13:09:21.0849 3964  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
13:09:21.0865 3964  ehSched - ok
13:09:21.0880 3964  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
13:09:21.0880 3964  ehstart - ok
13:09:22.0052 3964  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:09:22.0114 3964  elxstor - ok
13:09:22.0208 3964  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:09:22.0255 3964  EMDMgmt - ok
13:09:22.0302 3964  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:09:22.0317 3964  ErrDev - ok
13:09:22.0364 3964  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
13:09:22.0380 3964  EventSystem - ok
13:09:22.0536 3964  [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:09:22.0567 3964  EvtEng - ok
13:09:22.0692 3964  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
13:09:22.0692 3964  exfat - ok
13:09:22.0723 3964  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:09:22.0723 3964  fastfat - ok
13:09:22.0770 3964  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:09:22.0770 3964  fdc - ok
13:09:22.0816 3964  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:09:22.0816 3964  fdPHost - ok
13:09:22.0848 3964  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:09:22.0863 3964  FDResPub - ok
13:09:22.0894 3964  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:09:22.0910 3964  FileInfo - ok
13:09:22.0926 3964  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:09:22.0941 3964  Filetrace - ok
13:09:22.0972 3964  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:22.0988 3964  flpydisk - ok
13:09:23.0050 3964  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:09:23.0082 3964  FltMgr - ok
13:09:23.0175 3964  [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache       C:\Windows\system32\FntCache.dll
13:09:23.0222 3964  FontCache - ok
13:09:23.0300 3964  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:09:23.0331 3964  FontCache3.0.0.0 - ok
13:09:23.0347 3964  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:09:23.0347 3964  Fs_Rec - ok
13:09:23.0394 3964  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:09:23.0394 3964  gagp30kx - ok
13:09:23.0425 3964  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:09:23.0425 3964  GEARAspiWDM - ok
13:09:23.0472 3964  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:09:23.0534 3964  gpsvc - ok
13:09:23.0612 3964  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:23.0612 3964  gupdate - ok
13:09:23.0628 3964  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:23.0628 3964  gupdatem - ok
13:09:23.0690 3964  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:09:23.0690 3964  HdAudAddService - ok
13:09:23.0737 3964  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:09:23.0768 3964  HDAudBus - ok
13:09:23.0799 3964  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:09:23.0799 3964  HidBth - ok
13:09:23.0815 3964  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:09:23.0815 3964  HidIr - ok
13:09:23.0862 3964  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
13:09:23.0862 3964  hidserv - ok
13:09:23.0908 3964  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:09:23.0924 3964  HidUsb - ok
13:09:24.0002 3964  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:09:24.0002 3964  hkmsvc - ok
13:09:24.0033 3964  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:09:24.0049 3964  HpCISSs - ok
13:09:24.0142 3964  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:09:24.0252 3964  HTTP - ok
13:09:24.0298 3964  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:09:24.0298 3964  i2omp - ok
13:09:24.0361 3964  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:09:24.0376 3964  i8042prt - ok
13:09:24.0423 3964  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:09:24.0501 3964  iaStorV - ok
13:09:24.0595 3964  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:09:24.0751 3964  idsvc - ok
13:09:24.0766 3964  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:09:24.0782 3964  iirsp - ok
13:09:24.0876 3964  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:09:25.0000 3964  IKEEXT - ok
13:09:25.0203 3964  [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:09:25.0219 3964  IntcAzAudAddService - ok
13:09:25.0297 3964  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:09:25.0297 3964  intelide - ok
13:09:25.0328 3964  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:09:25.0328 3964  intelppm - ok
13:09:25.0359 3964  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:09:25.0375 3964  IPBusEnum - ok
13:09:25.0390 3964  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:25.0390 3964  IpFilterDriver - ok
13:09:25.0406 3964  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:09:25.0422 3964  iphlpsvc - ok
13:09:25.0422 3964  IpInIp - ok
13:09:25.0453 3964  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:09:25.0468 3964  IPMIDRV - ok
13:09:25.0484 3964  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:09:25.0484 3964  IPNAT - ok
13:09:25.0593 3964  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:09:25.0656 3964  iPod Service - ok
13:09:25.0671 3964  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:09:25.0687 3964  IRENUM - ok
13:09:25.0734 3964  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:09:25.0749 3964  isapnp - ok
13:09:25.0796 3964  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:09:25.0796 3964  iScsiPrt - ok
13:09:25.0843 3964  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:09:25.0843 3964  iteatapi - ok
13:09:25.0890 3964  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:09:25.0905 3964  iteraid - ok
13:09:25.0936 3964  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:25.0936 3964  kbdclass - ok
13:09:25.0968 3964  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:09:25.0968 3964  kbdhid - ok
13:09:25.0999 3964  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
13:09:26.0014 3964  KeyIso - ok
13:09:26.0108 3964  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
13:09:26.0124 3964  KMDFMEMIO - ok
13:09:26.0326 3964  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:09:26.0436 3964  KSecDD - ok
13:09:26.0514 3964  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:09:26.0545 3964  KtmRm - ok
13:09:26.0592 3964  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:09:26.0607 3964  LanmanServer - ok
13:09:26.0654 3964  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:09:26.0670 3964  LanmanWorkstation - ok
13:09:26.0716 3964  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:09:26.0732 3964  lltdio - ok
13:09:26.0779 3964  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:09:26.0794 3964  lltdsvc - ok
13:09:26.0826 3964  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:09:26.0826 3964  lmhosts - ok
13:09:26.0857 3964  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:09:26.0857 3964  LSI_FC - ok
13:09:26.0888 3964  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:09:26.0919 3964  LSI_SAS - ok
13:09:26.0966 3964  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:09:26.0982 3964  LSI_SCSI - ok
13:09:26.0997 3964  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
13:09:27.0013 3964  luafv - ok
13:09:27.0044 3964  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:09:27.0044 3964  MBAMProtector - ok
13:09:27.0262 3964  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:09:27.0356 3964  MBAMScheduler - ok
13:09:27.0574 3964  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:09:27.0699 3964  MBAMService - ok
13:09:27.0793 3964  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:27.0808 3964  McNASvc - ok
13:09:27.0824 3964  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:09:27.0840 3964  McProxy - ok
13:09:27.0871 3964  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:09:27.0871 3964  Mcx2Svc - ok
13:09:27.0933 3964  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:09:27.0964 3964  megasas - ok
13:09:28.0027 3964  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:09:28.0105 3964  MegaSR - ok
13:09:28.0152 3964  [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
13:09:28.0152 3964  mfeapfk - ok
13:09:28.0261 3964  [ D1E998748BA24A731106611D535C6BBF ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
13:09:28.0276 3964  mfehidk - ok
13:09:28.0339 3964  [ 2B8DFC60EDDDAA33EB5E9F7C91B48ACD ] mfevtp          C:\Windows\system32\mfevtps.exe
13:09:28.0354 3964  mfevtp - ok
13:09:28.0386 3964  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
13:09:28.0386 3964  MMCSS - ok
13:09:28.0417 3964  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
13:09:28.0417 3964  Modem - ok
13:09:28.0448 3964  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:09:28.0464 3964  monitor - ok
13:09:28.0479 3964  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:09:28.0479 3964  mouclass - ok
13:09:28.0510 3964  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:09:28.0526 3964  mouhid - ok
13:09:28.0573 3964  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:09:28.0588 3964  MountMgr - ok
13:09:28.0620 3964  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:09:28.0635 3964  MozillaMaintenance - ok
13:09:28.0682 3964  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:09:28.0682 3964  mpio - ok
13:09:28.0713 3964  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:09:28.0713 3964  mpsdrv - ok
13:09:28.0776 3964  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:09:28.0807 3964  MpsSvc - ok
13:09:28.0838 3964  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:09:28.0838 3964  Mraid35x - ok
13:09:28.0885 3964  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:09:28.0900 3964  MRxDAV - ok
13:09:28.0932 3964  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:28.0932 3964  mrxsmb - ok
13:09:28.0978 3964  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:28.0978 3964  mrxsmb10 - ok
13:09:29.0010 3964  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:29.0010 3964  mrxsmb20 - ok
13:09:29.0025 3964  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:09:29.0025 3964  msahci - ok
13:09:29.0056 3964  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:09:29.0056 3964  msdsm - ok
13:09:29.0072 3964  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
13:09:29.0088 3964  MSDTC - ok
13:09:29.0431 3964  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:09:29.0446 3964  Msfs - ok
13:09:29.0478 3964  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:09:29.0478 3964  msisadrv - ok
13:09:29.0493 3964  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:09:29.0509 3964  MSiSCSI - ok
13:09:29.0509 3964  msiserver - ok
13:09:29.0540 3964  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:09:29.0540 3964  MSKSSRV - ok
13:09:29.0587 3964  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:29.0587 3964  MSPCLOCK - ok
13:09:29.0602 3964  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:09:29.0602 3964  MSPQM - ok
13:09:29.0649 3964  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:09:29.0649 3964  MsRPC - ok
13:09:29.0727 3964  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:09:29.0727 3964  mssmbios - ok
13:09:29.0821 3964  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:09:29.0821 3964  MSTEE - ok
13:09:29.0930 3964  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:09:29.0930 3964  Mup - ok
13:09:30.0008 3964  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
13:09:30.0024 3964  napagent - ok
13:09:30.0055 3964  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:09:30.0070 3964  NativeWifiP - ok
13:09:30.0133 3964  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:09:30.0148 3964  NDIS - ok
13:09:30.0180 3964  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:30.0195 3964  NdisTapi - ok
13:09:30.0211 3964  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:30.0211 3964  Ndisuio - ok
13:09:30.0242 3964  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:30.0242 3964  NdisWan - ok
13:09:30.0258 3964  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:09:30.0258 3964  NDProxy - ok
13:09:30.0273 3964  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:09:30.0273 3964  NetBIOS - ok
13:09:30.0304 3964  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:09:30.0320 3964  netbt - ok
13:09:30.0336 3964  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
13:09:30.0336 3964  Netlogon - ok
13:09:30.0382 3964  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
13:09:30.0414 3964  Netman - ok
13:09:30.0429 3964  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
13:09:30.0445 3964  netprofm - ok
13:09:30.0476 3964  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:30.0476 3964  NetTcpPortSharing - ok
13:09:30.0523 3964  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:09:30.0538 3964  nfrd960 - ok
13:09:30.0554 3964  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:09:30.0554 3964  NlaSvc - ok
13:09:30.0601 3964  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:09:30.0601 3964  Npfs - ok
13:09:30.0632 3964  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
13:09:30.0632 3964  nsi - ok
13:09:30.0648 3964  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:09:30.0648 3964  nsiproxy - ok
13:09:30.0772 3964  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:09:30.0819 3964  Ntfs - ok
13:09:30.0866 3964  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:09:30.0882 3964  ntrigdigi - ok
13:09:30.0897 3964  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
13:09:30.0928 3964  Null - ok
13:09:30.0960 3964  [ B4F70FAC4EA61CF150823AA063A39FF9 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
13:09:30.0960 3964  NVHDA - ok
13:09:32.0036 3964  [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:09:32.0098 3964  nvlddmkm - ok
13:09:32.0145 3964  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:09:32.0192 3964  nvraid - ok
13:09:32.0223 3964  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:09:32.0223 3964  nvstor - ok
13:09:32.0270 3964  [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:09:32.0270 3964  nvsvc - ok
13:09:32.0286 3964  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:09:32.0286 3964  nv_agp - ok
13:09:32.0286 3964  NwlnkFlt - ok
13:09:32.0301 3964  NwlnkFwd - ok
13:09:32.0457 3964  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:09:32.0520 3964  odserv - ok
13:09:32.0566 3964  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:09:32.0566 3964  ohci1394 - ok
13:09:32.0832 3964  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:09:32.0832 3964  ose - ok
13:09:32.0894 3964  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:09:32.0910 3964  p2pimsvc - ok
13:09:32.0941 3964  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:09:32.0956 3964  p2psvc - ok
13:09:33.0019 3964  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
13:09:33.0050 3964  Parport - ok
13:09:33.0097 3964  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:09:33.0097 3964  partmgr - ok
13:09:33.0128 3964  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:09:33.0128 3964  Parvdm - ok
13:09:33.0159 3964  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:09:33.0159 3964  PcaSvc - ok
13:09:33.0190 3964  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
13:09:33.0222 3964  pci - ok
13:09:33.0253 3964  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
13:09:33.0268 3964  pciide - ok
13:09:33.0315 3964  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:09:33.0315 3964  pcmcia - ok
13:09:33.0378 3964  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:09:33.0409 3964  PEAUTH - ok
13:09:33.0612 3964  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
13:09:33.0658 3964  pla - ok
13:09:33.0690 3964  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:09:33.0721 3964  PlugPlay - ok
13:09:33.0752 3964  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:09:33.0752 3964  PNRPAutoReg - ok
13:09:33.0799 3964  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:09:33.0814 3964  PNRPsvc - ok
13:09:33.0846 3964  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:09:33.0861 3964  PolicyAgent - ok
13:09:33.0892 3964  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:09:33.0892 3964  PptpMiniport - ok
13:09:33.0924 3964  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
13:09:33.0924 3964  Processor - ok
13:09:33.0939 3964  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:09:33.0955 3964  ProfSvc - ok
13:09:33.0970 3964  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:09:33.0970 3964  ProtectedStorage - ok
13:09:34.0002 3964  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:09:34.0002 3964  PSched - ok
13:09:34.0048 3964  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:09:34.0095 3964  ql2300 - ok
