Weiterleitung bei google Suchergebnissen

flo231_464 · 16.07.2012, 16:18

Hallo Trojanerboard Experten,

folgendes Problem tritt bei meinem Windows 7 64bit Laptop seit gestern auf: Wenn ich bei google auf ein Suchergenis klicke, dann werde ich auf verschiedene andere Webseiten umgeleitet, aber natürlich nicht die, auf die ich eigentlich will. Der Scan mit OTL hat folgendes ergeben:

OTL logfile created on: 16.07.2012 16:54:23 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Fl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,98% Memory free
15,83 Gb Paging File | 13,90 Gb Available in Paging File | 87,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 56,47 Gb Free Space | 37,89% Space Free | Partition Type: NTFS
Drive D: | 425,64 Gb Total Space | 43,07 Gb Free Space | 10,12% Space Free | Partition Type: NTFS
Drive G: | 1,90 Gb Total Space | 1,90 Gb Free Space | 99,94% Space Free | Partition Type: FAT

Computer Name: FL-PC | User Name: Fl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.16 16:53:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fl\Downloads\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.07 14:32:48 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.01.25 17:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.10.07 20:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 20:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 16:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 16:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 23:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.22 23:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 03:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.20 15:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010.04.17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.26 00:03:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 14:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 16:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.15 23:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.22 12:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.15 12:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.08 11:15:02 | 000,656,896 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2011.08.08 11:15:02 | 000,624,640 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2011.07.05 16:28:36 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.31 12:41:38 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.31 12:41:38 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.25 15:54:35 | 000,133,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.13 15:12:39 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.14 04:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.03 12:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.06.23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010.03.02 21:48:34 | 002,103,336 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2009.07.21 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.09.02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/11/08 19:09:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.03.25 15:54:35 | 000,133,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.07.26 19:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 00:03:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.16 22:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.07.10 01:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fl\AppData\Roaming\mozilla\Extensions
[2011.05.31 10:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.22 23:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fl\AppData\Roaming\mozilla\Firefox\Profiles\ya42uc0v.default\extensions
[2012.05.22 23:44:03 | 000,000,000 | ---D | M] (BrowserTexting) -- C:\Users\Fl\AppData\Roaming\mozilla\Firefox\Profiles\ya42uc0v.default\extensions\browsertexting@browsertexting.com
[2012.05.17 17:26:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Fl\AppData\Roaming\mozilla\Firefox\Profiles\ya42uc0v.default\extensions\ich@maltegoetz.de
[2011.11.12 15:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.21 23:53:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.31 10:27:11 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\FL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA42UC0V.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012.06.26 00:03:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 00:03:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 00:03:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 00:03:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 00:03:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 00:03:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 00:03:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.07.03 17:22:19 | 000,001,469 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 googleads.g.doubleclick.net
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wodas.wetteronline.de
O1 - Hosts: 127.0.0.1 adsfac.eu
O1 - Hosts: 127.0.0.1 redtube.com
O1 - Hosts: 127.0.0.1 img03.redtubefiles.com
O1 - Hosts: 127.0.0.1 content.yieldmanager.edgesuite.net
O1 - Hosts: 127.0.0.1 eads.to
O1 - Hosts: 127.0.0.1 static.fundorado.com
O1 - Hosts: 127.0.0.1 ext.affaire.com
O1 - Hosts: 127.0.0.1 rgmarket.adspirit.net
O1 - Hosts: 127.0.0.1 *.redtubefiles.com
O1 - Hosts: 127.0.0.1 www.d03x2011.com
O1 - Hosts: 127.0.0.1 static.eu.criteo.net
O1 - Hosts: 127.0.0.1 ih.adscale.de
O1 - Hosts: 127.0.0.1 ads.adcloud.net
O1 - Hosts: 127.0.0.1 livejasmin.com
O1 - Hosts: 127.0.0.1 tag.admeld.com
O1 - Hosts: 127.0.0.1 imagesrv.adition.com
O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net
O1 - Hosts: 127.0.0.1 ad-emea.doubleclick.net
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe File not found
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Fl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426948A9-854A-4ACE-90D6-2C62A5E4487E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87DF1F8B-05D3-47F0-AF96-5625A23C0219}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.16 00:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.07.16 00:39:05 | 000,000,000 | ---D | C] -- C:\Users\Fl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.07.16 00:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.07.16 00:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoKMS
[2012.07.15 18:00:48 | 000,000,000 | ---D | C] -- C:\Directx
[2012.07.15 17:28:40 | 000,000,000 | ---D | C] -- C:\Games
[2012.07.15 02:52:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.07.15 02:30:30 | 000,000,000 | ---D | C] -- C:\Users\Fl\AppData\Roaming\xsecva
[2012.07.10 16:09:10 | 000,000,000 | ---D | C] -- C:\Users\Fl\Desktop\florian.jochheim.3
[2012.07.09 11:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012.07.09 11:30:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\kodak

========== Files - Modified Within 30 Days ==========

[2012.07.16 16:56:46 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:56:46 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:53:47 | 001,835,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 16:53:47 | 000,777,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 16:53:47 | 000,731,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 16:53:47 | 000,177,446 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 16:53:47 | 000,150,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.16 16:48:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 16:47:42 | 2078,158,847 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 16:46:41 | 000,000,188 | ---- | M] () -- C:\Users\Fl\defogger_reenable
[2012.07.16 12:57:35 | 000,001,511 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012.07.16 11:21:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.07.16 00:39:05 | 000,003,191 | ---- | M] () -- C:\Users\Fl\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012.07.16 00:14:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.15 21:59:05 | 000,435,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012.07.15 18:13:11 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\The Conquerors.lnk
[2012.07.15 18:11:47 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.07.15 18:10:01 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012.07.15 05:38:09 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.07.08 13:50:45 | 000,444,756 | ---- | M] () -- C:\Users\Fl\Desktop\ie_analysis_II.pdf
[2012.07.03 16:06:16 | 001,856,136 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012.06.20 20:07:59 | 005,244,423 | ---- | M] () -- C:\EL1_11VL.pdf
[2012.06.20 20:04:25 | 003,325,009 | ---- | M] () -- C:\EL1_12VL.pdf
[2012.06.20 20:02:19 | 000,077,040 | ---- | M] () -- C:\A12_Differenzverstaerker.pdf
[2012.06.19 13:15:33 | 000,000,146 | ---- | M] () -- C:\Windows\capture.INI
[2012.06.19 13:10:23 | 000,000,217 | ---- | M] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep
[2012.06.17 13:39:47 | 004,093,511 | ---- | M] () -- C:\EL1.pdf

