Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2011, 17:06   #1
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hallo Forengemeinde,

hab jetzt das Problem festgestellt, dass ich immer auf fremde Seiten (jedesmal unterschiedliche Inhalte) weitergeleitet werde, wenn ich auf die Links in der Ergebnisliste von Google klicke.
Dies geschieht jedesmal zunächst über thealltimes.com, wovon dann im Zufallsprinzip auf die weiteren Seiten verlinkt wird.

Achja, ich benutze ein relativ neues Notebook mit Windows 7 (64bit),
als Webbrowser nutze ich Mozilla Firefox.
Antivir hat auf dem Rechner in einer ausführlichen Suche nichts gefunden.
Auch der tdssKiller von Kaspersky hat nichts gefunden.

Der defogger hat eine Fehlermeldung ausgegeben, diese hängt im Anhang.

Auf den Benutzeraccount meiner Frau tritt der Fehler nicht auf.

Kann mir bitte jemand helfen?

Alt 30.12.2011, 17:18   #2
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



bitte im betroffenen account arbeiten.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 30.12.2011, 17:51   #3
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hallo,
hier der Inhalt aus OTL.txt:
OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 12/30/2011 5:31:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\michy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.91 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.82% Memory free
15.82 Gb Paging File | 13.97 Gb Available in Paging File | 88.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 129.83 Gb Free Space | 69.69% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 254.21 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
 
Computer Name: MICHY-PC | User Name: michy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/30 16:01:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\michy\Desktop\OTL.exe
PRC - [2011/12/09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/12 02:49:26 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/09/01 00:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 19:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/05/10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/10/07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/09/24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/10 01:23:18 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/12/10 01:22:53 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/12/10 01:22:42 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/12/10 01:22:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/12/10 01:20:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/12/10 01:20:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/12/10 01:20:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/12/10 01:20:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/12/10 01:20:33 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/10 01:20:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/01 00:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011/02/19 05:23:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/11/13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/09/24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/05/02 22:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/05/02 22:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/05/02 22:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/03/04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/12/09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/13 03:33:32 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011/03/02 05:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 18:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/12/09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/01 22:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/04/12 22:18:08 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/04/17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/05/26 03:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/06 22:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/13 19:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/12/06 22:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michy\AppData\Roaming\mozilla\Extensions
[2011/12/27 07:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michy\AppData\Roaming\mozilla\Firefox\Profiles\zrlr7bb5.default\extensions
[2011/12/10 03:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/10 03:42:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MICHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZRLR7BB5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MICHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZRLR7BB5.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/11/21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [JJCNLXLYO] C:\Users\michy\AppData\Roaming\stdole2T.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27E09D6E-2CDE-4AA2-81AE-B9D643AE4F5B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93C87083-00B1-401D-82E0-13C290D37A4D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/30 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/30 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/12/30 16:01:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\michy\Desktop\OTL.exe
[2011/12/30 12:35:54 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Avira
[2011/12/30 12:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/19 19:11:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/12 09:58:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/11 20:27:55 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/11 20:27:55 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/11 20:27:55 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/11 20:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/11 20:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/10 10:41:08 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Thunderbird
[2011/12/10 10:41:08 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Thunderbird
[2011/12/10 10:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011/12/10 03:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/08 19:52:00 | 000,000,000 | ---D | C] -- C:\temp
[2011/12/07 22:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/12/07 19:25:46 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Axialis
[2011/12/07 18:11:10 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\{4A6179E8-451E-4C70-B0E1-E678B454BD1B}
[2011/12/06 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Mozilla
[2011/12/06 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Mozilla
[2011/12/06 22:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/12/06 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Adobe
[2011/12/06 21:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/12/06 21:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/12/06 21:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/12/06 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Macromedia
[2011/12/06 20:55:02 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Adobe
[2011/12/06 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Google
[2011/12/06 20:47:38 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\ASUS WebStorage
[2011/12/06 20:46:25 | 000,000,000 | R--D | C] -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/06 20:46:25 | 000,000,000 | R--D | C] -- C:\Users\michy\Searches
[2011/12/06 20:46:25 | 000,000,000 | R--D | C] -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/06 20:46:16 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Identities
[2011/12/06 20:46:12 | 000,000,000 | R--D | C] -- C:\Users\michy\Contacts
[2011/12/06 20:46:06 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Power2Go
[2011/12/06 20:46:03 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\VirtualStore
[2011/12/06 20:45:55 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Intel
[2011/12/06 20:45:53 | 000,000,000 | --SD | C] -- C:\Users\michy\AppData\Roaming\Microsoft
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Videos
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Saved Games
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Pictures
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Music
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Links
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Favorites
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Downloads
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Documents
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\Desktop
[2011/12/06 20:45:53 | 000,000,000 | R--D | C] -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Vorlagen
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\AppData\Local\Verlauf
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\AppData\Local\Temporary Internet Files
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Startmenü
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\SendTo
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Recent
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Netzwerkumgebung
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Lokale Einstellungen
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Documents\Eigene Videos
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Documents\Eigene Musik
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Eigene Dateien
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Documents\Eigene Bilder
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Druckumgebung
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Cookies
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\AppData\Local\Anwendungsdaten
[2011/12/06 20:45:53 | 000,000,000 | -HSD | C] -- C:\Users\michy\Anwendungsdaten
[2011/12/06 20:45:53 | 000,000,000 | -H-D | C] -- C:\Users\michy\AppData
[2011/12/06 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Temp
[2011/12/06 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\michy\Roaming
[2011/12/06 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Local\Microsoft
[2011/12/06 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Media Center Programs
[2011/12/06 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011/12/03 17:37:26 | 000,000,000 | ---D | C] -- C:\NVIDIA
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/30 17:04:56 | 000,000,367 | ---- | M] () -- C:\Users\michy\Desktop\defogger_disable.zip
[2011/12/30 17:04:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 16:29:53 | 000,000,000 | ---- | M] () -- C:\Users\michy\defogger_reenable
[2011/12/30 16:27:48 | 001,110,476 | ---- | M] () -- C:\Users\michy\Desktop\7z920.exe
[2011/12/30 16:01:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\michy\Desktop\OTL.exe
[2011/12/30 15:23:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 15:23:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 15:22:20 | 000,050,477 | ---- | M] () -- C:\Users\michy\Desktop\Defogger.exe
[2011/12/30 15:16:08 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/12/30 15:15:56 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 15:15:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 15:15:25 | 2077,249,535 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 12:35:25 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/30 12:35:25 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/30 12:35:25 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/30 12:35:25 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/30 12:35:25 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/30 12:35:19 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/24 10:26:39 | 000,163,840 | RHS- | M] () -- C:\Users\michy\AppData\Roaming\stdole2T.dll
[2011/12/15 10:47:25 | 000,275,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 19:55:55 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/12/12 08:30:28 | 000,001,944 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/12/12 08:30:16 | 000,001,263 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/12/09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/06 21:29:19 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/06 20:41:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/12/06 20:41:19 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011/12/30 17:04:56 | 000,000,367 | ---- | C] () -- C:\Users\michy\Desktop\defogger_disable.zip
[2011/12/30 16:29:53 | 000,000,000 | ---- | C] () -- C:\Users\michy\defogger_reenable
[2011/12/30 16:27:47 | 001,110,476 | ---- | C] () -- C:\Users\michy\Desktop\7z920.exe
[2011/12/30 15:22:18 | 000,050,477 | ---- | C] () -- C:\Users\michy\Desktop\Defogger.exe
[2011/12/24 10:26:39 | 000,163,840 | RHS- | C] () -- C:\Users\michy\AppData\Roaming\stdole2T.dll
[2011/12/11 20:28:03 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/10 10:41:02 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/12/10 10:41:02 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/12/06 22:02:06 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/06 21:29:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/06 21:29:19 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/06 20:46:35 | 000,001,411 | ---- | C] () -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/12/06 20:46:27 | 000,001,445 | ---- | C] () -- C:\Users\michy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/07 07:12:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/07 07:12:49 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/07 07:12:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
 