13:09:34.0126 3964  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:09:34.0126 3964  ql40xx - ok
13:09:34.0158 3964  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
13:09:34.0173 3964  QWAVE - ok
13:09:34.0204 3964  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:09:34.0204 3964  QWAVEdrv - ok
13:09:34.0220 3964  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:09:34.0220 3964  RasAcd - ok
13:09:34.0236 3964  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
13:09:34.0236 3964  RasAuto - ok
13:09:34.0251 3964  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:34.0267 3964  Rasl2tp - ok
13:09:34.0314 3964  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
13:09:34.0314 3964  RasMan - ok
13:09:34.0345 3964  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:34.0345 3964  RasPppoe - ok
13:09:34.0392 3964  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:09:34.0407 3964  RasSstp - ok
13:09:34.0438 3964  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:09:34.0470 3964  rdbss - ok
13:09:34.0501 3964  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:34.0501 3964  RDPCDD - ok
13:09:34.0548 3964  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:09:34.0563 3964  rdpdr - ok
13:09:34.0563 3964  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:09:34.0563 3964  RDPENCDD - ok
13:09:34.0626 3964  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:09:34.0641 3964  RDPWD - ok
13:09:34.0719 3964  [ C96980CCCF84329824623B0B50383703 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:09:34.0735 3964  RegSrvc - ok
13:09:34.0766 3964  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:09:34.0766 3964  RemoteAccess - ok
13:09:34.0797 3964  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:09:34.0797 3964  RemoteRegistry - ok
13:09:34.0844 3964  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:09:34.0844 3964  RpcLocator - ok
13:09:34.0891 3964  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
13:09:34.0891 3964  RpcSs - ok
13:09:34.0938 3964  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:09:34.0938 3964  rspndr - ok
13:09:34.0984 3964  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
13:09:34.0984 3964  SamSs - ok
13:09:35.0187 3964  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:09:35.0203 3964  sbp2port - ok
13:09:35.0250 3964  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:09:35.0281 3964  SCardSvr - ok
13:09:35.0421 3964  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
13:09:35.0452 3964  Schedule - ok
13:09:35.0468 3964  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:09:35.0484 3964  SCPolicySvc - ok
13:09:35.0515 3964  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:09:35.0530 3964  SDRSVC - ok
13:09:35.0562 3964  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:09:35.0562 3964  secdrv - ok
13:09:35.0577 3964  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
13:09:35.0577 3964  seclogon - ok
13:09:35.0608 3964  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
13:09:35.0608 3964  SENS - ok
13:09:35.0624 3964  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:09:35.0624 3964  Serenum - ok
13:09:35.0640 3964  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
13:09:35.0655 3964  Serial - ok
13:09:35.0671 3964  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:09:35.0686 3964  sermouse - ok
13:09:35.0718 3964  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:09:35.0733 3964  SessionEnv - ok
13:09:35.0749 3964  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:09:35.0764 3964  sffdisk - ok
13:09:35.0780 3964  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:09:35.0780 3964  sffp_mmc - ok
13:09:35.0796 3964  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:09:35.0796 3964  sffp_sd - ok
13:09:35.0827 3964  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:09:35.0827 3964  sfloppy - ok
13:09:35.0905 3964  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:09:35.0920 3964  SharedAccess - ok
13:09:35.0952 3964  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:09:35.0967 3964  ShellHWDetection - ok
13:09:35.0998 3964  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:09:35.0998 3964  sisagp - ok
13:09:36.0030 3964  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:09:36.0045 3964  SiSRaid2 - ok
13:09:36.0045 3964  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:09:36.0061 3964  SiSRaid4 - ok
13:09:36.0108 3964  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:09:36.0108 3964  SkypeUpdate - ok
13:09:36.0357 3964  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
13:09:36.0466 3964  slsvc - ok
13:09:36.0498 3964  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:09:36.0513 3964  SLUINotify - ok
13:09:36.0544 3964  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:09:36.0544 3964  Smb - ok
13:09:36.0607 3964  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:09:36.0622 3964  SNMPTRAP - ok
13:09:36.0654 3964  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
13:09:36.0654 3964  spldr - ok
13:09:36.0685 3964  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
13:09:36.0700 3964  Spooler - ok
13:09:36.0732 3964  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:09:36.0747 3964  srv - ok
13:09:36.0778 3964  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:09:36.0778 3964  srv2 - ok
13:09:36.0794 3964  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:09:36.0794 3964  srvnet - ok
13:09:36.0825 3964  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:09:36.0825 3964  SSDPSRV - ok
13:09:36.0919 3964  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:09:36.0934 3964  SstpSvc - ok
13:09:36.0966 3964  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
13:09:36.0997 3964  stisvc - ok
13:09:37.0012 3964  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:09:37.0012 3964  swenum - ok
13:09:37.0059 3964  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
13:09:37.0059 3964  swprv - ok
13:09:37.0106 3964  [ CD77FD9B0071D2F36B14CC23DDE1AAD0 ] SXDS10          C:\Program Files\Common Files\soft Xpansion\sxds10.exe
13:09:37.0106 3964  SXDS10 - ok
13:09:37.0137 3964  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:09:37.0137 3964  Symc8xx - ok
13:09:37.0153 3964  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:09:37.0153 3964  Sym_hi - ok
13:09:37.0168 3964  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:09:37.0168 3964  Sym_u3 - ok
13:09:37.0231 3964  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
13:09:37.0262 3964  SysMain - ok
13:09:37.0293 3964  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:09:37.0309 3964  TabletInputService - ok
13:09:37.0340 3964  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:09:37.0356 3964  TapiSrv - ok
13:09:37.0387 3964  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
13:09:37.0387 3964  TBS - ok
13:09:37.0449 3964  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:09:37.0496 3964  Tcpip - ok
13:09:37.0574 3964  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:09:37.0590 3964  Tcpip6 - ok
13:09:37.0652 3964  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:09:37.0668 3964  tcpipreg - ok
13:09:37.0699 3964  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:09:37.0699 3964  TDPIPE - ok
13:09:37.0714 3964  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:09:37.0714 3964  TDTCP - ok
13:09:37.0746 3964  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:09:37.0746 3964  tdx - ok
13:09:37.0777 3964  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:09:37.0777 3964  TermDD - ok
13:09:37.0824 3964  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
13:09:37.0855 3964  TermService - ok
13:09:37.0886 3964  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
13:09:37.0886 3964  Themes - ok
13:09:37.0917 3964  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:09:37.0917 3964  THREADORDER - ok
13:09:37.0948 3964  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
13:09:37.0964 3964  TrkWks - ok
13:09:38.0011 3964  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:09:38.0011 3964  TrustedInstaller - ok
13:09:38.0058 3964  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:09:38.0089 3964  tssecsrv - ok
13:09:38.0120 3964  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:09:38.0120 3964  tunmp - ok
13:09:38.0167 3964  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:09:38.0167 3964  tunnel - ok
13:09:38.0182 3964  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:09:38.0182 3964  uagp35 - ok
13:09:38.0214 3964  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:09:38.0229 3964  udfs - ok
13:09:38.0292 3964  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:09:38.0307 3964  UI0Detect - ok
13:09:38.0323 3964  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:09:38.0323 3964  uliagpkx - ok
13:09:38.0354 3964  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:09:38.0370 3964  uliahci - ok
13:09:38.0385 3964  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:09:38.0416 3964  UlSata - ok
13:09:38.0463 3964  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:09:38.0479 3964  ulsata2 - ok
13:09:38.0494 3964  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:09:38.0494 3964  umbus - ok
13:09:38.0526 3964  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
13:09:38.0526 3964  upnphost - ok
13:09:38.0588 3964  [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:09:38.0604 3964  usbccgp - ok
13:09:38.0619 3964  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:09:38.0619 3964  usbcir - ok
13:09:38.0650 3964  [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:09:38.0650 3964  usbehci - ok
13:09:38.0682 3964  [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:09:38.0682 3964  usbhub - ok
13:09:38.0728 3964  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:09:38.0728 3964  usbohci - ok
13:09:38.0760 3964  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:09:38.0760 3964  usbprint - ok
13:09:38.0775 3964  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:09:38.0775 3964  USBSTOR - ok
13:09:38.0806 3964  [ 44056325428A8E4C755830426E29878F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:09:38.0806 3964  usbuhci - ok
13:09:38.0853 3964  [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:09:38.0853 3964  usbvideo - ok
13:09:38.0884 3964  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
13:09:38.0900 3964  UxSms - ok
13:09:38.0962 3964  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
13:09:39.0009 3964  vds - ok
13:09:39.0056 3964  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:09:39.0056 3964  vga - ok
13:09:39.0087 3964  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:09:39.0087 3964  VgaSave - ok
13:09:39.0103 3964  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:09:39.0103 3964  viaagp - ok
13:09:39.0118 3964  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:09:39.0118 3964  ViaC7 - ok
13:09:39.0150 3964  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
13:09:39.0165 3964  viaide - ok
13:09:39.0181 3964  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:09:39.0181 3964  volmgr - ok
13:09:39.0212 3964  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:09:39.0228 3964  volmgrx - ok
13:09:39.0259 3964  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:09:39.0274 3964  volsnap - ok
13:09:39.0321 3964  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:09:39.0321 3964  vsmraid - ok
13:09:39.0477 3964  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
13:09:39.0524 3964  VSS - ok
13:09:39.0555 3964  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
13:09:39.0571 3964  W32Time - ok
13:09:39.0602 3964  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:09:39.0602 3964  WacomPen - ok
13:09:39.0649 3964  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:09:39.0649 3964  Wanarp - ok
13:09:39.0649 3964  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:09:39.0649 3964  Wanarpv6 - ok
13:09:39.0696 3964  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:09:39.0727 3964  wcncsvc - ok
13:09:39.0774 3964  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:09:39.0774 3964  WcsPlugInService - ok
13:09:39.0789 3964  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
13:09:39.0805 3964  Wd - ok
13:09:39.0836 3964  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:09:39.0852 3964  Wdf01000 - ok
13:09:39.0898 3964  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:09:39.0914 3964  WdiServiceHost - ok
13:09:39.0930 3964  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:09:39.0930 3964  WdiSystemHost - ok
13:09:39.0976 3964  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
13:09:39.0992 3964  WebClient - ok
13:09:40.0054 3964  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:09:40.0070 3964  Wecsvc - ok
13:09:40.0101 3964  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:09:40.0101 3964  wercplsupport - ok
13:09:40.0117 3964  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:09:40.0132 3964  WerSvc - ok
13:09:40.0257 3964  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:09:40.0304 3964  WinDefend - ok
13:09:40.0320 3964  WinHttpAutoProxySvc - ok
13:09:40.0600 3964  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:09:40.0632 3964  Winmgmt - ok
13:09:40.0725 3964  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:09:40.0834 3964  WinRM - ok
13:09:40.0897 3964  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:09:40.0912 3964  Wlansvc - ok
13:09:41.0271 3964  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:09:41.0334 3964  wlidsvc - ok
13:09:41.0365 3964  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:09:41.0365 3964  WmiAcpi - ok
13:09:41.0396 3964  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:09:41.0412 3964  wmiApSrv - ok
13:09:41.0474 3964  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:09:41.0521 3964  WMPNetworkSvc - ok
13:09:41.0536 3964  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:09:41.0552 3964  WPCSvc - ok
13:09:41.0599 3964  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:09:41.0614 3964  WPDBusEnum - ok
13:09:41.0864 3964  [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:09:41.0911 3964  WPFFontCache_v0400 - ok
13:09:41.0958 3964  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:09:41.0958 3964  ws2ifsl - ok
13:09:42.0004 3964  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
13:09:42.0004 3964  wscsvc - ok
13:09:42.0020 3964  WSearch - ok
13:09:42.0379 3964  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:09:42.0457 3964  wuauserv - ok
13:09:42.0519 3964  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:09:42.0535 3964  WudfPf - ok
13:09:42.0597 3964  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:09:42.0597 3964  WUDFRd - ok
13:09:42.0628 3964  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:09:42.0628 3964  wudfsvc - ok
13:09:42.0706 3964  [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
13:09:42.0706 3964  yukonwlh - ok
13:09:42.0722 3964  ================ Scan global ===============================
13:09:42.0738 3964  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:09:42.0784 3964  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:09:42.0831 3964  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:09:42.0862 3964  [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe
13:09:42.0894 3964  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
13:09:42.0894 3964  C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
13:09:42.0894 3964  ================ Scan MBR ==================================
13:09:42.0909 3964  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
13:09:44.0906 3964  \Device\Harddisk0\DR0 - ok
13:09:44.0906 3964  ================ Scan VBR ==================================
13:09:44.0906 3964  [ 52A7C86CADD8EE821359ACF4A2E22203 ] \Device\Harddisk0\DR0\Partition1
13:09:44.0953 3964  \Device\Harddisk0\DR0\Partition1 - ok
13:09:44.0968 3964  [ 24CA742ADC9A9E55FAC882AAE8AA1358 ] \Device\Harddisk0\DR0\Partition2
13:09:44.0968 3964  \Device\Harddisk0\DR0\Partition2 - ok
13:09:44.0968 3964  ============================================================
13:09:44.0968 3964  Scan finished
13:09:44.0968 3964  ============================================================
13:09:44.0984 4068  Detected object count: 1
13:09:44.0984 4068  Actual detected object count: 1
13:09:49.0446 4068  C:\Windows\system32\services.exe - copied to quarantine
13:09:58.0478 4068  Backup copy found, using it..
13:09:58.0603 4068  C:\Windows\system32\services.exe - will be cured on reboot
13:09:58.0603 4068  C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure 
13:10:09.0039 2556  Deinitialize success