========== Files Created - No Company Name ==========

[2012.07.16 16:46:41 | 000,000,188 | ---- | C] () -- C:\Users\Fl\defogger_reenable
[2012.07.16 16:41:44 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@
[2012.07.16 00:39:05 | 000,003,191 | ---- | C] () -- C:\Users\Fl\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.15 18:13:11 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\The Conquerors.lnk
[2012.07.15 18:11:47 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.07.15 18:02:34 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.07.15 17:18:13 | 3836,164,096 | ---- | C] () -- C:\Users\Fl\Desktop\C.O.H.iso
[2012.07.15 02:30:41 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000032.@
[2012.07.15 02:30:41 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000064.@
[2012.07.15 02:30:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\L\00000004.@
[2012.07.15 02:30:40 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000000.@
[2012.07.15 02:30:40 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000004.@
[2012.07.15 02:30:40 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\000000cb.@
[2012.07.08 13:50:45 | 000,444,756 | ---- | C] () -- C:\Users\Fl\Desktop\ie_analysis_II.pdf
[2012.07.02 16:05:52 | 001,096,338 | ---- | C] () -- C:\Users\Fl\Desktop\KSCN0001.jpg
[2012.06.20 20:07:59 | 005,244,423 | ---- | C] () -- C:\EL1_11VL.pdf
[2012.06.20 20:04:25 | 003,325,009 | ---- | C] () -- C:\EL1_12VL.pdf
[2012.06.20 20:02:19 | 000,077,040 | ---- | C] () -- C:\A12_Differenzverstaerker.pdf
[2012.06.19 13:15:33 | 000,000,146 | ---- | C] () -- C:\Windows\capture.INI
[2012.06.19 13:10:23 | 000,000,217 | ---- | C] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep
[2012.06.17 13:39:47 | 004,093,511 | ---- | C] () -- C:\EL1.pdf
[2012.06.04 23:22:22 | 000,000,144 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.04 23:22:20 | 000,251,904 | ---- | C] () -- C:\Windows\SysWow64\orant71.dll
[2012.06.04 23:22:18 | 000,903,168 | ---- | C] () -- C:\Windows\SysWow64\mitmdl30.dll
[2012.06.04 23:22:17 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2012.06.04 23:22:17 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2012.06.04 23:22:17 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2012.06.04 23:22:17 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2012.06.04 23:22:17 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2012.06.04 23:22:17 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2012.06.04 23:22:17 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2012.06.04 23:22:17 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2012.06.04 23:22:17 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2012.06.04 23:22:17 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2012.06.04 23:22:17 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2012.06.04 23:22:17 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2012.06.04 23:22:17 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2012.06.04 23:22:17 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2012.06.04 23:22:17 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Users\Fl\AppData\Local\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@
[2011.10.14 00:07:27 | 001,856,136 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.31 20:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.07.06 15:19:37 | 000,000,017 | ---- | C] () -- C:\Users\Fl\AppData\Roaming\Options.ini
[2011.06.01 00:39:15 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.31 09:22:40 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.04.07 13:58:57 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.04.07 13:18:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011.05.31 07:27:59 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Asus WebStorage
[2011.06.28 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Auslogics
[2011.11.03 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\benibela
[2011.06.08 23:49:10 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\DAEMON Tools Lite
[2012.07.16 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Dropbox
[2012.05.27 03:21:34 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\e-academy Inc
[2011.11.20 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\LyX2.0
[2012.01.13 11:50:03 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.06.28 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.07.23 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.07.06 15:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\My Battle for Middle-earth Files
[2011.07.07 01:23:55 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\OpenOffice.org
[2011.08.08 23:07:11 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\PDF Writer
[2012.06.18 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\pdfforge
[2012.06.28 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\TerraTec
[2012.01.27 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\The Creative Assembly
[2011.05.31 10:20:52 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Thunderbird
[2012.07.09 11:43:54 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\uTorrent
[2012.07.16 00:40:00 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\xsecva
[2011.05.31 08:30:00 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Zeon
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.01 05:01:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp

20FFA63
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568

< End of report >

t'john · 16.07.2012, 17:06

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ASUT 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4:64bit: - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe File not found 
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found 
O4:64bit: - HKLM..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" File not found 
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found 
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O32 - HKLM CDRom: AutoRun - 1 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp20FFA63 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568

[2012.06.26 00:03:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job 
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job 
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job 
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job 
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job 
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job 
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job 
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job 
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job 
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job 
[2012.06.19 13:10:23 | 000,000,217 | ---- | M] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep 
[2012.06.19 13:10:23 | 000,000,217 | ---- | C] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep 
[2012.07.16 16:41:44 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ 
[2012.07.15 02:30:30 | 000,000,000 | ---D | C] -- C:\Users\Fl\AppData\Roaming\xsecva 
[2012.07.15 02:30:41 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000032.@ 
[2012.07.15 02:30:41 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000064.@ 
[2012.07.15 02:30:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\L\00000004.@ 
[2012.07.15 02:30:40 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000000.@ 
[2012.07.15 02:30:40 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000004.@ 
[2012.07.15 02:30:40 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\000000cb.@ 
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@ 
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Users\Fl\AppData\Local\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@ 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

flo231_464 · 16.07.2012, 17:33

So, ausgeführt und reboot nach Aufforderung durchgeführt:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BDRegion deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKAiO2StatusMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Unable to delete ADS C:\ProgramData\Temp20FFA63 .
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job moved successfully.
File C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job not found.
C:\Windows\Tasks\At1.job moved successfully.
File C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At4.job moved successfully.
File C:\Windows\Tasks\At4.job not found.
C:\Windows\Tasks\At2.job moved successfully.
File C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At3.job moved successfully.
File C:\Windows\Tasks\At3.job not found.
C:\Windows\SysWOW64\design1-SCHEMATIC1-Sweep moved successfully.
File C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep not found.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ moved successfully.
C:\Users\Fl\AppData\Roaming\xsecva folder moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000032.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000064.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\L\00000004.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000000.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000004.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@ moved successfully.
C:\Users\Fl\AppData\Local\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Fl\Downloads\cmd.bat deleted successfully.
C:\Users\Fl\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fl
->Temp folder emptied: 1538134945 bytes
->Temporary Internet Files folder emptied: 65514379 bytes
->Java cache emptied: 1466159 bytes
->FireFox cache emptied: 173371495 bytes
->Flash cache emptied: 76514 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 265909265 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 1534389677 bytes
 
Total Files Cleaned = 3.413,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Fl
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_182559

Files\Folders moved on Reboot...
C:\Users\Fl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Fl\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.16 18:29:29 | 000,000,197 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

t'john · 16.07.2012, 18:51

Sehr gut!

1. Schritt

Neue Version! Bitte neu runterladen!

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

flo231_464 · 16.07.2012, 23:52

Danke schonmal für die tolle Hilfe und die schnellen Antwortn. Habe beides ausgeführt. Hier die Logs:

Code:

ATTFilter

# AdwCleaner v1.702 - Logfile created 07/17/2012 at 00:50:17
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Fl - FL-PC
# Running from : C:\Users\Fl\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Fl\AppData\Roaming\pdfforge

***** [Registry] *****

Key Found : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Fl\AppData\Roaming\Mozilla\Firefox\Profiles\ya42uc0v.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1322 octets] - [17/07/2012 00:50:17]

########## EOF - C:\AdwCleaner[R1].txt - [1450 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fl :: FL-PC [Administrator]

Schutz: Aktiviert

16.07.2012 23:18:49
mbam-log-2012-07-16 (23-18-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 571317
Laufzeit: 1 Stunde(n), 25 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07162012_182559\C_Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john · 17.07.2012, 16:06

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

TDSSKiller von Kaspersky

- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.