========== LOP Check ==========
 
[2011/12/06 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\michy\AppData\Roaming\ASUS WebStorage
[2011/12/10 10:41:09 | 000,000,000 | ---D | M] -- C:\Users\michy\AppData\Roaming\Thunderbird
[2009/07/14 06:08:49 | 000,030,174 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/07 08:41:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/11/16 05:48:18 | 000,000,000 | ---D | M] -- C:\AppData
[2011/11/16 03:40:33 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011/04/13 03:49:40 | 000,000,000 | ---D | M] -- C:\AsusVibeData
[2009/07/29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2011/12/12 10:48:04 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/10/12 02:47:34 | 000,000,000 | ---D | M] -- C:\eSupport
[2011/10/12 02:32:31 | 000,000,000 | ---D | M] -- C:\Intel
[2011/12/03 17:37:26 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/11 20:25:33 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/12/30 16:28:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/30 15:14:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/12/06 20:44:11 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/11/16 19:28:32 | 000,000,000 | ---D | M] -- C:\Sun
[2011/12/30 17:32:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/08 19:52:00 | 000,000,000 | ---D | M] -- C:\temp
[2011/12/07 08:41:42 | 000,000,000 | R--D | M] -- C:\Users
[2011/12/30 15:15:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 14:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys
[2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011/12/30 16:29:53 | 000,000,000 | ---- | M] () -- C:\Users\michy\defogger_reenable
[2011/12/30 17:38:34 | 001,310,720 | -HS- | M] () -- C:\Users\michy\ntuser.dat
[2011/12/30 17:38:34 | 000,262,144 | -HS- | M] () -- C:\Users\michy\ntuser.dat.LOG1
[2011/12/06 20:45:53 | 000,000,000 | -HS- | M] () -- C:\Users\michy\ntuser.dat.LOG2
[2011/12/06 21:51:07 | 000,065,536 | -HS- | M] () -- C:\Users\michy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/12/06 21:51:07 | 000,524,288 | -HS- | M] () -- C:\Users\michy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/12/06 21:51:07 | 000,524,288 | -HS- | M] () -- C:\Users\michy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/12/30 12:29:01 | 000,065,536 | -HS- | M] () -- C:\Users\michy\ntuser.dat{44c6e3f2-32d7-11e1-b643-5404a61c4f76}.TM.blf
[2011/12/30 12:29:01 | 000,524,288 | -HS- | M] () -- C:\Users\michy\ntuser.dat{44c6e3f2-32d7-11e1-b643-5404a61c4f76}.TMContainer00000000000000000001.regtrans-ms
[2011/12/30 12:29:01 | 000,524,288 | -HS- | M] () -- C:\Users\michy\ntuser.dat{44c6e3f2-32d7-11e1-b643-5404a61c4f76}.TMContainer00000000000000000002.regtrans-ms
[2011/12/06 20:45:53 | 000,000,020 | -HS- | M] () -- C:\Users\michy\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<    >

< End of report >
         
--- --- ---


und hier der Inhalt aus Extras:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/30/2011 5:31:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\michy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.91 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.82% Memory free
15.82 Gb Paging File | 13.97 Gb Available in Paging File | 88.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 129.83 Gb Free Space | 69.69% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 254.21 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
 
Computer Name: MICHY-PC | User Name: michy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Plants vs Zombies" = Plants vs Zombies
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/6/2011 3:45:40 PM | Computer Name = michy-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 12/8/2011 6:12:55 AM | Computer Name = michy-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "F:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 12/8/2011 2:38:43 PM | Computer Name = michy-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 12/12/2011 4:20:14 PM | Computer Name = michy-PC | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "F:" wurde während der Ermittlung abgebrochen.
 
Error - 12/13/2011 2:40:25 AM | Computer Name = michy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12/13/2011 3:23:55 AM | Computer Name = michy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12/14/2011 9:45:11 AM | Computer Name = michy-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12/14/2011 9:45:11 AM | Computer Name = michy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 12/14/2011 9:45:11 AM | Computer Name = michy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 12/15/2011 4:35:30 PM | Computer Name = michy-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12/19/2011 7:36:14 AM | Computer Name = michy-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Hoffe der Inhalt hilft weiter.
__________________

Alt 30.12.2011, 18:10   #4
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [JJCNLXLYO] C:\Users\michy\AppData\Roaming\stdole2T.dll ()
 :Files
C:\Users\michy\AppData\Roaming\stdole2T.dll
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.12.2011, 18:23   #5
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hallo,

hier der Inhalt aus dem Textdokument:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JJCNLXLYO deleted successfully.
C:\Users\michy\AppData\Roaming\stdole2T.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: michy
->Flash cache emptied: 8119424 bytes
 