Code:

ATTFilter

13:12:09.0895 3348  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:12:09.0957 3348  ============================================================
13:12:09.0957 3348  Current date / time: 2013/12/12 13:12:09.0957
13:12:09.0957 3348  SystemInfo:
13:12:09.0957 3348  
13:12:09.0957 3348  OS Version: 6.0.6002 ServicePack: 2.0
13:12:09.0957 3348  Product type: Workstation
13:12:09.0957 3348  ComputerName: LARA-PC
13:12:09.0957 3348  UserName: Lara
13:12:09.0957 3348  Windows directory: C:\Windows
13:12:09.0957 3348  System windows directory: C:\Windows
13:12:09.0957 3348  Processor architecture: Intel x86
13:12:09.0957 3348  Number of processors: 2
13:12:09.0957 3348  Page size: 0x1000
13:12:09.0957 3348  Boot type: Normal boot
13:12:09.0957 3348  ============================================================
13:12:12.0251 3348  BG loaded
13:12:12.0687 3348  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:12.0687 3348  ============================================================
13:12:12.0687 3348  \Device\Harddisk0\DR0:
13:12:12.0703 3348  MBR partitions:
13:12:12.0703 3348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x11940000
13:12:12.0703 3348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12D40800, BlocksNum 0x126ED800
13:12:12.0703 3348  ============================================================
13:12:12.0937 3348  C: <-> \Device\Harddisk0\DR0\Partition1
13:12:13.0093 3348  D: <-> \Device\Harddisk0\DR0\Partition2
13:12:13.0093 3348  ============================================================
13:12:13.0093 3348  Initialize success
13:12:13.0093 3348  ============================================================
13:12:19.0246 3616  ============================================================
13:12:19.0246 3616  Scan started
13:12:19.0246 3616  Mode: Manual; 
13:12:19.0246 3616  ============================================================
13:12:26.0189 3616  ================ Scan system memory ========================
13:12:26.0189 3616  System memory - ok
13:12:26.0189 3616  ================ Scan services =============================
13:12:27.0047 3616  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:12:27.0063 3616  ACPI - ok
13:12:27.0203 3616  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:12:27.0203 3616  AdobeARMservice - ok
13:12:27.0328 3616  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:12:27.0375 3616  AdobeFlashPlayerUpdateSvc - ok
13:12:27.0437 3616  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:12:27.0453 3616  adp94xx - ok
13:12:27.0500 3616  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:12:27.0515 3616  adpahci - ok
13:12:27.0531 3616  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:12:27.0531 3616  adpu160m - ok
13:12:27.0562 3616  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:12:27.0578 3616  adpu320 - ok
13:12:27.0625 3616  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:12:27.0625 3616  AeLookupSvc - ok
13:12:27.0734 3616  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
13:12:27.0734 3616  AFD - ok
13:12:27.0796 3616  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:12:27.0812 3616  agp440 - ok
13:12:27.0843 3616  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:12:27.0859 3616  aic78xx - ok
13:12:27.0874 3616  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
13:12:27.0874 3616  ALG - ok
13:12:27.0921 3616  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:12:27.0968 3616  aliide - ok
13:12:28.0015 3616  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:12:28.0015 3616  amdagp - ok
13:12:28.0077 3616  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:12:28.0077 3616  amdide - ok
13:12:28.0139 3616  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:12:28.0155 3616  AmdK7 - ok
13:12:28.0202 3616  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:12:28.0217 3616  AmdK8 - ok
13:12:28.0280 3616  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
13:12:28.0280 3616  Appinfo - ok
13:12:28.0436 3616  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:12:28.0467 3616  Apple Mobile Device - ok
13:12:28.0514 3616  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
13:12:28.0529 3616  arc - ok
13:12:28.0576 3616  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:12:28.0592 3616  arcsas - ok
13:12:28.0623 3616  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:28.0623 3616  AsyncMac - ok
13:12:28.0654 3616  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:12:28.0654 3616  atapi - ok
13:12:28.0732 3616  [ F32FEE7CB2EE32C1F808409BC8019701 ] athr            C:\Windows\system32\DRIVERS\athr.sys
13:12:28.0748 3616  athr - ok
13:12:28.0826 3616  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:12:28.0826 3616  AudioEndpointBuilder - ok
13:12:28.0857 3616  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:12:28.0873 3616  Audiosrv - ok
13:12:28.0997 3616  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
13:12:28.0997 3616  BBSvc - ok
13:12:29.0060 3616  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
13:12:29.0122 3616  BBUpdate - ok
13:12:29.0185 3616  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:12:29.0185 3616  Beep - ok
13:12:29.0278 3616  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
13:12:29.0294 3616  BFE - ok
13:12:29.0465 3616  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
13:12:29.0481 3616  BITS - ok
13:12:29.0528 3616  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:12:29.0543 3616  blbdrive - ok
13:12:29.0668 3616  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:12:29.0668 3616  Bonjour Service - ok
13:12:29.0762 3616  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:12:29.0762 3616  bowser - ok
13:12:29.0840 3616  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:12:29.0855 3616  BrFiltLo - ok
13:12:29.0887 3616  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:12:29.0902 3616  BrFiltUp - ok
13:12:29.0996 3616  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
13:12:29.0996 3616  Browser - ok
13:12:30.0058 3616  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:12:30.0136 3616  Brserid - ok
13:12:30.0167 3616  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:12:30.0183 3616  BrSerWdm - ok
13:12:30.0214 3616  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:12:30.0245 3616  BrUsbMdm - ok
13:12:30.0261 3616  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:12:30.0261 3616  BrUsbSer - ok
13:12:30.0308 3616  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:12:30.0308 3616  BTHMODEM - ok
13:12:30.0339 3616  catchme - ok
13:12:30.0355 3616  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:12:30.0370 3616  cdfs - ok
13:12:30.0386 3616  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:12:30.0386 3616  cdrom - ok
13:12:30.0417 3616  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:12:30.0417 3616  CertPropSvc - ok
13:12:30.0464 3616  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
13:12:30.0479 3616  circlass - ok
13:12:30.0511 3616  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
13:12:30.0511 3616  CLFS - ok
13:12:30.0729 3616  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:30.0745 3616  clr_optimization_v2.0.50727_32 - ok
13:12:30.0807 3616  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:30.0854 3616  clr_optimization_v4.0.30319_32 - ok
13:12:30.0901 3616  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:30.0901 3616  CmBatt - ok
13:12:30.0932 3616  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:12:30.0932 3616  cmdide - ok
13:12:30.0947 3616  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:12:30.0947 3616  Compbatt - ok
13:12:30.0963 3616  COMSysApp - ok
13:12:30.0979 3616  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:12:30.0979 3616  crcdisk - ok
13:12:30.0994 3616  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:12:30.0994 3616  Crusoe - ok
13:12:31.0025 3616  [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:12:31.0025 3616  CryptSvc - ok
13:12:31.0088 3616  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:12:31.0088 3616  DcomLaunch - ok
13:12:31.0135 3616  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:12:31.0135 3616  DfsC - ok
13:12:31.0353 3616  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
13:12:31.0431 3616  DFSR - ok
13:12:31.0493 3616  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:12:31.0493 3616  Dhcp - ok
13:12:31.0525 3616  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
13:12:31.0525 3616  disk - ok
13:12:31.0587 3616  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:12:31.0587 3616  Dnscache - ok
13:12:31.0665 3616  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:12:31.0665 3616  dot3svc - ok
13:12:31.0743 3616  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
13:12:31.0743 3616  DPS - ok
13:12:31.0790 3616  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:12:31.0790 3616  drmkaud - ok
13:12:31.0852 3616  [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:12:31.0852 3616  DXGKrnl - ok
13:12:31.0946 3616  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:12:31.0961 3616  E1G60 - ok
13:12:31.0993 3616  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:12:32.0008 3616  EapHost - ok
13:12:32.0071 3616  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:12:32.0102 3616  Ecache - ok
13:12:32.0227 3616  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:12:32.0242 3616  ehRecvr - ok
13:12:32.0258 3616  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
13:12:32.0258 3616  ehSched - ok
13:12:32.0289 3616  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
13:12:32.0289 3616  ehstart - ok
13:12:32.0383 3616  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:12:32.0429 3616  elxstor - ok
13:12:32.0601 3616  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:12:32.0601 3616  EMDMgmt - ok
13:12:32.0663 3616  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:12:32.0679 3616  ErrDev - ok
13:12:32.0757 3616  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
13:12:32.0757 3616  EventSystem - ok
13:12:33.0022 3616  [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:12:33.0038 3616  EvtEng - ok
13:12:33.0100 3616  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
13:12:33.0100 3616  exfat - ok
13:12:33.0163 3616  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:12:33.0178 3616  fastfat - ok
13:12:33.0209 3616  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:12:33.0209 3616  fdc - ok
13:12:33.0241 3616  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:12:33.0241 3616  fdPHost - ok
13:12:33.0256 3616  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:12:33.0256 3616  FDResPub - ok
13:12:33.0272 3616  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:12:33.0272 3616  FileInfo - ok
13:12:33.0303 3616  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:12:33.0303 3616  Filetrace - ok
13:12:33.0319 3616  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:33.0319 3616  flpydisk - ok
13:12:33.0365 3616  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:12:33.0365 3616  FltMgr - ok
13:12:33.0443 3616  [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache       C:\Windows\system32\FntCache.dll
13:12:33.0443 3616  FontCache - ok
13:12:33.0584 3616  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:12:33.0615 3616  FontCache3.0.0.0 - ok
13:12:33.0709 3616  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:12:33.0709 3616  Fs_Rec - ok
13:12:33.0802 3616  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:12:33.0849 3616  gagp30kx - ok
13:12:33.0974 3616  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:12:33.0974 3616  GEARAspiWDM - ok
13:12:34.0114 3616  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:12:34.0114 3616  gpsvc - ok
13:12:34.0255 3616  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:12:34.0255 3616  gupdate - ok
13:12:34.0255 3616  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:12:34.0270 3616  gupdatem - ok
13:12:34.0442 3616  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:12:34.0473 3616  HdAudAddService - ok
13:12:34.0582 3616  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:34.0582 3616  HDAudBus - ok
13:12:34.0645 3616  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:12:34.0645 3616  HidBth - ok
13:12:34.0723 3616  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:12:34.0738 3616  HidIr - ok
13:12:34.0847 3616  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
13:12:34.0847 3616  hidserv - ok
13:12:34.0925 3616  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:12:34.0925 3616  HidUsb - ok
13:12:35.0019 3616  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:12:35.0019 3616  hkmsvc - ok
13:12:35.0050 3616  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:12:35.0066 3616  HpCISSs - ok
13:12:35.0113 3616  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:12:35.0113 3616  HTTP - ok
13:12:35.0191 3616  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:12:35.0191 3616  i2omp - ok
13:12:35.0269 3616  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:35.0269 3616  i8042prt - ok
13:12:35.0315 3616  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:12:35.0331 3616  iaStorV - ok
13:12:35.0518 3616  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:12:35.0565 3616  idsvc - ok
13:12:35.0596 3616  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:12:35.0612 3616  iirsp - ok
13:12:35.0705 3616  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:12:35.0721 3616  IKEEXT - ok
13:12:36.0173 3616  [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:12:36.0189 3616  IntcAzAudAddService - ok
13:12:36.0236 3616  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:12:36.0251 3616  intelide - ok
13:12:36.0283 3616  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:12:36.0283 3616  intelppm - ok
13:12:36.0345 3616  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:12:36.0345 3616  IPBusEnum - ok
13:12:36.0392 3616  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:36.0392 3616  IpFilterDriver - ok
13:12:36.0423 3616  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:12:36.0423 3616  iphlpsvc - ok