Hier findest Du eine ausführlichere TDSSKiller Anleitung.

flo231_464 · 17.07.2012, 20:09

Code:

ATTFilter

# AdwCleaner v1.702 - Logfile created 07/17/2012 at 21:04:13
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Fl - FL-PC
# Running from : C:\Users\Fl\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Fl\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Fl\AppData\Roaming\Mozilla\Firefox\Profiles\ya42uc0v.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [17/07/2012 00:50:17]
AdwCleaner[S1].txt - [1155 octets] - [17/07/2012 21:04:13]

########## EOF - C:\AdwCleaner[S1].txt - [1283 octets] ##########

Code:

ATTFilter

21:06:09.0386 4204	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:06:09.0485 4204	============================================================
21:06:09.0485 4204	Current date / time: 2012/07/17 21:06:09.0485
21:06:09.0485 4204	SystemInfo:
21:06:09.0485 4204	
21:06:09.0485 4204	OS Version: 6.1.7601 ServicePack: 1.0
21:06:09.0485 4204	Product type: Workstation
21:06:09.0485 4204	ComputerName: FL-PC
21:06:09.0486 4204	UserName: Fl
21:06:09.0486 4204	Windows directory: C:\Windows
21:06:09.0486 4204	System windows directory: C:\Windows
21:06:09.0486 4204	Running under WOW64
21:06:09.0486 4204	Processor architecture: Intel x64
21:06:09.0486 4204	Number of processors: 4
21:06:09.0486 4204	Page size: 0x1000
21:06:09.0486 4204	Boot type: Normal boot
21:06:09.0486 4204	============================================================
21:06:10.0429 4204	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:10.0434 4204	Drive \Device\Harddisk1\DR1 - Size: 0x79800000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:10.0436 4204	============================================================
21:06:10.0436 4204	\Device\Harddisk0\DR0:
21:06:10.0436 4204	MBR partitions:
21:06:10.0437 4204	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x12A151A9
21:06:10.0457 4204	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1550F800, BlocksNum 0x35348000
21:06:10.0458 4204	\Device\Harddisk1\DR1:
21:06:10.0460 4204	MBR partitions:
21:06:10.0460 4204	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xE2, BlocksNum 0x3CBF1E
21:06:10.0460 4204	============================================================
21:06:10.0519 4204	C: <-> \Device\Harddisk0\DR0\Partition0
21:06:10.0678 4204	D: <-> \Device\Harddisk0\DR0\Partition1
21:06:10.0678 4204	============================================================
21:06:10.0678 4204	Initialize success
21:06:10.0678 4204	============================================================
21:06:20.0639 4528	============================================================
21:06:20.0639 4528	Scan started
21:06:20.0639 4528	Mode: Manual; 
21:06:20.0639 4528	============================================================
21:06:27.0000 4528	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:06:27.0019 4528	1394ohci - ok
21:06:27.0487 4528	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:06:27.0507 4528	ACPI - ok
21:06:27.0598 4528	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:06:27.0598 4528	AcpiPmi - ok
21:06:27.0867 4528	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:27.0898 4528	AdobeARMservice - ok
21:06:28.0455 4528	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:28.0471 4528	adp94xx - ok
21:06:28.0950 4528	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:06:28.0970 4528	adpahci - ok
21:06:29.0261 4528	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:06:29.0278 4528	adpu320 - ok
21:06:29.0377 4528	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:06:29.0378 4528	AeLookupSvc - ok
21:06:29.0918 4528	AFBAgent        (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe
21:06:29.0933 4528	AFBAgent - ok
21:06:30.0320 4528	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:06:30.0323 4528	AFD - ok
21:06:30.0429 4528	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:06:30.0445 4528	agp440 - ok
21:06:30.0617 4528	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:06:30.0618 4528	ALG - ok
21:06:30.0715 4528	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:06:30.0716 4528	aliide - ok
21:06:30.0777 4528	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:06:30.0778 4528	amdide - ok
21:06:31.0064 4528	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:06:31.0067 4528	AmdK8 - ok
21:06:31.0140 4528	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:06:31.0141 4528	AmdPPM - ok
21:06:31.0375 4528	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
21:06:31.0377 4528	amdsata - ok
21:06:31.0723 4528	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:31.0803 4528	amdsbs - ok
21:06:31.0860 4528	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
21:06:31.0860 4528	amdxata - ok
21:06:32.0087 4528	AnyDVD          (a4837260ab5e274d508a52a6da7c9ed1) C:\Windows\system32\Drivers\AnyDVD.sys
21:06:32.0088 4528	AnyDVD - ok
21:06:32.0298 4528	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:06:32.0301 4528	AppID - ok
21:06:32.0507 4528	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:06:32.0525 4528	AppIDSvc - ok
21:06:32.0804 4528	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:06:32.0805 4528	Appinfo - ok
21:06:33.0206 4528	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:06:33.0250 4528	Apple Mobile Device - ok
21:06:33.0443 4528	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:06:33.0472 4528	arc - ok
21:06:33.0625 4528	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:06:33.0664 4528	arcsas - ok
21:06:33.0947 4528	ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:06:33.0950 4528	ASLDRService - ok
21:06:34.0567 4528	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:06:34.0872 4528	aspnet_state - ok
21:06:34.0966 4528	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:34.0968 4528	AsyncMac - ok
21:06:35.0089 4528	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:06:35.0089 4528	atapi - ok
21:06:36.0544 4528	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
21:06:36.0619 4528	athr - ok
21:06:36.0728 4528	ATKGFNEXSrv     (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:06:36.0731 4528	ATKGFNEXSrv - ok
21:06:37.0009 4528	atksgt          (b0d59e2eeb0b9ea65c6dc74ae0e2f045) C:\Windows\system32\DRIVERS\atksgt.sys
21:06:37.0010 4528	atksgt - ok
21:06:37.0091 4528	ATKWMIACPIIO_   (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:06:37.0092 4528	ATKWMIACPIIO_ - ok
21:06:37.0178 4528	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:37.0198 4528	AudioEndpointBuilder - ok
21:06:37.0203 4528	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:37.0206 4528	AudioSrv - ok
21:06:37.0258 4528	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:06:37.0261 4528	AxInstSV - ok
21:06:37.0340 4528	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:06:37.0352 4528	b06bdrv - ok
21:06:37.0385 4528	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:37.0396 4528	b57nd60a - ok
21:06:37.0466 4528	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:06:37.0469 4528	BDESVC - ok
21:06:37.0502 4528	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:06:37.0512 4528	Beep - ok
21:06:37.0626 4528	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:06:37.0647 4528	BITS - ok
21:06:37.0668 4528	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:37.0670 4528	blbdrive - ok
21:06:37.0705 4528	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:06:37.0707 4528	bowser - ok
21:06:37.0736 4528	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:37.0738 4528	BrFiltLo - ok
21:06:37.0745 4528	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:37.0747 4528	BrFiltUp - ok
21:06:37.0778 4528	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:06:37.0782 4528	Browser - ok
21:06:37.0804 4528	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:06:37.0817 4528	Brserid - ok
21:06:37.0832 4528	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:37.0835 4528	BrSerWdm - ok
21:06:37.0846 4528	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:37.0849 4528	BrUsbMdm - ok
21:06:37.0864 4528	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:37.0866 4528	BrUsbSer - ok
21:06:37.0881 4528	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:37.0883 4528	BTHMODEM - ok