User: Public
 
User: Saskia
->Flash cache emptied: 8217 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 8.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: michy
->Temp folder emptied: 140855626 bytes
->Temporary Internet Files folder emptied: 161789715 bytes
->Java cache emptied: 14227 bytes
->FireFox cache emptied: 125809804 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Saskia
->Temp folder emptied: 926758 bytes
->Temporary Internet Files folder emptied: 421951 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51009219 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 214803072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6394101 bytes
 
Total Files Cleaned = 670.00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12302011_181421

Files\Folders moved on Reboot...
C:\Users\michy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Die Datei Moved files befindet sich auch im Upload Channel


Alt 30.12.2011, 20:14   #6
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)

Alt 30.12.2011, 20:52   #7
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hy,

Combofix ist durchgeführt, hier die Log- Datei

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-30.01 - michy 30.12.2011  20:42:27.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8103.6258 [GMT 1:00]
ausgeführt von:: c:\users\michy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-30  ))))))))))))))))))))))))))))))
.
.
2011-12-30 17:18 . 2011-12-30 17:18	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7CD7523-9BA4-4D16-B257-B8127825A1C6}\offreg.dll
2011-12-30 17:14 . 2011-12-30 17:18	--------	d-----w-	C:\_OTL
2011-12-30 15:28 . 2011-12-30 15:28	--------	d-----w-	c:\program files (x86)\7-Zip
2011-12-30 11:28 . 2011-12-07 08:00	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7CD7523-9BA4-4D16-B257-B8127825A1C6}\mpengine.dll
2011-12-19 18:12 . 2011-12-19 18:12	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 18:11 . 2011-12-19 18:11	--------	d-----w-	c:\windows\system32\Macromed
2011-12-14 10:28 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 10:28 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 10:28 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 10:28 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-14 10:27 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-14 10:27 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-11 19:27 . 2011-12-09 11:40	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-12-11 19:27 . 2011-12-09 11:40	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-11 19:27 . 2011-12-09 11:40	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-12-11 19:27 . 2011-12-30 11:22	--------	d-----w-	c:\programdata\Avira
2011-12-11 19:27 . 2011-12-11 19:27	--------	d-----w-	c:\program files (x86)\Avira
2011-12-10 09:41 . 2011-12-13 18:55	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2011-12-10 02:42 . 2011-12-10 02:42	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-12-08 18:52 . 2011-12-08 18:52	--------	d-----w-	C:\temp
2011-12-07 21:02 . 2011-12-07 21:02	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-12-07 14:52 . 2011-03-12 12:08	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2011-12-07 14:52 . 2011-03-12 11:23	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-12-07 08:00 . 2011-12-07 08:00	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-12-07 07:52 . 2011-04-22 22:15	27520	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-12-07 07:52 . 2011-04-29 03:06	467456	----a-w-	c:\windows\system32\drivers\srv.sys
2011-12-07 07:52 . 2011-04-29 03:05	410112	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-12-07 07:52 . 2011-04-29 03:05	168448	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-12-07 07:52 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-12-07 07:52 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-12-07 07:52 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-12-07 07:52 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-12-07 07:51 . 2011-05-24 11:42	404480	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-12-07 07:51 . 2011-05-24 10:40	64512	----a-w-	c:\windows\SysWow64\devobj.dll
2011-12-07 07:51 . 2011-05-24 10:40	44544	----a-w-	c:\windows\SysWow64\devrtl.dll
2011-12-07 07:51 . 2011-05-24 10:39	145920	----a-w-	c:\windows\SysWow64\cfgmgr32.dll
2011-12-07 07:51 . 2011-05-24 10:37	252928	----a-w-	c:\windows\SysWow64\drvinst.exe
2011-12-07 07:51 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-12-07 07:51 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2011-12-07 07:51 . 2011-05-03 05:29	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-12-07 07:51 . 2011-05-03 04:30	741376	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-12-07 07:51 . 2011-06-23 04:33	3912576	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-12-07 07:51 . 2011-06-23 05:43	5561216	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-07 07:51 . 2011-06-23 04:33	3967872	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-12-07 07:41 . 2011-12-30 14:14	--------	d-----w-	c:\users\Saskia
2011-12-06 20:29 . 2011-12-06 20:29	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2011-12-06 19:45 . 2011-12-30 15:29	--------	d-----w-	c:\users\michy
2011-12-03 16:37 . 2011-12-03 16:37	--------	d-----w-	C:\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 17:16 . 2011-11-23 18:50	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-11-16 02:40 . 2010-06-24 18:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-12 01:49 . 2011-10-12 01:49	80512	----a-w-	c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe
2011-10-12 01:49 . 2011-10-12 01:49	3058304	----a-w-	c:\windows\AsScrPro.exe
2011-10-03 04:06 . 2011-11-16 04:48	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-04-13 02:33	433648	----a-w-	c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-10-12 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-13 332272]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-04-13 02:33	750064	----a-w-	c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\michy\AppData\Roaming\Mozilla\Firefox\Profiles\zrlr7bb5.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-30  20:48:35
ComboFix-quarantined-files.txt  2011-12-30 19:48
.
Vor Suchlauf: 14 Verzeichnis(se), 142.494.007.296 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 141.989.888.000 Bytes frei
.
- - End Of File - - 52A4A84F8AC9BD72369D73734D5EE8E6
         