13:12:36.0423 3616  IpInIp - ok
13:12:36.0454 3616  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:12:36.0470 3616  IPMIDRV - ok
13:12:36.0501 3616  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:12:36.0532 3616  IPNAT - ok
13:12:36.0610 3616  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:12:36.0673 3616  iPod Service - ok
13:12:36.0704 3616  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:12:36.0704 3616  IRENUM - ok
13:12:36.0782 3616  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:12:36.0782 3616  isapnp - ok
13:12:36.0860 3616  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:36.0860 3616  iScsiPrt - ok
13:12:36.0891 3616  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:12:36.0907 3616  iteatapi - ok
13:12:36.0953 3616  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:12:36.0953 3616  iteraid - ok
13:12:36.0969 3616  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:36.0969 3616  kbdclass - ok
13:12:37.0016 3616  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:12:37.0016 3616  kbdhid - ok
13:12:37.0063 3616  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
13:12:37.0063 3616  KeyIso - ok
13:12:37.0109 3616  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
13:12:37.0109 3616  KMDFMEMIO - ok
13:12:37.0172 3616  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:12:37.0203 3616  KSecDD - ok
13:12:37.0265 3616  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:12:37.0343 3616  KtmRm - ok
13:12:37.0421 3616  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:12:37.0421 3616  LanmanServer - ok
13:12:37.0484 3616  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:12:37.0484 3616  LanmanWorkstation - ok
13:12:37.0593 3616  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:12:37.0593 3616  lltdio - ok
13:12:37.0671 3616  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:12:37.0687 3616  lltdsvc - ok
13:12:37.0718 3616  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:12:37.0733 3616  lmhosts - ok
13:12:37.0796 3616  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:12:37.0796 3616  LSI_FC - ok
13:12:37.0858 3616  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:12:37.0874 3616  LSI_SAS - ok
13:12:37.0952 3616  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:12:37.0983 3616  LSI_SCSI - ok
13:12:38.0014 3616  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
13:12:38.0030 3616  luafv - ok
13:12:38.0061 3616  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:12:38.0061 3616  MBAMProtector - ok
13:12:38.0389 3616  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:12:38.0404 3616  MBAMScheduler - ok
13:12:38.0669 3616  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:12:38.0685 3616  MBAMService - ok
13:12:38.0857 3616  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:12:38.0919 3616  McNASvc - ok
13:12:38.0981 3616  [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:12:38.0981 3616  McProxy - ok
13:12:39.0137 3616  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:12:39.0153 3616  Mcx2Svc - ok
13:12:39.0278 3616  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:12:39.0309 3616  megasas - ok
13:12:39.0465 3616  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:12:39.0621 3616  MegaSR - ok
13:12:39.0683 3616  [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
13:12:39.0730 3616  mfeapfk - ok
13:12:39.0855 3616  [ D1E998748BA24A731106611D535C6BBF ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
13:12:39.0871 3616  mfehidk - ok
13:12:39.0933 3616  [ 2B8DFC60EDDDAA33EB5E9F7C91B48ACD ] mfevtp          C:\Windows\system32\mfevtps.exe
13:12:39.0933 3616  mfevtp - ok
13:12:40.0011 3616  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
13:12:40.0011 3616  MMCSS - ok
13:12:40.0027 3616  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
13:12:40.0027 3616  Modem - ok
13:12:40.0105 3616  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:12:40.0105 3616  monitor - ok
13:12:40.0136 3616  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:12:40.0136 3616  mouclass - ok
13:12:40.0167 3616  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:12:40.0167 3616  mouhid - ok
13:12:40.0214 3616  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:12:40.0214 3616  MountMgr - ok
13:12:40.0307 3616  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:12:40.0307 3616  MozillaMaintenance - ok
13:12:40.0370 3616  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:12:40.0370 3616  mpio - ok
13:12:40.0417 3616  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:12:40.0417 3616  mpsdrv - ok
13:12:40.0557 3616  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:12:40.0557 3616  MpsSvc - ok
13:12:40.0619 3616  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:12:40.0635 3616  Mraid35x - ok
13:12:40.0682 3616  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:12:40.0682 3616  MRxDAV - ok
13:12:40.0697 3616  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:40.0697 3616  mrxsmb - ok
13:12:40.0791 3616  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:40.0791 3616  mrxsmb10 - ok
13:12:40.0838 3616  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:40.0838 3616  mrxsmb20 - ok
13:12:40.0900 3616  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:12:40.0900 3616  msahci - ok
13:12:40.0931 3616  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:12:40.0931 3616  msdsm - ok
13:12:40.0978 3616  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
13:12:40.0994 3616  MSDTC - ok
13:12:41.0025 3616  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:12:41.0025 3616  Msfs - ok
13:12:41.0041 3616  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:12:41.0041 3616  msisadrv - ok
13:12:41.0087 3616  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:12:41.0228 3616  MSiSCSI - ok
13:12:41.0243 3616  msiserver - ok
13:12:41.0337 3616  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:12:41.0337 3616  MSKSSRV - ok
13:12:41.0415 3616  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:41.0415 3616  MSPCLOCK - ok
13:12:41.0462 3616  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:12:41.0462 3616  MSPQM - ok
13:12:41.0509 3616  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:12:41.0524 3616  MsRPC - ok
13:12:41.0555 3616  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:12:41.0555 3616  mssmbios - ok
13:12:41.0649 3616  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:12:41.0649 3616  MSTEE - ok
13:12:41.0696 3616  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:12:41.0711 3616  Mup - ok
13:12:41.0758 3616  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
13:12:41.0758 3616  napagent - ok
13:12:41.0821 3616  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:12:41.0821 3616  NativeWifiP - ok
13:12:41.0883 3616  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:12:41.0977 3616  NDIS - ok
13:12:42.0008 3616  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:42.0008 3616  NdisTapi - ok
13:12:42.0055 3616  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:42.0055 3616  Ndisuio - ok
13:12:42.0086 3616  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:42.0086 3616  NdisWan - ok
13:12:42.0133 3616  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:12:42.0133 3616  NDProxy - ok
13:12:42.0179 3616  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:12:42.0179 3616  NetBIOS - ok
13:12:42.0242 3616  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:12:42.0242 3616  netbt - ok
13:12:42.0257 3616  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
13:12:42.0257 3616  Netlogon - ok
13:12:42.0320 3616  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
13:12:42.0320 3616  Netman - ok
13:12:42.0367 3616  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
13:12:42.0367 3616  netprofm - ok
13:12:42.0429 3616  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:12:42.0445 3616  NetTcpPortSharing - ok
13:12:42.0476 3616  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:12:42.0476 3616  nfrd960 - ok
13:12:42.0554 3616  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:12:42.0554 3616  NlaSvc - ok
13:12:42.0601 3616  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:12:42.0601 3616  Npfs - ok
13:12:42.0632 3616  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
13:12:42.0632 3616  nsi - ok
13:12:42.0679 3616  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:12:42.0679 3616  nsiproxy - ok
13:12:42.0803 3616  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:12:42.0866 3616  Ntfs - ok
13:12:42.0928 3616  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:12:42.0928 3616  ntrigdigi - ok
13:12:42.0959 3616  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
13:12:42.0959 3616  Null - ok
13:12:43.0037 3616  [ B4F70FAC4EA61CF150823AA063A39FF9 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
13:12:43.0037 3616  NVHDA - ok
13:12:43.0771 3616  [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:12:43.0849 3616  nvlddmkm - ok
13:12:43.0895 3616  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:12:43.0895 3616  nvraid - ok
13:12:43.0927 3616  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:12:43.0942 3616  nvstor - ok
13:12:43.0989 3616  [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:12:43.0989 3616  nvsvc - ok
13:12:44.0020 3616  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:12:44.0051 3616  nv_agp - ok
13:12:44.0051 3616  NwlnkFlt - ok
13:12:44.0067 3616  NwlnkFwd - ok
13:12:44.0192 3616  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:12:44.0254 3616  odserv - ok
13:12:44.0285 3616  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:12:44.0301 3616  ohci1394 - ok
13:12:44.0379 3616  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:12:44.0379 3616  ose - ok
13:12:44.0504 3616  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:12:44.0519 3616  p2pimsvc - ok
13:12:44.0566 3616  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:12:44.0566 3616  p2psvc - ok
13:12:44.0613 3616  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
13:12:44.0613 3616  Parport - ok
13:12:44.0675 3616  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:12:44.0675 3616  partmgr - ok
13:12:44.0691 3616  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:12:44.0707 3616  Parvdm - ok
13:12:44.0738 3616  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:12:44.0738 3616  PcaSvc - ok
13:12:44.0816 3616  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
13:12:44.0831 3616  pci - ok
13:12:44.0878 3616  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
13:12:44.0878 3616  pciide - ok
13:12:44.0941 3616  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:12:44.0941 3616  pcmcia - ok
13:12:45.0034 3616  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:12:45.0050 3616  PEAUTH - ok
13:12:45.0159 3616  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
13:12:45.0175 3616  pla - ok
13:12:45.0206 3616  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:12:45.0221 3616  PlugPlay - ok
13:12:45.0299 3616  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:12:45.0299 3616  PNRPAutoReg - ok
13:12:45.0346 3616  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:12:45.0362 3616  PNRPsvc - ok
13:12:45.0409 3616  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:12:45.0409 3616  PolicyAgent - ok
13:12:45.0455 3616  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:12:45.0455 3616  PptpMiniport - ok
13:12:45.0487 3616  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
13:12:45.0487 3616  Processor - ok
13:12:45.0565 3616  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:12:45.0580 3616  ProfSvc - ok
13:12:45.0611 3616  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:12:45.0611 3616  ProtectedStorage - ok
13:12:45.0658 3616  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:12:45.0658 3616  PSched - ok
13:12:45.0752 3616  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:12:45.0845 3616  ql2300 - ok
13:12:45.0861 3616  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:12:45.0877 3616  ql40xx - ok
13:12:45.0923 3616  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
13:12:45.0923 3616  QWAVE - ok
13:12:45.0970 3616  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:12:45.0970 3616  QWAVEdrv - ok
13:12:45.0986 3616  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:12:45.0986 3616  RasAcd - ok
13:12:46.0033 3616  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
13:12:46.0033 3616  RasAuto - ok
13:12:46.0079 3616  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:46.0079 3616  Rasl2tp - ok
13:12:46.0111 3616  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
13:12:46.0126 3616  RasMan - ok
13:12:46.0173 3616  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:46.0173 3616  RasPppoe - ok
13:12:46.0220 3616  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:12:46.0220 3616  RasSstp - ok
13:12:46.0251 3616  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:12:46.0251 3616  rdbss - ok
13:12:46.0313 3616  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:46.0313 3616  RDPCDD - ok
13:12:46.0360 3616  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:12:46.0360 3616  rdpdr - ok
13:12:46.0391 3616  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:12:46.0391 3616  RDPENCDD - ok
13:12:46.0438 3616  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:12:46.0438 3616  RDPWD - ok
13:12:46.0516 3616  [ C96980CCCF84329824623B0B50383703 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:12:46.0532 3616  RegSrvc - ok
13:12:46.0579 3616  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:12:46.0579 3616  RemoteAccess - ok
13:12:46.0625 3616  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:12:46.0625 3616  RemoteRegistry - ok
13:12:46.0657 3616  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:12:46.0672 3616  RpcLocator - ok
13:12:46.0813 3616  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
13:12:46.0828 3616  RpcSs - ok
13:12:46.0922 3616  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:12:46.0922 3616  rspndr - ok