21:06:37.0935 4528	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:06:37.0937 4528	bthserv - ok
21:06:37.0958 4528	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:37.0961 4528	cdfs - ok
21:06:38.0008 4528	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:06:38.0012 4528	cdrom - ok
21:06:38.0056 4528	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:06:38.0060 4528	CertPropSvc - ok
21:06:38.0090 4528	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:06:38.0092 4528	circlass - ok
21:06:38.0136 4528	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:06:38.0154 4528	CLFS - ok
21:06:38.0352 4528	CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:06:38.0355 4528	CLHNServiceForPowerDVD - ok
21:06:38.0400 4528	CLKMSVC10_38F51D56 - ok
21:06:38.0511 4528	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:38.0532 4528	clr_optimization_v2.0.50727_32 - ok
21:06:38.0604 4528	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:38.0610 4528	clr_optimization_v2.0.50727_64 - ok
21:06:38.0697 4528	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:38.0867 4528	clr_optimization_v4.0.30319_32 - ok
21:06:39.0095 4528	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:39.0176 4528	clr_optimization_v4.0.30319_64 - ok
21:06:39.0419 4528	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:39.0420 4528	CmBatt - ok
21:06:39.0455 4528	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:06:39.0458 4528	cmdide - ok
21:06:39.0520 4528	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:06:39.0535 4528	CNG - ok
21:06:39.0581 4528	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:06:39.0582 4528	Compbatt - ok
21:06:39.0620 4528	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:06:39.0623 4528	CompositeBus - ok
21:06:39.0634 4528	COMSysApp - ok
21:06:39.0653 4528	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:06:39.0657 4528	crcdisk - ok
21:06:39.0732 4528	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:06:39.0750 4528	CryptSvc - ok
21:06:40.0024 4528	CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:06:40.0043 4528	CyberLink PowerDVD 11.0 Monitor Service - ok
21:06:40.0074 4528	CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
21:06:40.0094 4528	CyberLink PowerDVD 11.0 Service - ok
21:06:40.0184 4528	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:06:40.0208 4528	DcomLaunch - ok
21:06:40.0261 4528	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:06:40.0273 4528	defragsvc - ok
21:06:40.0493 4528	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:06:40.0504 4528	DfsC - ok
21:06:40.0562 4528	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:06:40.0583 4528	Dhcp - ok
21:06:40.0624 4528	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:06:40.0628 4528	discache - ok
21:06:40.0654 4528	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:06:40.0657 4528	Disk - ok
21:06:40.0696 4528	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:06:40.0702 4528	Dnscache - ok
21:06:40.0738 4528	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:06:40.0751 4528	dot3svc - ok
21:06:40.0823 4528	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:06:40.0843 4528	DPS - ok
21:06:40.0920 4528	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:06:40.0923 4528	drmkaud - ok
21:06:41.0003 4528	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:06:41.0008 4528	dtsoftbus01 - ok
21:06:41.0914 4528	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:06:41.0925 4528	DXGKrnl - ok
21:06:42.0004 4528	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:06:42.0008 4528	EapHost - ok
21:06:42.0434 4528	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:06:42.0523 4528	ebdrv - ok
21:06:43.0230 4528	EFS             (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:06:43.0241 4528	EFS - ok
21:06:43.0365 4528	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:06:43.0400 4528	ehRecvr - ok
21:06:43.0455 4528	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:06:43.0459 4528	ehSched - ok
21:06:43.0535 4528	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:06:43.0536 4528	ElbyCDIO - ok
21:06:43.0641 4528	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:06:43.0662 4528	elxstor - ok
21:06:43.0695 4528	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:06:43.0699 4528	ErrDev - ok
21:06:43.0746 4528	ETD             (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
21:06:43.0748 4528	ETD - ok
21:06:43.0810 4528	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:06:43.0829 4528	EventSystem - ok
21:06:43.0883 4528	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:06:43.0896 4528	exfat - ok
21:06:43.0926 4528	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:06:43.0940 4528	fastfat - ok
21:06:44.0039 4528	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:06:44.0067 4528	Fax - ok
21:06:44.0094 4528	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:06:44.0097 4528	fdc - ok
21:06:44.0140 4528	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:06:44.0145 4528	fdPHost - ok
21:06:44.0161 4528	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:06:44.0165 4528	FDResPub - ok
21:06:44.0193 4528	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:06:44.0196 4528	FileInfo - ok
21:06:44.0217 4528	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:06:44.0219 4528	Filetrace - ok
21:06:44.0233 4528	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:44.0236 4528	flpydisk - ok
21:06:44.0458 4528	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:06:44.0473 4528	FltMgr - ok
21:06:44.0561 4528	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
21:06:44.0611 4528	FontCache - ok
21:06:44.0741 4528	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:44.0762 4528	FontCache3.0.0.0 - ok
21:06:44.0827 4528	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:06:44.0830 4528	FsDepends - ok
21:06:44.0851 4528	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:06:44.0852 4528	Fs_Rec - ok
21:06:44.0931 4528	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:06:44.0937 4528	fvevol - ok
21:06:44.0965 4528	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:06:44.0970 4528	gagp30kx - ok
21:06:45.0036 4528	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:06:45.0037 4528	GEARAspiWDM - ok
21:06:45.0607 4528	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:06:45.0646 4528	gpsvc - ok
21:06:45.0677 4528	hamachi         (38230a1356208788c5dd007a945479ff) C:\Windows\system32\DRIVERS\hamachi.sys
21:06:45.0680 4528	hamachi - ok
21:06:45.0707 4528	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:06:45.0710 4528	hcw85cir - ok
21:06:45.0768 4528	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:06:45.0786 4528	HdAudAddService - ok
21:06:45.0821 4528	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:06:45.0823 4528	HDAudBus - ok
21:06:45.0839 4528	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:06:45.0842 4528	HidBatt - ok
21:06:45.0854 4528	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:06:45.0857 4528	HidBth - ok
21:06:45.0888 4528	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:06:45.0891 4528	HidIr - ok
21:06:45.0921 4528	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:06:45.0925 4528	hidserv - ok
21:06:45.0977 4528	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:06:45.0980 4528	HidUsb - ok
21:06:46.0028 4528	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:06:46.0046 4528	hkmsvc - ok
21:06:46.0100 4528	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:06:46.0115 4528	HomeGroupListener - ok
21:06:46.0172 4528	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:06:46.0179 4528	HomeGroupProvider - ok
21:06:46.0210 4528	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:06:46.0213 4528	HpSAMD - ok
21:06:46.0463 4528	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:06:46.0493 4528	HTTP - ok
21:06:46.0546 4528	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:06:46.0547 4528	hwpolicy - ok
21:06:46.0603 4528	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:06:46.0606 4528	i8042prt - ok
21:06:46.0748 4528	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:06:46.0754 4528	iaStor - ok
21:06:47.0056 4528	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
21:06:47.0094 4528	iaStorV - ok