--- --- ---

Alt 02.01.2012, 18:02   #8
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
lösche nichts, nur log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2012, 18:11   #9
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hallo,
hier ist der Log:
Code:
ATTFilter
18:05:50.0553 4720	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:05:50.0782 4720	============================================================
18:05:50.0782 4720	Current date / time: 2012/01/02 18:05:50.0782
18:05:50.0782 4720	SystemInfo:
18:05:50.0782 4720	
18:05:50.0782 4720	OS Version: 6.1.7601 ServicePack: 1.0
18:05:50.0782 4720	Product type: Workstation
18:05:50.0782 4720	ComputerName: MICHY-PC
18:05:50.0782 4720	UserName: michy
18:05:50.0782 4720	Windows directory: C:\Windows
18:05:50.0782 4720	System windows directory: C:\Windows
18:05:50.0782 4720	Running under WOW64
18:05:50.0782 4720	Processor architecture: Intel x64
18:05:50.0782 4720	Number of processors: 4
18:05:50.0782 4720	Page size: 0x1000
18:05:50.0782 4720	Boot type: Normal boot
18:05:50.0782 4720	============================================================
18:05:51.0425 4720	Initialize success
18:06:59.0499 6016	============================================================
18:06:59.0499 6016	Scan started
18:06:59.0499 6016	Mode: Manual; SigCheck; TDLFS; 
18:06:59.0499 6016	============================================================
18:07:00.0322 6016	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:07:00.0490 6016	1394ohci - ok
18:07:00.0619 6016	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:07:00.0660 6016	ACPI - ok
18:07:00.0735 6016	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:07:00.0857 6016	AcpiPmi - ok
18:07:01.0028 6016	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:07:01.0081 6016	adp94xx - ok
18:07:01.0137 6016	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:07:01.0169 6016	adpahci - ok
18:07:01.0224 6016	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:07:01.0275 6016	adpu320 - ok
18:07:01.0477 6016	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:07:01.0548 6016	AFD - ok
18:07:01.0676 6016	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:07:01.0709 6016	agp440 - ok
18:07:01.0874 6016	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:07:01.0902 6016	aliide - ok
18:07:01.0945 6016	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:07:01.0972 6016	amdide - ok
18:07:02.0075 6016	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:07:02.0157 6016	AmdK8 - ok
18:07:02.0252 6016	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:07:02.0303 6016	AmdPPM - ok
18:07:02.0417 6016	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:07:02.0452 6016	amdsata - ok
18:07:02.0515 6016	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:07:02.0541 6016	amdsbs - ok
18:07:02.0637 6016	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:07:02.0665 6016	amdxata - ok
18:07:02.0811 6016	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:07:03.0021 6016	AppID - ok
18:07:03.0156 6016	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:07:03.0187 6016	arc - ok
18:07:03.0214 6016	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:07:03.0227 6016	arcsas - ok
18:07:03.0318 6016	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:07:03.0393 6016	ASMMAP64 - ok
18:07:03.0512 6016	asmthub3        (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
18:07:03.0536 6016	asmthub3 - ok
18:07:03.0580 6016	asmtxhci        (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
18:07:03.0615 6016	asmtxhci - ok
18:07:03.0708 6016	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:07:03.0884 6016	AsyncMac - ok
18:07:03.0993 6016	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:07:04.0018 6016	atapi - ok
18:07:04.0089 6016	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:07:04.0205 6016	athr - ok
18:07:04.0280 6016	ATKWMIACPIIO    (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:07:04.0289 6016	ATKWMIACPIIO - ok
18:07:04.0428 6016	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:07:04.0456 6016	avgntflt - ok
18:07:04.0522 6016	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:07:04.0541 6016	avipbb - ok
18:07:04.0572 6016	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:07:04.0581 6016	avkmgr - ok
18:07:04.0744 6016	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:07:04.0868 6016	b06bdrv - ok
18:07:04.0992 6016	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:07:05.0049 6016	b57nd60a - ok
18:07:05.0173 6016	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:07:05.0269 6016	Beep - ok
18:07:05.0406 6016	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:07:05.0463 6016	blbdrive - ok
18:07:05.0580 6016	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:07:05.0667 6016	bowser - ok
18:07:05.0785 6016	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:07:05.0886 6016	BrFiltLo - ok
18:07:05.0983 6016	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:07:06.0048 6016	BrFiltUp - ok
18:07:06.0193 6016	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:07:06.0276 6016	Brserid - ok
18:07:06.0413 6016	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:07:06.0481 6016	BrSerWdm - ok
18:07:06.0600 6016	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:07:06.0660 6016	BrUsbMdm - ok
18:07:06.0765 6016	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:07:06.0829 6016	BrUsbSer - ok
18:07:06.0933 6016	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:07:07.0012 6016	BthEnum - ok
18:07:07.0132 6016	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:07:07.0188 6016	BTHMODEM - ok
18:07:07.0311 6016	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:07:07.0388 6016	BthPan - ok
18:07:07.0545 6016	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:07:07.0638 6016	BTHPORT - ok
18:07:07.0767 6016	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:07:07.0827 6016	BTHUSB - ok
18:07:07.0863 6016	catchme - ok
18:07:07.0977 6016	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:07:08.0076 6016	cdfs - ok
18:07:08.0205 6016	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:07:08.0265 6016	cdrom - ok
18:07:08.0411 6016	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:07:08.0478 6016	circlass - ok
18:07:08.0581 6016	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:07:08.0617 6016	CLFS - ok
18:07:08.0723 6016	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:07:08.0770 6016	CmBatt - ok
18:07:08.0854 6016	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:07:08.0881 6016	cmdide - ok
18:07:09.0009 6016	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:07:09.0087 6016	CNG - ok
18:07:09.0211 6016	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:07:09.0231 6016	Compbatt - ok
18:07:09.0277 6016	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:07:09.0337 6016	CompositeBus - ok
18:07:09.0451 6016	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:07:09.0480 6016	crcdisk - ok
18:07:09.0579 6016	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:07:09.0679 6016	DfsC - ok
18:07:09.0798 6016	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:07:09.0887 6016	discache - ok