13:12:46.0953 3616  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
13:12:46.0953 3616  SamSs - ok
13:12:47.0000 3616  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:12:47.0015 3616  sbp2port - ok
13:12:47.0062 3616  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:12:47.0062 3616  SCardSvr - ok
13:12:47.0187 3616  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
13:12:47.0187 3616  Schedule - ok
13:12:47.0281 3616  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:12:47.0281 3616  SCPolicySvc - ok
13:12:47.0343 3616  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:12:47.0343 3616  SDRSVC - ok
13:12:47.0405 3616  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:12:47.0405 3616  secdrv - ok
13:12:47.0452 3616  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
13:12:47.0452 3616  seclogon - ok
13:12:47.0515 3616  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
13:12:47.0515 3616  SENS - ok
13:12:47.0546 3616  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:12:47.0546 3616  Serenum - ok
13:12:47.0577 3616  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
13:12:47.0577 3616  Serial - ok
13:12:47.0639 3616  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:12:47.0655 3616  sermouse - ok
13:12:47.0702 3616  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:12:47.0702 3616  SessionEnv - ok
13:12:47.0749 3616  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:12:47.0780 3616  sffdisk - ok
13:12:47.0795 3616  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:12:47.0795 3616  sffp_mmc - ok
13:12:47.0842 3616  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:12:47.0842 3616  sffp_sd - ok
13:12:47.0873 3616  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:12:47.0873 3616  sfloppy - ok
13:12:47.0951 3616  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:12:47.0951 3616  SharedAccess - ok
13:12:47.0998 3616  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:12:47.0998 3616  ShellHWDetection - ok
13:12:48.0029 3616  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:12:48.0029 3616  sisagp - ok
13:12:48.0076 3616  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:12:48.0107 3616  SiSRaid2 - ok
13:12:48.0139 3616  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:12:48.0139 3616  SiSRaid4 - ok
13:12:48.0248 3616  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:12:48.0248 3616  SkypeUpdate - ok
13:12:48.0544 3616  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
13:12:48.0575 3616  slsvc - ok
13:12:48.0638 3616  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:12:48.0638 3616  SLUINotify - ok
13:12:48.0685 3616  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:12:48.0685 3616  Smb - ok
13:12:48.0747 3616  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:12:48.0747 3616  SNMPTRAP - ok
13:12:48.0794 3616  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
13:12:48.0794 3616  spldr - ok
13:12:48.0856 3616  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
13:12:48.0856 3616  Spooler - ok
13:12:48.0919 3616  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:12:48.0919 3616  srv - ok
13:12:48.0981 3616  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:12:48.0981 3616  srv2 - ok
13:12:49.0028 3616  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:12:49.0028 3616  srvnet - ok
13:12:49.0075 3616  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:12:49.0075 3616  SSDPSRV - ok
13:12:49.0121 3616  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:12:49.0121 3616  SstpSvc - ok
13:12:49.0231 3616  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
13:12:49.0231 3616  stisvc - ok
13:12:49.0293 3616  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:12:49.0293 3616  swenum - ok
13:12:49.0371 3616  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
13:12:49.0371 3616  swprv - ok
13:12:49.0527 3616  [ CD77FD9B0071D2F36B14CC23DDE1AAD0 ] SXDS10          C:\Program Files\Common Files\soft Xpansion\sxds10.exe
13:12:49.0901 3616  SXDS10 - ok
13:12:49.0933 3616  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:12:49.0948 3616  Symc8xx - ok
13:12:49.0995 3616  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:12:50.0026 3616  Sym_hi - ok
13:12:50.0057 3616  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:12:50.0057 3616  Sym_u3 - ok
13:12:50.0151 3616  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
13:12:50.0151 3616  SysMain - ok
13:12:50.0260 3616  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:12:50.0260 3616  TabletInputService - ok
13:12:50.0354 3616  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:12:50.0354 3616  TapiSrv - ok
13:12:50.0369 3616  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
13:12:50.0385 3616  TBS - ok
13:12:50.0479 3616  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:12:50.0666 3616  Tcpip - ok
13:12:50.0728 3616  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:12:50.0728 3616  Tcpip6 - ok
13:12:50.0822 3616  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:12:50.0822 3616  tcpipreg - ok
13:12:50.0869 3616  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:12:50.0884 3616  TDPIPE - ok
13:12:50.0915 3616  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:12:50.0931 3616  TDTCP - ok
13:12:50.0993 3616  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:12:50.0993 3616  tdx - ok
13:12:51.0025 3616  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:12:51.0025 3616  TermDD - ok
13:12:51.0134 3616  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
13:12:51.0134 3616  TermService - ok
13:12:51.0181 3616  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
13:12:51.0181 3616  Themes - ok
13:12:51.0181 3616  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:12:51.0196 3616  THREADORDER - ok
13:12:51.0243 3616  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
13:12:51.0243 3616  TrkWks - ok
13:12:51.0290 3616  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:12:51.0290 3616  TrustedInstaller - ok
13:12:51.0368 3616  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:51.0368 3616  tssecsrv - ok
13:12:51.0430 3616  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:12:51.0430 3616  tunmp - ok
13:12:51.0493 3616  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:12:51.0493 3616  tunnel - ok
13:12:51.0524 3616  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:12:51.0524 3616  uagp35 - ok
13:12:51.0617 3616  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:12:51.0711 3616  udfs - ok
13:12:51.0758 3616  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:12:51.0758 3616  UI0Detect - ok
13:12:51.0789 3616  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:12:51.0820 3616  uliagpkx - ok
13:12:51.0867 3616  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:12:51.0914 3616  uliahci - ok
13:12:51.0945 3616  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:12:51.0945 3616  UlSata - ok
13:12:52.0023 3616  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:12:52.0070 3616  ulsata2 - ok
13:12:52.0101 3616  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:12:52.0101 3616  umbus - ok
13:12:52.0179 3616  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
13:12:52.0195 3616  upnphost - ok
13:12:52.0288 3616  [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:52.0288 3616  usbccgp - ok
13:12:52.0647 3616  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:12:52.0678 3616  usbcir - ok
13:12:52.0725 3616  [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:12:52.0741 3616  usbehci - ok
13:12:52.0897 3616  [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:12:52.0897 3616  usbhub - ok
13:12:53.0021 3616  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:12:53.0037 3616  usbohci - ok
13:12:53.0224 3616  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:12:53.0240 3616  usbprint - ok
13:12:53.0302 3616  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:53.0349 3616  USBSTOR - ok
13:12:53.0380 3616  [ 44056325428A8E4C755830426E29878F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:12:53.0380 3616  usbuhci - ok
13:12:53.0474 3616  [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:12:53.0474 3616  usbvideo - ok
13:12:53.0521 3616  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
13:12:53.0536 3616  UxSms - ok
13:12:53.0583 3616  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
13:12:53.0599 3616  vds - ok
13:12:53.0661 3616  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:53.0661 3616  vga - ok
13:12:53.0692 3616  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:12:53.0692 3616  VgaSave - ok
13:12:53.0723 3616  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:12:53.0723 3616  viaagp - ok
13:12:53.0755 3616  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:12:53.0770 3616  ViaC7 - ok
13:12:53.0817 3616  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
13:12:53.0817 3616  viaide - ok
13:12:53.0864 3616  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:12:53.0895 3616  volmgr - ok
13:12:53.0942 3616  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:12:53.0973 3616  volmgrx - ok
13:12:54.0035 3616  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:12:54.0067 3616  volsnap - ok
13:12:54.0113 3616  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:12:54.0129 3616  vsmraid - ok
13:12:54.0254 3616  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
13:12:54.0285 3616  VSS - ok
13:12:54.0347 3616  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
13:12:54.0363 3616  W32Time - ok
13:12:54.0410 3616  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:12:54.0410 3616  WacomPen - ok
13:12:54.0457 3616  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:12:54.0457 3616  Wanarp - ok
13:12:54.0472 3616  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:12:54.0488 3616  Wanarpv6 - ok
13:12:54.0535 3616  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:12:54.0535 3616  wcncsvc - ok
13:12:54.0597 3616  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:12:54.0597 3616  WcsPlugInService - ok
13:12:54.0675 3616  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
13:12:54.0675 3616  Wd - ok
13:12:54.0769 3616  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:12:54.0769 3616  Wdf01000 - ok
13:12:54.0784 3616  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:12:54.0800 3616  WdiServiceHost - ok
13:12:54.0800 3616  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:12:54.0800 3616  WdiSystemHost - ok
13:12:54.0862 3616  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
13:12:54.0878 3616  WebClient - ok
13:12:54.0940 3616  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:12:54.0940 3616  Wecsvc - ok
13:12:54.0971 3616  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:12:54.0971 3616  wercplsupport - ok
13:12:55.0003 3616  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:12:55.0018 3616  WerSvc - ok
13:12:55.0112 3616  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:12:55.0159 3616  WinDefend - ok
13:12:55.0159 3616  WinHttpAutoProxySvc - ok
13:12:55.0268 3616  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:12:55.0268 3616  Winmgmt - ok
13:12:55.0471 3616  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:12:55.0486 3616  WinRM - ok
13:12:55.0564 3616  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:12:55.0564 3616  Wlansvc - ok
13:12:55.0767 3616  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:12:55.0798 3616  wlidsvc - ok
13:12:55.0845 3616  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:12:55.0845 3616  WmiAcpi - ok
13:12:55.0892 3616  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:12:55.0892 3616  wmiApSrv - ok
13:12:56.0453 3616  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:12:56.0469 3616  WMPNetworkSvc - ok
13:12:56.0531 3616  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:12:56.0531 3616  WPCSvc - ok
13:12:56.0563 3616  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:12:56.0578 3616  WPDBusEnum - ok
13:12:56.0859 3616  [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:12:56.0890 3616  WPFFontCache_v0400 - ok
13:12:56.0953 3616  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:12:56.0953 3616  ws2ifsl - ok
13:12:57.0015 3616  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
13:12:57.0015 3616  wscsvc - ok
13:12:57.0031 3616  WSearch - ok
13:12:57.0389 3616  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:12:57.0405 3616  wuauserv - ok
13:12:57.0530 3616  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:12:57.0577 3616  WudfPf - ok
13:12:57.0701 3616  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:57.0764 3616  WUDFRd - ok
13:12:57.0811 3616  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:12:57.0842 3616  wudfsvc - ok
13:12:57.0967 3616  [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
13:12:57.0967 3616  yukonwlh - ok
13:12:58.0060 3616  ================ Scan global ===============================
13:12:58.0263 3616  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:12:58.0874 3616  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:12:58.0943 3616  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:12:59.0035 3616  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:12:59.0041 3616  [Global] - ok
13:12:59.0041 3616  ================ Scan MBR ==================================
13:12:59.0065 3616  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
13:13:01.0459 3616  \Device\Harddisk0\DR0 - ok
13:13:01.0459 3616  ================ Scan VBR ==================================
13:13:01.0490 3616  [ 52A7C86CADD8EE821359ACF4A2E22203 ] \Device\Harddisk0\DR0\Partition1
13:13:01.0506 3616  \Device\Harddisk0\DR0\Partition1 - ok
13:13:01.0537 3616  [ 24CA742ADC9A9E55FAC882AAE8AA1358 ] \Device\Harddisk0\DR0\Partition2
13:13:01.0552 3616  \Device\Harddisk0\DR0\Partition2 - ok
13:13:01.0552 3616  ============================================================
13:13:01.0552 3616  Scan finished
13:13:01.0552 3616  ============================================================
13:13:01.0568 3608  Detected object count: 0
13:13:01.0568 3608  Actual detected object count: 0