21:06:47.0239 4528	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:06:47.0246 4528	IDriverT - ok
21:06:47.0427 4528	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:06:47.0461 4528	idsvc - ok
21:06:50.0570 4528	igfx            (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:06:50.0812 4528	igfx - ok
21:06:50.0976 4528	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:06:50.0979 4528	iirsp - ok
21:06:51.0079 4528	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:06:51.0110 4528	IKEEXT - ok
21:06:51.0788 4528	IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
21:06:51.0802 4528	IntcAzAudAddService - ok
21:06:52.0134 4528	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:06:52.0146 4528	IntcDAud - ok
21:06:52.0208 4528	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:06:52.0211 4528	intelide - ok
21:06:52.0249 4528	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:06:52.0253 4528	intelppm - ok
21:06:52.0315 4528	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:06:52.0320 4528	IPBusEnum - ok
21:06:52.0351 4528	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:52.0354 4528	IpFilterDriver - ok
21:06:52.0393 4528	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:06:52.0397 4528	IPMIDRV - ok
21:06:52.0443 4528	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:06:52.0448 4528	IPNAT - ok
21:06:52.0876 4528	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:06:52.0910 4528	iPod Service - ok
21:06:52.0953 4528	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:06:52.0956 4528	IRENUM - ok
21:06:52.0989 4528	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:06:52.0991 4528	isapnp - ok
21:06:53.0022 4528	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:06:53.0034 4528	iScsiPrt - ok
21:06:53.0060 4528	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:06:53.0061 4528	kbdclass - ok
21:06:53.0105 4528	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:06:53.0108 4528	kbdhid - ok
21:06:53.0130 4528	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:06:53.0130 4528	kbfiltr - ok
21:06:53.0178 4528	KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:06:53.0180 4528	KeyIso - ok
21:06:53.0274 4528	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:06:53.0276 4528	KSecDD - ok
21:06:53.0306 4528	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:06:53.0310 4528	KSecPkg - ok
21:06:53.0344 4528	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:06:53.0346 4528	ksthunk - ok
21:06:53.0398 4528	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:06:53.0419 4528	KtmRm - ok
21:06:53.0503 4528	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:06:53.0518 4528	LanmanServer - ok
21:06:53.0557 4528	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:06:53.0563 4528	LanmanWorkstation - ok
21:06:53.0609 4528	lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
21:06:53.0610 4528	lirsgt - ok
21:06:53.0637 4528	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:06:53.0640 4528	lltdio - ok
21:06:53.0681 4528	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:06:53.0696 4528	lltdsvc - ok
21:06:53.0736 4528	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:06:53.0740 4528	lmhosts - ok
21:06:53.0780 4528	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:06:53.0784 4528	LSI_FC - ok
21:06:53.0798 4528	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:06:53.0801 4528	LSI_SAS - ok
21:06:53.0821 4528	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:06:53.0824 4528	LSI_SAS2 - ok
21:06:53.0840 4528	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:06:53.0844 4528	LSI_SCSI - ok
21:06:53.0867 4528	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:06:53.0870 4528	luafv - ok
21:06:53.0919 4528	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:06:53.0922 4528	MBAMProtector - ok
21:06:54.0160 4528	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:06:54.0195 4528	MBAMService - ok
21:06:54.0236 4528	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:06:54.0243 4528	Mcx2Svc - ok
21:06:54.0263 4528	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:06:54.0266 4528	megasas - ok
21:06:54.0291 4528	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:06:54.0311 4528	MegaSR - ok
21:06:54.0352 4528	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:06:54.0354 4528	MEIx64 - ok
21:06:54.0402 4528	Microsoft SharePoint Workspace Audit Service - ok
21:06:54.0492 4528	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:06:54.0496 4528	MMCSS - ok
21:06:54.0525 4528	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:06:54.0528 4528	Modem - ok
21:06:54.0550 4528	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:06:54.0553 4528	monitor - ok
21:06:54.0589 4528	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:06:54.0590 4528	mouclass - ok
21:06:54.0617 4528	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:06:54.0620 4528	mouhid - ok
21:06:54.0695 4528	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:06:54.0699 4528	mountmgr - ok
21:06:54.0805 4528	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:06:54.0809 4528	MozillaMaintenance - ok
21:06:54.0845 4528	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:06:54.0849 4528	mpio - ok
21:06:54.0894 4528	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:06:54.0899 4528	mpsdrv - ok
21:06:54.0990 4528	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:06:54.0995 4528	MRxDAV - ok
21:06:55.0048 4528	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:55.0053 4528	mrxsmb - ok
21:06:55.0096 4528	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:55.0114 4528	mrxsmb10 - ok
21:06:55.0140 4528	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:55.0144 4528	mrxsmb20 - ok
21:06:55.0172 4528	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:06:55.0173 4528	msahci - ok
21:06:55.0206 4528	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:06:55.0210 4528	msdsm - ok
21:06:55.0238 4528	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:06:55.0242 4528	MSDTC - ok
21:06:55.0271 4528	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:06:55.0273 4528	Msfs - ok
21:06:55.0298 4528	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:06:55.0300 4528	mshidkmdf - ok
21:06:55.0330 4528	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:06:55.0330 4528	msisadrv - ok
21:06:55.0360 4528	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:06:55.0366 4528	MSiSCSI - ok
21:06:55.0369 4528	msiserver - ok
21:06:55.0404 4528	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:06:55.0406 4528	MSKSSRV - ok
21:06:55.0419 4528	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:55.0422 4528	MSPCLOCK - ok
21:06:55.0431 4528	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:06:55.0434 4528	MSPQM - ok
21:06:55.0506 4528	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:06:55.0528 4528	MsRPC - ok
21:06:55.0562 4528	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:06:55.0563 4528	mssmbios - ok
21:06:55.0648 4528	MSSQL$SQLEXPRESS - ok
21:06:55.0747 4528	MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:06:55.0751 4528	MSSQLServerADHelper100 - ok
21:06:55.0783 4528	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:06:55.0787 4528	MSTEE - ok
21:06:55.0803 4528	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:06:55.0806 4528	MTConfig - ok
21:06:55.0824 4528	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:06:55.0825 4528	Mup - ok
21:06:55.0879 4528	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:06:55.0899 4528	napagent - ok
21:06:55.0945 4528	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:06:55.0956 4528	NativeWifiP - ok
21:06:56.0072 4528	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:06:56.0108 4528	NDIS - ok
21:06:56.0153 4528	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:56.0156 4528	NdisCap - ok
21:06:56.0197 4528	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:56.0200 4528	NdisTapi - ok
21:06:56.0270 4528	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:56.0280 4528	Ndisuio - ok
21:06:56.0330 4528	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:56.0343 4528	NdisWan - ok
21:06:56.0359 4528	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:06:56.0362 4528	NDProxy - ok