18:07:09.0998 6016	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:07:10.0023 6016	Disk - ok
18:07:10.0098 6016	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:07:10.0167 6016	drmkaud - ok
18:07:10.0288 6016	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:07:10.0377 6016	DXGKrnl - ok
18:07:10.0480 6016	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:07:10.0647 6016	ebdrv - ok
18:07:10.0821 6016	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:07:10.0877 6016	elxstor - ok
18:07:10.0893 6016	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:07:10.0925 6016	ErrDev - ok
18:07:11.0070 6016	ETD             (871ab1bfa00eca5dfde99d6eece1bfd4) C:\Windows\system32\DRIVERS\ETD.sys
18:07:11.0088 6016	ETD - ok
18:07:11.0229 6016	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:07:11.0343 6016	exfat - ok
18:07:11.0385 6016	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:07:11.0485 6016	fastfat - ok
18:07:11.0574 6016	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:07:11.0630 6016	fdc - ok
18:07:11.0747 6016	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:07:11.0779 6016	FileInfo - ok
18:07:11.0818 6016	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:07:11.0883 6016	Filetrace - ok
18:07:11.0984 6016	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:07:12.0029 6016	flpydisk - ok
18:07:12.0070 6016	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:07:12.0097 6016	FltMgr - ok
18:07:12.0167 6016	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:07:12.0193 6016	FsDepends - ok
18:07:12.0256 6016	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:07:12.0287 6016	fssfltr - ok
18:07:12.0352 6016	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:07:12.0380 6016	Fs_Rec - ok
18:07:12.0437 6016	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:07:12.0467 6016	fvevol - ok
18:07:12.0566 6016	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:07:12.0594 6016	gagp30kx - ok
18:07:12.0737 6016	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:07:12.0804 6016	hcw85cir - ok
18:07:12.0917 6016	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:07:12.0982 6016	HdAudAddService - ok
18:07:13.0052 6016	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:07:13.0087 6016	HDAudBus - ok
18:07:13.0112 6016	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:07:13.0164 6016	HidBatt - ok
18:07:13.0269 6016	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:07:13.0330 6016	HidBth - ok
18:07:13.0438 6016	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:07:13.0500 6016	HidIr - ok
18:07:13.0556 6016	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:07:13.0601 6016	HidUsb - ok
18:07:13.0650 6016	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:07:13.0678 6016	HpSAMD - ok
18:07:13.0724 6016	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:07:13.0839 6016	HTTP - ok
18:07:13.0937 6016	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:07:13.0957 6016	hwpolicy - ok
18:07:14.0026 6016	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:07:14.0056 6016	i8042prt - ok
18:07:14.0125 6016	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
18:07:14.0155 6016	iaStor - ok
18:07:14.0213 6016	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:07:14.0258 6016	iaStorV - ok
18:07:14.0525 6016	igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:07:15.0005 6016	igfx - ok
18:07:15.0126 6016	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:07:15.0157 6016	iirsp - ok
18:07:15.0324 6016	IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
18:07:15.0540 6016	IntcAzAudAddService - ok
18:07:15.0680 6016	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:07:15.0756 6016	IntcDAud - ok
18:07:15.0852 6016	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:07:15.0878 6016	intelide - ok
18:07:15.0932 6016	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:07:15.0978 6016	intelppm - ok
18:07:16.0032 6016	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:07:16.0092 6016	IpFilterDriver - ok
18:07:16.0198 6016	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:07:16.0230 6016	IPMIDRV - ok
18:07:16.0365 6016	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:07:16.0445 6016	IPNAT - ok
18:07:16.0509 6016	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:07:16.0604 6016	IRENUM - ok
18:07:16.0696 6016	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:07:16.0726 6016	isapnp - ok
18:07:16.0770 6016	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:07:16.0812 6016	iScsiPrt - ok
18:07:16.0865 6016	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:07:16.0882 6016	kbdclass - ok
18:07:16.0920 6016	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:07:16.0961 6016	kbdhid - ok
18:07:17.0076 6016	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:07:17.0089 6016	kbfiltr - ok
18:07:17.0135 6016	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:07:17.0153 6016	KSecDD - ok
18:07:17.0170 6016	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:07:17.0210 6016	KSecPkg - ok
18:07:17.0248 6016	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:07:17.0309 6016	ksthunk - ok
18:07:17.0440 6016	L1C             (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:07:17.0498 6016	L1C - ok
18:07:17.0622 6016	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:07:17.0708 6016	lltdio - ok
18:07:17.0751 6016	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:07:17.0763 6016	LSI_FC - ok
18:07:17.0786 6016	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:07:17.0798 6016	LSI_SAS - ok
18:07:17.0821 6016	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:07:17.0832 6016	LSI_SAS2 - ok
18:07:17.0847 6016	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:07:17.0858 6016	LSI_SCSI - ok
18:07:17.0876 6016	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:07:17.0922 6016	luafv - ok
18:07:17.0949 6016	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:07:17.0959 6016	megasas - ok
18:07:18.0000 6016	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:07:18.0017 6016	MegaSR - ok
18:07:18.0058 6016	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
18:07:18.0068 6016	MEIx64 - ok
18:07:18.0099 6016	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:07:18.0137 6016	Modem - ok
18:07:18.0214 6016	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:07:18.0265 6016	monitor - ok
18:07:18.0361 6016	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:07:18.0393 6016	mouclass - ok
18:07:18.0452 6016	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:07:18.0499 6016	mouhid - ok
18:07:18.0616 6016	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:07:18.0640 6016	mountmgr - ok
18:07:18.0682 6016	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:07:18.0707 6016	mpio - ok
18:07:18.0748 6016	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:07:18.0817 6016	mpsdrv - ok
18:07:18.0885 6016	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:07:18.0995 6016	MRxDAV - ok
18:07:19.0071 6016	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:07:19.0135 6016	mrxsmb - ok
18:07:19.0249 6016	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:07:19.0302 6016	mrxsmb10 - ok
18:07:19.0368 6016	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:07:19.0418 6016	mrxsmb20 - ok