sasa1 · 12.12.2013, 13:48

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013 01
Ran by Lara (administrator) on LARA-PC on 12-12-2013 13:14:48
Running from C:\Users\Lara\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Kaspersky Lab ZAO) C:\Users\Lara\AppData\Local\temp\DA2F7A98-7F0B-4996-9F79-EBAC7CCE0F23.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [EMET Notifier] - C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [MRT] - C:\Windows\System32\mrt.exe [88123800 2013-12-01] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zeit.de/index
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC02600405276CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {80217218-29AD-4019-BA0B-7F102706CC36} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.zeit.de/index
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: EPUBReader - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-0FHdJAAQ7Nb73Q - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi
FF Extension: prefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF Extension: bprivacyprefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.zeit.de/index"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Awesome XKCD Widget [ANTP]) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigeakmkgpgffiojjihhjlggonmomacp\2012.134.4.0_0
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Marble) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool\1.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (You are Awesome) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkhopfdenimipdamjmfpijifmmpnakpc\8.2_0
CHR Extension: (Skype Click to Call) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0
CHR Extension: (Google Wallet) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [229520 2011-12-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 13:09 - 2013-12-12 13:09 - 00000000 ___DC C:\TDSSKiller_Quarantine
2013-12-11 14:05 - 2013-12-11 14:05 - 00000000 ____D C:\Users\Lara\Downloads\tdsskiller
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller.zip
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller (1).zip
2013-12-11 14:01 - 2013-12-11 14:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lara\Downloads\tdsskiller.exe
2013-12-11 13:55 - 2013-12-11 13:55 - 00000000 ___DC C:\FRST
2013-12-11 03:06 - 2013-12-11 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 03:02 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 03:02 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 03:02 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 03:02 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 03:02 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 03:02 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 03:02 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 03:02 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 03:02 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 03:02 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 03:02 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 03:02 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 03:02 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 02:58 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-11 02:57 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-11 02:57 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-11 02:57 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-11 02:57 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-11 02:57 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-11 02:57 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-11 02:57 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-12-11 02:08 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 01:48 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 01:48 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-11 01:48 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-11 01:48 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-11 01:48 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-11 01:48 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-11 01:48 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-11 01:48 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 01:48 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-11 01:48 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-11 01:48 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-11 01:48 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-12-11 01:48 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-11 01:48 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-11 01:48 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-11 01:47 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 01:47 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 01:47 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 01:47 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 01:47 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 01:47 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 01:47 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 01:47 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 01:47 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-11 01:47 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-11 01:47 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 01:47 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-11 01:47 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-11 01:47 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-11 01:47 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-11 01:47 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-11 01:47 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-11 01:47 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-11 01:47 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-12-11 01:47 - 2013-03-03 20:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-11 01:47 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-12-11 01:47 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-11 01:47 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-12-11 01:47 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-11 01:47 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-12-11 01:47 - 2012-09-28 17:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-11 01:47 - 2012-08-21 12:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-12-11 01:47 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-11 01:47 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-11 01:47 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-11 01:46 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 01:46 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-11 01:46 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-11 01:46 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-12-11 01:46 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-11 01:46 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-12-11 01:46 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-11 01:46 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-11 01:46 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-11 01:46 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-11 01:46 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-11 01:46 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-11 01:46 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-11 01:46 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-11 01:46 - 2013-03-09 04:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-11 01:46 - 2013-03-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-11 01:46 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-11 01:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-11 01:45 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-11 01:45 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-11 01:45 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-11 01:45 - 2013-03-08 04:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-11 01:45 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-11 01:45 - 2013-02-12 02:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-11 01:40 - 2013-12-11 01:56 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:32 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-11 01:32 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-11 01:32 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2009-12-18 00:02 - 01203712 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2013-12-11 01:07 - 2009-05-01 02:14 - 00000589 _____ C:\Windows\dsetup.iss
2013-12-11 01:07 - 2009-03-19 04:31 - 02821120 _____ (Askey Computer Corporation.) C:\Windows\system32\AInst3141.exe
2013-12-11 01:07 - 2004-09-28 02:27 - 00000874 _____ C:\Windows\system32\WLL3141.cfgx
2013-12-11 00:39 - 2013-12-11 01:08 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:05 - 2013-12-11 04:21 - 00001276 _____ C:\Windows\PFRO.log
2013-12-10 11:56 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-10 11:56 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-10 11:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-10 11:51 - 2013-12-10 11:52 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:49 - 2013-12-12 13:14 - 01899568 _____ C:\Windows\WindowsUpdate.log
2013-12-10 02:29 - 2013-12-12 13:14 - 00019940 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-10 02:29 - 2013-12-11 14:28 - 00021753 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-10 02:28 - 2013-12-11 13:57 - 00000000 ___DC C:\Users\Lara\Desktop\FRST
2013-12-10 02:28 - 2013-12-11 02:08 - 01061389 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