21:06:56.0401 4528	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:06:56.0404 4528	NetBIOS - ok
21:06:56.0471 4528	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:06:56.0482 4528	NetBT - ok
21:06:56.0538 4528	Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:06:56.0541 4528	Netlogon - ok
21:06:56.0786 4528	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:06:56.0804 4528	Netman - ok
21:06:56.0927 4528	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:56.0953 4528	NetMsmqActivator - ok
21:06:56.0963 4528	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:56.0966 4528	NetPipeActivator - ok
21:06:57.0031 4528	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:06:57.0050 4528	netprofm - ok
21:06:57.0068 4528	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:57.0070 4528	NetTcpActivator - ok
21:06:57.0074 4528	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:57.0076 4528	NetTcpPortSharing - ok
21:06:57.0189 4528	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:06:57.0192 4528	nfrd960 - ok
21:06:57.0256 4528	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:06:57.0275 4528	NlaSvc - ok
21:06:57.0298 4528	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:06:57.0301 4528	Npfs - ok
21:06:57.0337 4528	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:06:57.0342 4528	nsi - ok
21:06:57.0355 4528	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:06:57.0358 4528	nsiproxy - ok
21:06:57.0632 4528	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
21:06:57.0672 4528	Ntfs - ok
21:06:57.0898 4528	ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:06:57.0899 4528	ntk_PowerDVD - ok
21:06:58.0177 4528	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:06:58.0179 4528	Null - ok
21:06:59.0739 4528	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:06:59.0803 4528	nvlddmkm - ok
21:06:59.0929 4528	nvpciflt        (715d45ed30003fc70cfa0d9c6dd0b538) C:\Windows\system32\DRIVERS\nvpciflt.sys
21:06:59.0929 4528	nvpciflt - ok
21:06:59.0967 4528	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
21:06:59.0970 4528	nvraid - ok
21:06:59.0990 4528	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
21:06:59.0994 4528	nvstor - ok
21:07:00.0046 4528	NVSvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
21:07:00.0072 4528	NVSvc - ok
21:07:00.0215 4528	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:07:00.0264 4528	nvUpdatusService - ok
21:07:00.0394 4528	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:07:00.0397 4528	nv_agp - ok
21:07:00.0435 4528	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:07:00.0437 4528	ohci1394 - ok
21:07:00.0561 4528	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:00.0564 4528	ose - ok
21:07:00.0671 4528	ose64           (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:00.0675 4528	ose64 - ok
21:07:00.0890 4528	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:07:00.0988 4528	osppsvc - ok
21:07:01.0116 4528	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:01.0130 4528	p2pimsvc - ok
21:07:01.0161 4528	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:07:01.0180 4528	p2psvc - ok
21:07:01.0224 4528	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:07:01.0227 4528	Parport - ok
21:07:01.0260 4528	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:07:01.0262 4528	partmgr - ok
21:07:01.0302 4528	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:07:01.0306 4528	PcaSvc - ok
21:07:01.0344 4528	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:07:01.0347 4528	pci - ok
21:07:01.0378 4528	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:07:01.0379 4528	pciide - ok
21:07:01.0416 4528	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:01.0420 4528	pcmcia - ok
21:07:01.0441 4528	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:07:01.0442 4528	pcw - ok
21:07:01.0479 4528	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:07:01.0497 4528	PEAUTH - ok
21:07:01.0571 4528	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:07:01.0573 4528	PerfHost - ok
21:07:01.0693 4528	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:07:01.0742 4528	pla - ok
21:07:01.0870 4528	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:07:01.0884 4528	PlugPlay - ok
21:07:01.0926 4528	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:07:01.0929 4528	PNRPAutoReg - ok
21:07:01.0960 4528	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:01.0963 4528	PNRPsvc - ok
21:07:02.0016 4528	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:07:02.0037 4528	PolicyAgent - ok
21:07:02.0061 4528	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:07:02.0065 4528	Power - ok
21:07:02.0449 4528	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:02.0459 4528	PptpMiniport - ok
21:07:02.0628 4528	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:07:02.0681 4528	Processor - ok
21:07:03.0240 4528	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:07:03.0280 4528	ProfSvc - ok
21:07:03.0414 4528	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:03.0415 4528	ProtectedStorage - ok
21:07:03.0627 4528	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:07:03.0629 4528	Psched - ok
21:07:05.0753 4528	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:05.0827 4528	ql2300 - ok
21:07:07.0206 4528	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:07.0245 4528	ql40xx - ok
21:07:07.0621 4528	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:07:07.0638 4528	QWAVE - ok
21:07:07.0764 4528	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:07:07.0766 4528	QWAVEdrv - ok
21:07:07.0797 4528	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:07.0799 4528	RasAcd - ok
21:07:07.0920 4528	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:07.0922 4528	RasAgileVpn - ok
21:07:08.0131 4528	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:07:08.0152 4528	RasAuto - ok
21:07:08.0399 4528	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:08.0420 4528	Rasl2tp - ok
21:07:08.0882 4528	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:07:08.0960 4528	RasMan - ok
21:07:09.0180 4528	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:09.0187 4528	RasPppoe - ok
21:07:09.0360 4528	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:09.0363 4528	RasSstp - ok
21:07:09.0628 4528	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:09.0664 4528	rdbss - ok
21:07:09.0716 4528	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:09.0718 4528	rdpbus - ok
21:07:09.0786 4528	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:09.0797 4528	RDPCDD - ok
21:07:09.0846 4528	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:07:09.0853 4528	RDPENCDD - ok
21:07:09.0899 4528	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:07:09.0904 4528	RDPREFMP - ok
21:07:10.0222 4528	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:07:10.0242 4528	RDPWD - ok
21:07:10.0574 4528	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:07:10.0592 4528	rdyboost - ok
21:07:10.0714 4528	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:07:10.0719 4528	RemoteAccess - ok
21:07:10.0962 4528	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:07:10.0980 4528	RemoteRegistry - ok
21:07:11.0117 4528	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:07:11.0157 4528	RpcEptMapper - ok
21:07:11.0204 4528	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:07:11.0207 4528	RpcLocator - ok
21:07:11.0765 4528	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:07:11.0777 4528	RpcSs - ok
21:07:11.0955 4528	RsFx0103        (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
21:07:11.0987 4528	RsFx0103 - ok
21:07:12.0028 4528	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:12.0031 4528	rspndr - ok
21:07:12.0097 4528	RSUSBVSTOR      (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
21:07:12.0102 4528	RSUSBVSTOR - ok
21:07:12.0133 4528	RTL8167         (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:07:12.0136 4528	RTL8167 - ok
21:07:12.0176 4528	SamSs           (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:12.0178 4528	SamSs - ok
21:07:12.0213 4528	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:07:12.0218 4528	sbp2port - ok
21:07:12.0259 4528	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:07:12.0280 4528	SCardSvr - ok