18:07:19.0515 6016	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:07:19.0542 6016	msahci - ok
18:07:19.0577 6016	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:07:19.0600 6016	msdsm - ok
18:07:19.0624 6016	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:07:19.0682 6016	Msfs - ok
18:07:19.0764 6016	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:07:19.0840 6016	mshidkmdf - ok
18:07:19.0872 6016	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:07:19.0888 6016	msisadrv - ok
18:07:19.0980 6016	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:07:20.0041 6016	MSKSSRV - ok
18:07:20.0053 6016	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:07:20.0097 6016	MSPCLOCK - ok
18:07:20.0190 6016	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:07:20.0284 6016	MSPQM - ok
18:07:20.0398 6016	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:07:20.0439 6016	MsRPC - ok
18:07:20.0483 6016	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:07:20.0501 6016	mssmbios - ok
18:07:20.0531 6016	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:07:20.0604 6016	MSTEE - ok
18:07:20.0694 6016	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:07:20.0745 6016	MTConfig - ok
18:07:20.0781 6016	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:07:20.0813 6016	Mup - ok
18:07:20.0933 6016	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:07:21.0037 6016	NativeWifiP - ok
18:07:21.0184 6016	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:07:21.0256 6016	NDIS - ok
18:07:21.0353 6016	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:07:21.0426 6016	NdisCap - ok
18:07:21.0463 6016	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:07:21.0533 6016	NdisTapi - ok
18:07:21.0552 6016	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:07:21.0624 6016	Ndisuio - ok
18:07:21.0654 6016	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:07:21.0705 6016	NdisWan - ok
18:07:21.0796 6016	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:07:21.0908 6016	NDProxy - ok
18:07:22.0017 6016	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:07:22.0077 6016	NetBIOS - ok
18:07:22.0155 6016	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:07:22.0246 6016	NetBT - ok
18:07:22.0592 6016	NETwNs64        (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:07:22.0903 6016	NETwNs64 - ok
18:07:23.0026 6016	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:07:23.0050 6016	nfrd960 - ok
18:07:23.0093 6016	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:07:23.0162 6016	Npfs - ok
18:07:23.0210 6016	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:07:23.0291 6016	nsiproxy - ok
18:07:23.0411 6016	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:07:23.0551 6016	Ntfs - ok
18:07:23.0595 6016	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:07:23.0700 6016	Null - ok
18:07:24.0080 6016	nvlddmkm        (07ca1d99512ee5ef99e954a13f3bffa8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:07:24.0553 6016	nvlddmkm - ok
18:07:24.0654 6016	nvpciflt        (a8db9ebd9887a9820dbc1878f0301ee7) C:\Windows\system32\DRIVERS\nvpciflt.sys
18:07:24.0677 6016	nvpciflt - ok
18:07:24.0714 6016	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:07:24.0743 6016	nvraid - ok
18:07:24.0766 6016	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:07:24.0797 6016	nvstor - ok
18:07:24.0896 6016	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:07:24.0927 6016	nv_agp - ok
18:07:24.0946 6016	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:07:24.0976 6016	ohci1394 - ok
18:07:25.0006 6016	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:07:25.0044 6016	Parport - ok
18:07:25.0124 6016	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:07:25.0147 6016	partmgr - ok
18:07:25.0182 6016	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:07:25.0228 6016	pci - ok
18:07:25.0299 6016	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:07:25.0326 6016	pciide - ok
18:07:25.0352 6016	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:07:25.0377 6016	pcmcia - ok
18:07:25.0404 6016	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:07:25.0421 6016	pcw - ok
18:07:25.0447 6016	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:07:25.0518 6016	PEAUTH - ok
18:07:25.0662 6016	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:07:25.0749 6016	PptpMiniport - ok
18:07:25.0797 6016	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:07:25.0830 6016	Processor - ok
18:07:25.0959 6016	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:07:26.0038 6016	Psched - ok
18:07:26.0117 6016	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:07:26.0225 6016	ql2300 - ok
18:07:26.0302 6016	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:07:26.0338 6016	ql40xx - ok
18:07:26.0444 6016	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:07:26.0512 6016	QWAVEdrv - ok
18:07:26.0609 6016	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:07:26.0686 6016	RasAcd - ok
18:07:26.0766 6016	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:07:26.0855 6016	RasAgileVpn - ok
18:07:26.0958 6016	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:07:27.0036 6016	Rasl2tp - ok
18:07:27.0102 6016	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:07:27.0193 6016	RasPppoe - ok
18:07:27.0280 6016	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:07:27.0375 6016	RasSstp - ok
18:07:27.0416 6016	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:07:27.0522 6016	rdbss - ok
18:07:27.0596 6016	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:07:27.0638 6016	rdpbus - ok
18:07:27.0738 6016	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:07:27.0807 6016	RDPCDD - ok
18:07:27.0912 6016	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:07:27.0983 6016	RDPENCDD - ok
18:07:28.0100 6016	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:07:28.0185 6016	RDPREFMP - ok
18:07:28.0295 6016	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:07:28.0393 6016	RDPWD - ok
18:07:28.0454 6016	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:07:28.0493 6016	rdyboost - ok
18:07:28.0621 6016	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:07:28.0668 6016	RFCOMM - ok
18:07:28.0728 6016	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:07:28.0784 6016	rspndr - ok
18:07:28.0841 6016	RSUSBVSTOR      (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
18:07:28.0867 6016	RSUSBVSTOR - ok
18:07:28.0909 6016	RTL8167         (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:07:28.0930 6016	RTL8167 - ok
18:07:28.0956 6016	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:07:28.0972 6016	sbp2port - ok
18:07:28.0984 6016	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:07:29.0033 6016	scfilter - ok
18:07:29.0076 6016	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:07:29.0138 6016	secdrv - ok
18:07:29.0194 6016	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:07:29.0242 6016	Serenum - ok
18:07:29.0307 6016	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:07:29.0359 6016	Serial - ok
18:07:29.0433 6016	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:07:29.0480 6016	sermouse - ok