2013-12-12 13:15 - 2013-12-10 02:29 - 00019940 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-12 13:14 - 2013-12-10 11:49 - 01899568 _____ C:\Windows\WindowsUpdate.log
2013-12-12 13:12 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.dat
2013-12-12 13:12 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.001
2013-12-12 13:11 - 2011-02-25 15:31 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 13:11 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 13:11 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 13:11 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 13:10 - 2011-02-07 18:02 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-12-12 13:10 - 2006-11-02 14:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-12 13:09 - 2013-12-12 13:09 - 00000000 ___DC C:\TDSSKiller_Quarantine
2013-12-11 14:34 - 2011-02-07 14:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000UA.job
2013-12-11 14:31 - 2012-04-01 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 14:28 - 2013-12-10 02:29 - 00021753 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-11 14:05 - 2013-12-11 14:05 - 00000000 ____D C:\Users\Lara\Downloads\tdsskiller
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller.zip
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller (1).zip
2013-12-11 14:02 - 2013-12-11 14:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lara\Downloads\tdsskiller.exe
2013-12-11 13:57 - 2013-12-10 02:28 - 00000000 ___DC C:\Users\Lara\Desktop\FRST
2013-12-11 13:55 - 2013-12-11 13:55 - 00000000 ___DC C:\FRST
2013-12-11 13:55 - 2011-02-25 15:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 13:54 - 2008-01-21 08:16 - 01453972 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 04:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-12-11 04:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 04:21 - 2013-12-10 12:05 - 00001276 _____ C:\Windows\PFRO.log
2013-12-11 04:02 - 2011-01-28 23:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-11 04:01 - 2006-11-02 13:47 - 00398704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 03:58 - 2011-02-25 16:03 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-11 03:58 - 2008-01-21 08:15 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-12-11 03:58 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-12-11 03:58 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-11 03:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 03:51 - 2011-02-09 15:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-11 03:44 - 2011-04-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 03:06 - 2013-12-11 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 02:57 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini
2013-12-11 02:34 - 2011-02-07 14:50 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000Core.job
2013-12-11 02:31 - 2012-04-01 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 02:31 - 2011-06-21 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 02:08 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:08 - 2013-12-10 02:28 - 01061389 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 01:56 - 2013-12-11 01:40 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:56 - 2011-02-07 18:37 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:15 - 2013-01-05 03:26 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2013-12-11 01:08 - 2013-12-11 00:39 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2011-01-28 18:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-11 01:07 - 2011-01-28 05:11 - 00000000 ____D C:\Users\Lara
2013-12-10 13:14 - 2011-02-25 16:02 - 00000000 ____D C:\Program Files\Realtek
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:12 - 2012-07-13 04:04 - 00000000 ___DC C:\Qoobox
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-10 12:10 - 2012-07-13 04:04 - 00000000 ____D C:\Windows\erdnt
2013-12-10 12:06 - 2006-11-02 11:23 - 00000215 ____C C:\Windows\system.ini
2013-12-10 11:52 - 2013-12-10 11:51 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:42 - 2011-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2013-12-10 02:36 - 2011-02-07 14:52 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe
2013-12-01 14:42 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-19 03:33 - 2011-02-07 15:00 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-15 00:13 - 2013-12-11 03:02 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 23:50 - 2013-12-11 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 23:50 - 2013-12-11 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 23:43 - 2013-12-11 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 23:42 - 2013-12-11 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 23:42 - 2013-12-11 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 23:41 - 2013-12-11 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 23:40 - 2013-12-11 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 23:38 - 2013-12-11 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 23:38 - 2013-12-11 03:02 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 23:38 - 2013-12-11 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 23:37 - 2013-12-11 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 23:36 - 2013-12-11 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 23:36 - 2013-12-11 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 23:35 - 2013-12-11 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 23:32 - 2013-12-11 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Some content of TEMP:
====================
C:\Users\Lara\AppData\Local\temp\DA2F7A98-7F0B-4996-9F79-EBAC7CCE0F23.exe
C:\Users\Lara\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-11 13:54


==================== End Of Log ============================

--- --- ---

schrauber · 13.12.2013, 09:16

Viel besser

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

sasa1 · 16.12.2013, 15:43

Beim ersten scannen hat mir eset nur das als log gegeben (die gefundenen Viren, hab ich beim 2. Mal dann entfernen lassen)

Code:

ATTFilter

C:\FRST\Quarantine\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@	Win32/Conedex.K trojan
C:\Qoobox\Quarantine\C\ProgramData\Codecv\uninstall.exe.vir	Win32/Adware.MultiPlug.A application
C:\Qoobox\Quarantine\C\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\00000001.@.vir	Win32/Conedex.R trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{5d96d0aa-55cc-4e45-dbc4-569667e6d76d}\U\80000000.@.vir	Win32/Sirefef.FA trojan
C:\TDSSKiller_Quarantine\12.12.2013_13.08.39\zasubsys0000\file0000\tsk0000.dta	Win32/Sirefef.FB.Gen trojan
C:\Users\Lara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d5bab0c-7ec032f3	a variant of Java/Agent.FX trojan
C:\Users\Lara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\216beb94-1744761d	a variant of Java/Exploit.CVE-2012-1723.R trojan
C:\Users\Lara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3ad8d7a8-1b26fce1	Java/Exploit.Agent.NBN trojan

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
McAfee  Anti-Virus und Anti-Spyware   
ESET NOD32 Antivirus 7.0              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java version out of Date! 
 Adobe Flash Player 	11.9.900.170  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (26.0) 
 Google Chrome 23.0.1271.97  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-12-2013 02
Ran by Lara (administrator) on LARA-PC on 16-12-2013 15:11:16
Running from C:\Users\Lara\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [EMET Notifier] - C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [MRT] - C:\Windows\System32\mrt.exe [88123800 2013-12-01] (Microsoft Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-07] (Google Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zeit.de/index
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC02600405276CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {80217218-29AD-4019-BA0B-7F102706CC36} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default
FF Homepage: hxxp://www.zeit.de/index
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: EPUBReader - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: DownloadHelper - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: jid1-0FHdJAAQ7Nb73Q - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi
FF Extension: prefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF Extension: bprivacyprefs - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\mky5g0nt.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.zeit.de/index"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Lara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Awesome XKCD Widget [ANTP]) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigeakmkgpgffiojjihhjlggonmomacp\2012.134.4.0_0
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Marble) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool\1.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (You are Awesome) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkhopfdenimipdamjmfpijifmmpnakpc\8.2_0
CHR Extension: (Skype Click to Call) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0
CHR Extension: (Google Wallet) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [229520 2011-12-08] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 14:59 - 2013-12-16 14:59 - 00002073 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 02:59 - 2013-12-14 02:59 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 02:58 - 2013-12-14 02:59 - 00000000 ___DC C:\Program Files\iTunes
2013-12-14 02:58 - 2013-12-14 02:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-14 02:58 - 2013-12-14 02:58 - 00000000 ___DC C:\Program Files\iPod
2013-12-14 02:41 - 2013-12-14 02:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-14 01:07 - 2013-12-14 01:07 - 00891200 _____ C:\Users\Lara\Downloads\SecurityCheck.exe
2013-12-14 00:59 - 2013-12-14 00:59 - 00000000 ____D C:\Users\Lara\AppData\Local\ESET
2013-12-14 00:56 - 2013-12-14 00:56 - 01682336 _____ (ESET) C:\Users\Lara\Downloads\eset_nod32_antivirus_live_installer(1).exe
2013-12-14 00:51 - 2013-12-14 00:51 - 00000000 ____D C:\ProgramData\ESET
2013-12-14 00:44 - 2013-12-14 00:44 - 01682336 _____ (ESET) C:\Users\Lara\Downloads\eset_nod32_antivirus_live_installer.exe
2013-12-14 00:32 - 2013-12-14 00:32 - 00000906 _____ C:\Users\Lara\Desktop\eset.txt
2013-12-13 20:13 - 2013-12-14 00:51 - 00000000 ___DC C:\Program Files\ESET
2013-12-12 13:09 - 2013-12-12 13:09 - 00000000 ___DC C:\TDSSKiller_Quarantine
2013-12-11 14:05 - 2013-12-11 14:05 - 00000000 ____D C:\Users\Lara\Downloads\tdsskiller
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller.zip
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller (1).zip
2013-12-11 14:01 - 2013-12-11 14:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lara\Downloads\tdsskiller.exe
2013-12-11 13:55 - 2013-12-16 15:11 - 00000000 ___DC C:\FRST
2013-12-11 03:06 - 2013-12-11 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 03:02 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 03:02 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 03:02 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 03:02 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 03:02 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 03:02 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 03:02 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 03:02 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 03:02 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 03:02 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 03:02 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 03:02 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 03:02 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 03:02 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 02:58 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-11 02:57 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-11 02:57 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-11 02:57 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-11 02:57 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-11 02:57 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-11 02:57 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-11 02:57 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-11 02:57 - 2009-07-14 13:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-12-11 02:08 - 2013-12-16 15:11 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 01:48 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 01:48 - 2013-08-27 03:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-11 01:48 - 2013-08-27 03:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-11 01:48 - 2013-08-27 02:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-11 01:48 - 2013-08-27 02:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-11 01:48 - 2013-08-27 02:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-11 01:48 - 2013-08-27 02:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-11 01:48 - 2013-08-27 02:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-11 01:48 - 2013-08-01 04:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 01:48 - 2013-08-01 03:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-11 01:48 - 2013-07-20 11:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-11 01:48 - 2013-07-05 05:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-11 01:48 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-12-11 01:48 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-11 01:48 - 2012-09-25 17:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-11 01:48 - 2012-05-11 16:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-11 01:47 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-11 01:47 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 01:47 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 01:47 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 01:47 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 01:47 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-11 01:47 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 01:47 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 01:47 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-11 01:47 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-11 01:47 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 01:47 - 2013-07-12 10:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-11 01:47 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-11 01:47 - 2013-06-29 03:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-11 01:47 - 2013-06-29 03:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-11 01:47 - 2013-06-29 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-11 01:47 - 2013-06-29 03:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-11 01:47 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-11 01:47 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-12-11 01:47 - 2013-03-03 20:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-11 01:47 - 2012-11-22 04:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-12-11 01:47 - 2012-11-20 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-11 01:47 - 2012-11-08 04:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-12-11 01:47 - 2012-11-02 11:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-11 01:47 - 2012-11-02 09:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2013-12-11 01:47 - 2012-09-28 17:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-11 01:47 - 2012-08-21 12:47 - 00224640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-12-11 01:47 - 2012-06-29 17:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-11 01:47 - 2011-05-05 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-11 01:47 - 2011-05-05 14:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-11 01:46 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 01:46 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-11 01:46 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-11 01:46 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-12-11 01:46 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-11 01:46 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-12-11 01:46 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-11 01:46 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-11 01:46 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-11 01:46 - 2013-06-27 00:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-11 01:46 - 2013-06-04 05:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-11 01:46 - 2013-06-04 02:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-11 01:46 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-11 01:46 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-11 01:46 - 2013-03-09 04:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-11 01:46 - 2013-03-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-11 01:46 - 2012-11-02 11:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-11 01:45 - 2013-07-04 05:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-11 01:45 - 2013-07-03 03:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-11 01:45 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-11 01:45 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-11 01:45 - 2013-03-08 04:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-11 01:45 - 2013-03-08 04:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-11 01:45 - 2013-02-12 02:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-11 01:40 - 2013-12-11 01:56 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:32 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-11 01:32 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-11 01:32 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2009-12-18 00:02 - 01203712 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2013-12-11 01:07 - 2009-05-01 02:14 - 00000589 _____ C:\Windows\dsetup.iss
2013-12-11 01:07 - 2009-03-19 04:31 - 02821120 _____ (Askey Computer Corporation.) C:\Windows\system32\AInst3141.exe
2013-12-11 01:07 - 2004-09-28 02:27 - 00000874 _____ C:\Windows\system32\WLL3141.cfgx
2013-12-11 00:39 - 2013-12-11 01:08 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:05 - 2013-12-14 16:10 - 00001872 _____ C:\Windows\PFRO.log
2013-12-10 11:56 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-10 11:56 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-10 11:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-10 11:56 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-10 11:51 - 2013-12-10 11:52 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:49 - 2013-12-16 02:29 - 02038256 _____ C:\Windows\WindowsUpdate.log
2013-12-10 02:29 - 2013-12-16 15:11 - 00020731 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-10 02:29 - 2013-12-11 14:28 - 00021753 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-10 02:28 - 2013-12-16 15:11 - 01060997 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-10 02:28 - 2013-12-11 13:57 - 00000000 ___DC C:\Users\Lara\Desktop\FRST
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