21:07:12.0337 4528	SCDEmu          (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
21:07:12.0339 4528	SCDEmu - ok
21:07:12.0379 4528	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:12.0382 4528	scfilter - ok
21:07:12.0483 4528	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:07:12.0538 4528	Schedule - ok
21:07:12.0572 4528	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:07:12.0573 4528	SCPolicySvc - ok
21:07:12.0641 4528	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:07:12.0655 4528	SDRSVC - ok
21:07:12.0723 4528	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:07:12.0726 4528	secdrv - ok
21:07:12.0763 4528	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:07:12.0768 4528	seclogon - ok
21:07:12.0800 4528	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:07:12.0806 4528	SENS - ok
21:07:12.0822 4528	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:07:12.0827 4528	SensrSvc - ok
21:07:12.0850 4528	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:07:12.0853 4528	Serenum - ok
21:07:12.0892 4528	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:07:12.0896 4528	Serial - ok
21:07:12.0927 4528	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:12.0930 4528	sermouse - ok
21:07:12.0978 4528	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:07:12.0983 4528	SessionEnv - ok
21:07:13.0007 4528	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:07:13.0009 4528	sffdisk - ok
21:07:13.0016 4528	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:13.0019 4528	sffp_mmc - ok
21:07:13.0034 4528	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:07:13.0038 4528	sffp_sd - ok
21:07:13.0052 4528	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:13.0055 4528	sfloppy - ok
21:07:13.0083 4528	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:07:13.0102 4528	ShellHWDetection - ok
21:07:13.0151 4528	simptcp         (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
21:07:13.0155 4528	simptcp - ok
21:07:13.0201 4528	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:07:13.0204 4528	SiSGbeLH - ok
21:07:13.0228 4528	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:13.0231 4528	SiSRaid2 - ok
21:07:13.0246 4528	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:13.0250 4528	SiSRaid4 - ok
21:07:13.0354 4528	SkypeUpdate     (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:07:13.0359 4528	SkypeUpdate - ok
21:07:13.0393 4528	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:07:13.0398 4528	Smb - ok
21:07:13.0461 4528	SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
21:07:13.0467 4528	SNMP - ok
21:07:13.0513 4528	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:07:13.0519 4528	SNMPTRAP - ok
21:07:13.0536 4528	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:07:13.0537 4528	spldr - ok
21:07:13.0597 4528	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:07:13.0632 4528	Spooler - ok
21:07:13.0968 4528	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:07:14.0036 4528	sppsvc - ok
21:07:14.0139 4528	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:07:14.0147 4528	sppuinotify - ok
21:07:14.0170 4528	sptd - ok
21:07:14.0295 4528	SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:07:14.0313 4528	SQLAgent$SQLEXPRESS - ok
21:07:14.0410 4528	SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:07:14.0423 4528	SQLBrowser - ok
21:07:14.0494 4528	SQLWriter       (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:07:14.0499 4528	SQLWriter - ok
21:07:14.0587 4528	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:07:14.0605 4528	srv - ok
21:07:14.0653 4528	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:07:14.0673 4528	srv2 - ok
21:07:14.0698 4528	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:14.0712 4528	srvnet - ok
21:07:14.0756 4528	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:07:14.0778 4528	SSDPSRV - ok
21:07:14.0808 4528	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:07:14.0816 4528	SstpSvc - ok
21:07:14.0941 4528	StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
21:07:14.0959 4528	StarWindServiceAE - ok
21:07:15.0008 4528	Steam Client Service - ok
21:07:15.0038 4528	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:15.0042 4528	stexstor - ok
21:07:15.0118 4528	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:07:15.0163 4528	stisvc - ok
21:07:15.0200 4528	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:07:15.0201 4528	swenum - ok
21:07:15.0258 4528	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:07:15.0280 4528	swprv - ok
21:07:15.0385 4528	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:07:15.0451 4528	SysMain - ok
21:07:15.0556 4528	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:07:15.0573 4528	TabletInputService - ok
21:07:15.0616 4528	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:07:15.0636 4528	TapiSrv - ok
21:07:15.0684 4528	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:07:15.0689 4528	TBS - ok
21:07:15.0854 4528	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:07:15.0914 4528	Tcpip - ok
21:07:16.0171 4528	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:16.0187 4528	TCPIP6 - ok
21:07:16.0267 4528	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:07:16.0269 4528	tcpipreg - ok
21:07:16.0300 4528	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:07:16.0303 4528	TDPIPE - ok
21:07:16.0319 4528	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:07:16.0321 4528	TDTCP - ok
21:07:16.0360 4528	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:07:16.0363 4528	tdx - ok
21:07:16.0449 4528	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:07:16.0451 4528	TermDD - ok
21:07:16.0514 4528	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:07:16.0546 4528	TermService - ok
21:07:16.0584 4528	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:07:16.0591 4528	Themes - ok
21:07:16.0629 4528	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:07:16.0632 4528	THREADORDER - ok
21:07:16.0675 4528	TlntSvr         (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
21:07:16.0683 4528	TlntSvr - ok
21:07:16.0723 4528	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:07:16.0739 4528	TrkWks - ok
21:07:16.0809 4528	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:07:16.0823 4528	TrustedInstaller - ok
21:07:16.0888 4528	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:16.0891 4528	tssecsrv - ok
21:07:16.0941 4528	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:07:16.0945 4528	TsUsbFlt - ok
21:07:17.0085 4528	TS_AR5416       (519738ff21539146ebcf8cf9d809a1d9) C:\Windows\system32\DRIVERS\ts_athwx.sys
21:07:17.0138 4528	TS_AR5416 - ok
21:07:17.0293 4528	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:17.0297 4528	tunnel - ok
21:07:17.0330 4528	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
21:07:17.0331 4528	TurboB - ok
21:07:17.0395 4528	TurboBoost      (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:07:17.0399 4528	TurboBoost - ok
21:07:17.0435 4528	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:17.0439 4528	uagp35 - ok
21:07:17.0482 4528	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:07:17.0503 4528	udfs - ok
21:07:17.0549 4528	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:07:17.0556 4528	UI0Detect - ok
21:07:17.0596 4528	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:07:17.0600 4528	uliagpkx - ok
21:07:17.0659 4528	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:07:17.0662 4528	umbus - ok
21:07:17.0699 4528	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:07:17.0703 4528	UmPass - ok
21:07:17.0758 4528	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:07:17.0777 4528	upnphost - ok
21:07:17.0849 4528	USB28xxBGA      (9f653328c93be4a65fbc8fa8d6d41a36) C:\Windows\system32\DRIVERS\emBDA64.sys
21:07:17.0873 4528	USB28xxBGA - ok
21:07:17.0908 4528	USB28xxOEM      (9ae41342a484a808aa9cecc69db0ebfe) C:\Windows\system32\DRIVERS\emOEM64.sys
21:07:17.0920 4528	USB28xxOEM - ok
21:07:17.0966 4528	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:07:17.0969 4528	USBAAPL64 - ok
21:07:18.0017 4528	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:18.0021 4528	usbccgp - ok
21:07:18.0048 4528	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:07:18.0051 4528	usbcir - ok