18:07:29.0529 6016	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:07:29.0617 6016	sffdisk - ok
18:07:29.0715 6016	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:07:29.0776 6016	sffp_mmc - ok
18:07:29.0847 6016	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:07:29.0890 6016	sffp_sd - ok
18:07:29.0958 6016	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:07:29.0998 6016	sfloppy - ok
18:07:30.0126 6016	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:07:30.0179 6016	SiSGbeLH - ok
18:07:30.0219 6016	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:07:30.0247 6016	SiSRaid2 - ok
18:07:30.0282 6016	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:07:30.0298 6016	SiSRaid4 - ok
18:07:30.0330 6016	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:07:30.0390 6016	Smb - ok
18:07:30.0495 6016	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:07:30.0525 6016	spldr - ok
18:07:30.0598 6016	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:07:30.0696 6016	srv - ok
18:07:30.0815 6016	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:07:30.0888 6016	srv2 - ok
18:07:31.0012 6016	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:07:31.0058 6016	srvnet - ok
18:07:31.0114 6016	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:07:31.0130 6016	stexstor - ok
18:07:31.0167 6016	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:07:31.0180 6016	swenum - ok
18:07:31.0282 6016	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:07:31.0449 6016	Tcpip - ok
18:07:31.0602 6016	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:07:31.0643 6016	TCPIP6 - ok
18:07:31.0676 6016	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:07:31.0742 6016	tcpipreg - ok
18:07:31.0828 6016	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:07:31.0912 6016	TDPIPE - ok
18:07:31.0922 6016	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:07:31.0957 6016	TDTCP - ok
18:07:32.0031 6016	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:07:32.0088 6016	tdx - ok
18:07:32.0196 6016	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:07:32.0229 6016	TermDD - ok
18:07:32.0275 6016	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:07:32.0320 6016	tssecsrv - ok
18:07:32.0367 6016	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:07:32.0428 6016	TsUsbFlt - ok
18:07:32.0529 6016	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:07:32.0575 6016	TsUsbGD - ok
18:07:32.0638 6016	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:07:32.0707 6016	tunnel - ok
18:07:32.0762 6016	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
18:07:32.0788 6016	TurboB - ok
18:07:32.0820 6016	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:07:32.0835 6016	uagp35 - ok
18:07:32.0863 6016	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:07:32.0938 6016	udfs - ok
18:07:33.0072 6016	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:07:33.0087 6016	uliagpkx - ok
18:07:33.0135 6016	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:07:33.0176 6016	umbus - ok
18:07:33.0238 6016	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:07:33.0288 6016	UmPass - ok
18:07:33.0357 6016	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:07:33.0438 6016	usbccgp - ok
18:07:33.0553 6016	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:07:33.0619 6016	usbcir - ok
18:07:33.0693 6016	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:07:33.0733 6016	usbehci - ok
18:07:33.0817 6016	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:07:33.0864 6016	usbhub - ok
18:07:33.0925 6016	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:07:33.0971 6016	usbohci - ok
18:07:34.0038 6016	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:07:34.0087 6016	usbprint - ok
18:07:34.0171 6016	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:07:34.0211 6016	USBSTOR - ok
18:07:34.0281 6016	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:07:34.0320 6016	usbuhci - ok
18:07:34.0427 6016	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:07:34.0489 6016	usbvideo - ok
18:07:34.0603 6016	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:07:34.0630 6016	vdrvroot - ok
18:07:34.0676 6016	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:07:34.0697 6016	vga - ok
18:07:34.0732 6016	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:07:34.0778 6016	VgaSave - ok
18:07:34.0804 6016	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:07:34.0820 6016	vhdmp - ok
18:07:34.0830 6016	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:07:34.0838 6016	viaide - ok
18:07:34.0857 6016	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:07:34.0868 6016	volmgr - ok
18:07:34.0895 6016	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:07:34.0908 6016	volmgrx - ok
18:07:34.0932 6016	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:07:34.0991 6016	volsnap - ok
18:07:35.0107 6016	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:07:35.0140 6016	vsmraid - ok
18:07:35.0173 6016	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:07:35.0219 6016	vwifibus - ok
18:07:35.0296 6016	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:07:35.0349 6016	vwififlt - ok
18:07:35.0412 6016	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:07:35.0464 6016	vwifimp - ok
18:07:35.0558 6016	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:07:35.0608 6016	WacomPen - ok
18:07:35.0716 6016	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:07:35.0798 6016	WANARP - ok
18:07:35.0802 6016	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:07:35.0826 6016	Wanarpv6 - ok
18:07:35.0891 6016	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:07:35.0918 6016	Wd - ok
18:07:35.0970 6016	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:07:36.0041 6016	Wdf01000 - ok
18:07:36.0156 6016	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:07:36.0225 6016	WfpLwf - ok
18:07:36.0359 6016	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:07:36.0397 6016	WimFltr - ok
18:07:36.0440 6016	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:07:36.0455 6016	WIMMount - ok
18:07:36.0537 6016	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:07:36.0574 6016	WmiAcpi - ok
18:07:36.0695 6016	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:07:36.0778 6016	ws2ifsl - ok
18:07:36.0828 6016	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:07:36.0900 6016	WudfPf - ok
18:07:37.0021 6016	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:07:37.0085 6016	WUDFRd - ok
18:07:37.0125 6016	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:07:37.0371 6016	\Device\Harddisk0\DR0 - ok
18:07:37.0377 6016	Boot (0x1200)   (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0
18:07:37.0380 6016	\Device\Harddisk0\DR0\Partition0 - ok
18:07:37.0409 6016	Boot (0x1200)   (2a74e18be8cff697e3c20d6a31d12ef5) \Device\Harddisk0\DR0\Partition1
18:07:37.0412 6016	\Device\Harddisk0\DR0\Partition1 - ok
18:07:37.0414 6016	============================================================
18:07:37.0414 6016	Scan finished
18:07:37.0414 6016	============================================================
18:07:37.0430 7032	Detected object count: 0
18:07:37.0430 7032	Actual detected object count: 0
         