2013-12-16 15:11 - 2013-12-11 13:55 - 00000000 ___DC C:\FRST
2013-12-16 15:11 - 2013-12-11 02:08 - 00000000 ____D C:\Users\Lara\Downloads\FRST-OlderVersion
2013-12-16 15:11 - 2013-12-10 02:29 - 00020731 _____ C:\Users\Lara\Downloads\FRST.txt
2013-12-16 15:11 - 2013-12-10 02:28 - 01060997 ____C (Farbar) C:\Users\Lara\Downloads\FRST.exe
2013-12-16 14:59 - 2013-12-16 14:59 - 00002073 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 14:59 - 2011-02-25 15:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-16 14:59 - 2011-02-25 15:31 - 00000000 ____D C:\Program Files\Google
2013-12-16 14:42 - 2011-02-07 14:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000UA.job
2013-12-16 14:31 - 2012-04-01 21:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-16 14:25 - 2011-02-25 15:31 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-16 14:24 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.dat
2013-12-16 14:24 - 2011-02-25 16:12 - 00036821 _____ C:\ProgramData\nvModes.001
2013-12-16 14:24 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 14:24 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 14:24 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 02:29 - 2013-12-10 11:49 - 02038256 _____ C:\Windows\WindowsUpdate.log
2013-12-16 02:29 - 2006-11-02 14:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-14 16:16 - 2008-01-21 08:16 - 01453972 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 16:10 - 2013-12-10 12:05 - 00001872 _____ C:\Windows\PFRO.log
2013-12-14 16:10 - 2012-12-27 04:50 - 00000000 ___DC C:\Program Files\Mozilla Maintenance Service
2013-12-14 02:59 - 2013-12-14 02:59 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 02:59 - 2013-12-14 02:58 - 00000000 ___DC C:\Program Files\iTunes
2013-12-14 02:59 - 2013-12-14 02:58 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-14 02:58 - 2013-12-14 02:58 - 00000000 ___DC C:\Program Files\iPod
2013-12-14 02:58 - 2011-02-04 13:17 - 00000000 ___DC C:\Program Files\Common Files\Apple
2013-12-14 02:52 - 2011-01-28 05:11 - 00000000 ____D C:\Users\Lara
2013-12-14 02:41 - 2013-12-14 02:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-14 01:07 - 2013-12-14 01:07 - 00891200 _____ C:\Users\Lara\Downloads\SecurityCheck.exe
2013-12-14 00:59 - 2013-12-14 00:59 - 00000000 ____D C:\Users\Lara\AppData\Local\ESET
2013-12-14 00:56 - 2013-12-14 00:56 - 01682336 _____ (ESET) C:\Users\Lara\Downloads\eset_nod32_antivirus_live_installer(1).exe
2013-12-14 00:51 - 2013-12-14 00:51 - 00000000 ____D C:\ProgramData\ESET
2013-12-14 00:51 - 2013-12-13 20:13 - 00000000 ___DC C:\Program Files\ESET
2013-12-14 00:44 - 2013-12-14 00:44 - 01682336 _____ (ESET) C:\Users\Lara\Downloads\eset_nod32_antivirus_live_installer.exe
2013-12-14 00:32 - 2013-12-14 00:32 - 00000906 _____ C:\Users\Lara\Desktop\eset.txt
2013-12-12 13:41 - 2011-02-07 14:50 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024481946-321734359-2265164632-1000Core.job
2013-12-12 13:10 - 2011-02-07 18:02 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-12-12 13:09 - 2013-12-12 13:09 - 00000000 ___DC C:\TDSSKiller_Quarantine
2013-12-11 14:28 - 2013-12-10 02:29 - 00021753 _____ C:\Users\Lara\Downloads\Addition.txt
2013-12-11 14:05 - 2013-12-11 14:05 - 00000000 ____D C:\Users\Lara\Downloads\tdsskiller
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller.zip
2013-12-11 14:03 - 2013-12-11 14:03 - 04101441 _____ C:\Users\Lara\Downloads\tdsskiller (1).zip
2013-12-11 14:02 - 2013-12-11 14:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lara\Downloads\tdsskiller.exe
2013-12-11 13:57 - 2013-12-10 02:28 - 00000000 ___DC C:\Users\Lara\Desktop\FRST
2013-12-11 04:38 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-12-11 04:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 04:02 - 2011-01-28 23:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-11 04:01 - 2006-11-02 13:47 - 00398704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 03:58 - 2011-02-25 16:03 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-11 03:58 - 2008-01-21 08:15 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-12-11 03:58 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-12-11 03:58 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-11 03:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 03:51 - 2011-02-09 15:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-11 03:44 - 2011-04-25 19:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 03:06 - 2013-12-11 03:06 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 02:57 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini
2013-12-11 02:31 - 2012-04-01 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 02:31 - 2011-06-21 13:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 02:03 - 2013-12-11 02:03 - 00000000 ____D C:\Windows\ERUNT
2013-12-11 02:02 - 2013-12-11 02:02 - 01034531 _____ (Thisisu) C:\Users\Lara\Downloads\JRT.exe
2013-12-11 01:56 - 2013-12-11 01:40 - 00000000 ___DC C:\AdwCleaner
2013-12-11 01:56 - 2011-02-07 18:37 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-11 01:40 - 2013-12-11 01:40 - 01226802 _____ C:\Users\Lara\Downloads\adwcleaner.exe
2013-12-11 01:15 - 2013-01-05 03:26 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2013-12-11 01:08 - 2013-12-11 00:39 - 00000172 _____ C:\Windows\SamsungInstaller.log
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ___DC C:\Program Files\Atheros WLAN Client
2013-12-11 01:07 - 2013-12-11 01:07 - 00000000 ____D C:\ProgramData\WLAN
2013-12-11 01:07 - 2011-01-28 18:55 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-10 13:14 - 2011-02-25 16:02 - 00000000 ____D C:\Program Files\Realtek
2013-12-10 13:11 - 2013-12-10 13:11 - 00000000 ___DC C:\Program Files\Intel Desktop Board
2013-12-10 12:12 - 2013-12-10 12:12 - 00007935 ____C C:\ComboFix.txt
2013-12-10 12:12 - 2012-07-13 04:04 - 00000000 ___DC C:\Qoobox
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-10 12:12 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-10 12:10 - 2012-07-13 04:04 - 00000000 ____D C:\Windows\erdnt
2013-12-10 12:06 - 2006-11-02 11:23 - 00000215 ____C C:\Windows\system.ini
2013-12-10 11:52 - 2013-12-10 11:51 - 05153091 ____R (Swearware) C:\Users\Lara\Downloads\ComboFix.exe
2013-12-10 11:42 - 2011-08-11 09:49 - 00000000 ____D C:\Windows\Minidump
2013-12-10 02:36 - 2011-02-07 14:52 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-10 02:27 - 2013-12-10 02:27 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-12-10 02:26 - 2013-12-10 02:26 - 00050477 _____ C:\Users\Lara\Downloads\Defogger.exe
2013-12-01 14:42 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-19 03:33 - 2011-02-07 15:00 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Lara\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-16 14:31

==================== End Of Log ============================

--- --- ---

Also dann kann ich jetzt ganz sicher wieder internet banking machen und der PC ist sauber, oder?

schrauber · 17.12.2013, 09:53

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Alle Passwörter und Zugänge ändern.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.