21:07:18.0072 4528	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
21:07:18.0074 4528	usbehci - ok
21:07:18.0116 4528	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
21:07:18.0134 4528	usbhub - ok
21:07:18.0155 4528	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
21:07:18.0158 4528	usbohci - ok
21:07:18.0192 4528	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:18.0195 4528	usbprint - ok
21:07:18.0216 4528	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:07:18.0219 4528	usbscan - ok
21:07:18.0239 4528	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:18.0242 4528	USBSTOR - ok
21:07:18.0273 4528	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
21:07:18.0275 4528	usbuhci - ok
21:07:18.0321 4528	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:07:18.0325 4528	usbvideo - ok
21:07:18.0351 4528	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:07:18.0356 4528	UxSms - ok
21:07:18.0392 4528	VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:18.0394 4528	VaultSvc - ok
21:07:18.0408 4528	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:07:18.0409 4528	vdrvroot - ok
21:07:18.0468 4528	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:07:18.0491 4528	vds - ok
21:07:18.0537 4528	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:18.0540 4528	vga - ok
21:07:18.0558 4528	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:07:18.0561 4528	VgaSave - ok
21:07:18.0598 4528	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:07:18.0603 4528	vhdmp - ok
21:07:18.0614 4528	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:07:18.0617 4528	viaide - ok
21:07:18.0635 4528	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:07:18.0638 4528	volmgr - ok
21:07:18.0684 4528	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:07:18.0701 4528	volmgrx - ok
21:07:18.0726 4528	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:07:18.0738 4528	volsnap - ok
21:07:18.0786 4528	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:18.0791 4528	vsmraid - ok
21:07:18.0896 4528	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:07:18.0966 4528	VSS - ok
21:07:19.0146 4528	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:19.0149 4528	vwifibus - ok
21:07:19.0170 4528	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:19.0174 4528	vwififlt - ok
21:07:19.0207 4528	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:19.0209 4528	vwifimp - ok
21:07:19.0265 4528	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:07:19.0288 4528	W32Time - ok
21:07:19.0321 4528	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:19.0324 4528	WacomPen - ok
21:07:19.0380 4528	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:19.0383 4528	WANARP - ok
21:07:19.0387 4528	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:19.0388 4528	Wanarpv6 - ok
21:07:19.0487 4528	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:07:19.0538 4528	WatAdminSvc - ok
21:07:19.0642 4528	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:07:19.0704 4528	wbengine - ok
21:07:19.0888 4528	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:07:19.0908 4528	WbioSrvc - ok
21:07:19.0958 4528	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:07:19.0977 4528	wcncsvc - ok
21:07:20.0013 4528	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:07:20.0020 4528	WcsPlugInService - ok
21:07:20.0067 4528	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:07:20.0070 4528	Wd - ok
21:07:20.0112 4528	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:07:20.0137 4528	Wdf01000 - ok
21:07:20.0176 4528	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:20.0182 4528	WdiServiceHost - ok
21:07:20.0186 4528	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:20.0190 4528	WdiSystemHost - ok
21:07:20.0235 4528	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:07:20.0255 4528	WebClient - ok
21:07:20.0287 4528	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:07:20.0300 4528	Wecsvc - ok
21:07:20.0331 4528	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:07:20.0337 4528	wercplsupport - ok
21:07:20.0373 4528	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:07:20.0378 4528	WerSvc - ok
21:07:20.0443 4528	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:20.0446 4528	WfpLwf - ok
21:07:20.0482 4528	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:07:20.0496 4528	WimFltr - ok
21:07:20.0515 4528	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:07:20.0518 4528	WIMMount - ok
21:07:20.0531 4528	WinHttpAutoProxySvc - ok
21:07:20.0590 4528	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:07:20.0605 4528	Winmgmt - ok
21:07:20.0742 4528	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:07:20.0803 4528	WinRM - ok
21:07:21.0038 4528	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:07:21.0041 4528	WinUsb - ok
21:07:21.0099 4528	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:07:21.0142 4528	Wlansvc - ok
21:07:21.0173 4528	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:07:21.0175 4528	WmiAcpi - ok
21:07:21.0235 4528	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:21.0249 4528	wmiApSrv - ok
21:07:21.0297 4528	WMPNetworkSvc - ok
21:07:21.0323 4528	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:07:21.0330 4528	WPCSvc - ok
21:07:21.0368 4528	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:07:21.0373 4528	WPDBusEnum - ok
21:07:21.0395 4528	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:21.0397 4528	ws2ifsl - ok
21:07:21.0424 4528	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:07:21.0427 4528	WSDPrintDevice - ok
21:07:21.0462 4528	WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
21:07:21.0465 4528	WSDScan - ok
21:07:21.0468 4528	WSearch - ok
21:07:21.0602 4528	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:07:21.0693 4528	wuauserv - ok
21:07:21.0824 4528	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:07:21.0829 4528	WudfPf - ok
21:07:21.0881 4528	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:21.0896 4528	WUDFRd - ok
21:07:21.0933 4528	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:07:21.0940 4528	wudfsvc - ok
21:07:21.0983 4528	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:07:22.0008 4528	WwanSvc - ok
21:07:22.0150 4528	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:07:22.0154 4528	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:07:22.0212 4528	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:07:22.0464 4528	\Device\Harddisk0\DR0 - ok
21:07:22.0472 4528	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:07:22.0515 4528	\Device\Harddisk1\DR1 - ok
21:07:22.0517 4528	Boot (0x1200)   (d2c6aa70cfdde4c1166cfbe7376d8ee0) \Device\Harddisk0\DR0\Partition0
21:07:22.0518 4528	\Device\Harddisk0\DR0\Partition0 - ok
21:07:22.0543 4528	Boot (0x1200)   (c249e3b68397e4c75837f0c65bfe86a5) \Device\Harddisk0\DR0\Partition1
21:07:22.0546 4528	\Device\Harddisk0\DR0\Partition1 - ok
21:07:22.0549 4528	Boot (0x1200)   (fcc88c8e5ef6040d17e64b7133199298) \Device\Harddisk1\DR1\Partition0
21:07:22.0552 4528	\Device\Harddisk1\DR1\Partition0 - ok
21:07:22.0552 4528	============================================================
21:07:22.0552 4528	Scan finished
21:07:22.0552 4528	============================================================
21:07:22.0558 4544	Detected object count: 0
21:07:22.0558 4544	Actual detected object count: 0
21:08:27.0823 4224	Deinitialize success

t'john · 17.07.2012, 20:12

Sehr gut!

Wie laeuft der Rechner?
Immer noch Weiterleitungen?

flo231_464 · 18.07.2012, 17:42

Rechner läuft super, hab keine Probleme mehr festgestellt. Danke auf jeden Fall. Bei korrekter Schädlingsbekämpfung hörts echt auf mit meinen Computerkentnissen. Bin froh das es die netten Experten vom Trojaner-Board gibt.

Gruß,
Flo

t'john · 18.07.2012, 20:40

Sehr gut!

damit bist Du sauber und entlassen!

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html

17.07.2012, 20:12	#8
t'john /// Helfer-Team	Weiterleitung bei google Suchergebnissen Sehr gut! Wie laeuft der Rechner? Immer noch Weiterleitungen? __________________ Mfg, t'john Das TB unterstützen

Weiterleitung bei google Suchergebnissen

Plagegeister aller Art und deren Bekämpfung: Weiterleitung bei google Suchergebnissen