Alt 02.01.2012, 19:20   #10
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2012, 20:19   #11
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



so, Suchlauf ist durch,
Malwarebytes hat nichts gefunden,
hier mal das Logfile:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
michy :: MICHY-PC [Administrator]

02.01.2012 19:33:32
mbam-log-2012-01-02 (19-33-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 338890
Laufzeit: 43 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 03.01.2012, 14:25   #12
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



noch probleme aufgetreten?

lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2012, 20:55   #13
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hallo,

es sind keine weiteren Probleme aufgetreten,
nachdem Windows heute aktualisiert wurde (Update), habe ich Malwarebytes nochmal laufen lassen, wieder ohne Befund.

Ist der CCleaner dann noch erforderlich, oder kann man jetzt schon sagen, das der Rechner "clean" ist

Alt 04.01.2012, 14:11   #14
markusg
/// Malware-holic
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



ja, sonst hätte ich das ja nicht angefordert.
windows updates allein nützen nichts, sie sind ein guter anfang, mehr nicht :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2012, 18:32   #15
michy
 
google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Standard

google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)



Hallo,
anbei die Liste der installierten Programme:
Code:
ATTFilter
7-Zip 9.20		29.12.2011											nicht notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	11.10.2011	6,00MB	10.1.85.3			notwendig
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	18.12.2011	6,00MB	11.1.102.55		notwendig
Adobe Reader X (10.1.1) - Deutsch	Adobe Systems Incorporated	05.12.2011	119,2MB	10.1.1			notwendig
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	10.10.2011	2,27MB	1.12.5.0		notwendig
ASUS AI Recovery	ASUS	10.10.2011	6,96MB	1.0.13								unbekannt
ASUS FancyStart	ASUSTeK Computer Inc.	10.10.2011	12,1MB	1.0.8							unbekannt							
ASUS K3 Series ScreenSaver	ASUS	11.10.2011	80,2MB	1.0.0002						unbekannt
ASUS LifeFrame3	ASUS	10.10.2011	27,7MB	3.0.20									unbekannt
ASUS Live Update	ASUS	02.12.2011	3,98MB	3.0.6								notwendig
ASUS Power4Gear Hybrid	ASUS	10.10.2011	13,2MB	1.1.43								notwendig
ASUS SmartLogon	ASUS	10.10.2011	11,2MB	1.0.0011								unbekannt
ASUS Splendid Video Enhancement Technology	ASUS	10.10.2011	24,4MB	1.02.0030				unbekannt			
ASUS Virtual Camera	asus	10.10.2011	3,13MB	1.0.21								unbekannt
ASUS WebStorage	eCareme Technologies, Inc.	11.10.2011		3.0.84.161					unbekannt
AsusVibe2.0	ASUSTEK	11.10.2011		2.0.4.617								unbekannt
ATK Package	ASUS	10.10.2011	12,0MB	1.0.0010								unbekannt
Avira Free Antivirus	Avira	29.12.2011	109,0MB	12.0.0.872							notwendig
Bing Bar	Microsoft Corporation	11.04.2011	24,4MB	7.0.610.0						unbekannt
Bookworm Deluxe	Oberon Media Inc.	11.10.2011									unbekannt	
CCleaner	Piriform	03.01.2012		3.14								notwendig
Control ActiveX de Windows Live Mesh para conexiones remotas	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2 	unbekannt
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2 	unbekannt
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2	unbekannt
Cooking Dash	Oberon Media Inc.	11.10.2011									unbekannt		
CyberLink LabelPrint	CyberLink Corp.	10.10.2011	137,6MB	2.5.1908						unbekannt
CyberLink Power2Go	CyberLink Corp.	10.10.2011	110,4MB	6.1.3602c						unbekannt
ETDWare PS/2-X64 8.0.5.3_WHQL	ELAN Microelectronic Corp.	11.10.2011		8.0.5.3				unbekannt
Fast Boot	ASUS	10.10.2011	1,47MB	1.0.10									unbekannt
Game Park Console	Oberon Media, Inc.	11.04.2011	29,5MB	6.2.1.1						unbekannt
Google Chrome	Google Inc.	11.04.2011		16.0.912.63							nicht notwendig
Google Toolbar for Internet Explorer	Google Inc.	11.10.2011							notwendig
Governor of Poker	Oberon Media Inc.	11.10.2011								unbekannt
Hotel Dash Suite Success	Oberon Media Inc.	11.10.2011							unbekannt		
Intel(R) Control Center	Intel Corporation	12.10.2011		1.2.1.1007					unbekannt
Intel(R) Processor Graphics	Intel Corporation	12.10.2011		8.15.10.2291				unbekannt
Intel(R) PROSet/Wireless WiFi Software	Intel Corporation	10.10.2011	105,4MB	14.01.1000			unbekannt
Intel(R) Turbo Boost Technology Monitor	Intel	10.10.2011	2,15MB	1.0.400.4					unbekannt
Java(TM) 6 Update 29	Oracle	14.11.2011	96,9MB	6.0.290								notwendig
Jewel Quest 3	Oberon Media Inc.	11.10.2011									unbekannt	
Luxor 3	Oberon Media Inc.	11.10.2011										unbekannt		
Mahjongg dimensions	Oberon Media Inc.	11.10.2011								unbekannt		
Malwarebytes Anti-Malware Version 1.60.0.1800	Malwarebytes Corporation	01.01.2012	18,6MB	1.60.0.1800	notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.12.2011	38,8MB	4.0.30319		unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	06.12.2011	2,94MB	4.0.30319 unbekannt
Microsoft Office 2010	Microsoft Corporation	11.04.2011	6,31MB	14.0.4763.1000					notwendig
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	01.01.2012		14.0.4763.1000			notwendig
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	01.01.2012		14.0.4763.1000			notwendig
Microsoft Silverlight	Microsoft Corporation	06.12.2011	40,4MB	4.0.60831.0					unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	11.04.2011	1,70MB	3.1.0000		unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	06.12.2011	0,29MB	8.0.61001		unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	11.04.2011	0,61MB	8.0.61000		unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	11.12.2011	12,3MB	10.0.40219	unbekannt
Mozilla Firefox 9.0.1 (x86 de)	Mozilla	01.01.2012	36,5MB	9.0.1							notwendig
Mozilla Thunderbird (8.0)	Mozilla	12.12.2011		8.0 (de)						notwendig
Nuance PDF Reader	Nuance Communications, Inc.	11.04.2011	47,8MB	6.00.0041				unbekannt
NVIDIA Graphics Driver 268.56	NVIDIA Corporation	10.10.2011		268.56					notwendig
Plants vs Zombies	Oberon Media Inc.	11.10.2011								unbekannt
Realtek Ethernet Controller Driver	Realtek	10.10.2011		7.38.113.2011					notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.10.2011		6.0.1.6373		notwendig
Realtek USB 2.0 Reader Driver	Realtek Semiconductor Corp.	10.10.2011		6.1.7600.10001			notwendig
Sonic Focus	Synopsys 	10.10.2011	4,31MB	1.0.0.4								unbekannt
syncables desktop SE	syncables	11.04.2011	163,5MB	5.5.746.11492						unbekannt
Windows Live Essentials	Microsoft Corporation	12.04.2011		15.4.3508.1109					unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2	unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2		unbekannt
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2		unbekannt
WinFlash	ASUS	10.10.2011	0,84MB	2.31.0									unbekannt
Wireless Console 3	ASUS	10.10.2011	2,44MB	3.0.19								unbekannt
World of Goo	Oberon Media Inc.	11.10.2011									unbekannt	
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2	unbekannt
Элемент управления Windows Live Mesh ActiveX для удаленных подключений	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2		unbekannt
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2					unbekannt
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة	Microsoft Corporation	11.04.2011	5,38MB	15.4.5722.2					unbekannt
適用遠端連線的 Windows Live Mesh ActiveX 控制項	Microsoft Corporation	11.04.2011	5,57MB	15.4.5722.2						unbekannt
         

Antwort

Themen zu google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)
andere, ergebnisse, fehlermeldung, festgestellt, fremde, geschieht, google, hängt, kaspersky, klick, leitet, links, mozilla, neues, nichts, notebook, problem, rechner, relativ, seite, seiten, suche, thealltimes.com, weitergeleitet, windows, windows 7




Ähnliche Themen: google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)


  1. Google leitet auf andere Seiten um....
    Log-Analyse und Auswertung - 25.04.2015 (13)
  2. Google-Ergebnisse leiten auf andere Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (26)
  3. Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um
    Log-Analyse und Auswertung - 05.11.2012 (9)
  4. Google leitet mich beim Anklicken der Ergenislinks auf bösartige Seiten weiter (lt. Avast)
    Log-Analyse und Auswertung - 04.10.2012 (15)
  5. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  6. Google leitet mich immer auf andere Websites( manchmal sogar auf google selbst)
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (21)
  7. Umleitung bei Google über "Thealltimes.com" auf fremde Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (10)
  8. Internet Explorer leitet mich immer auf andere Seiten um, Trojaner gefunden
    Log-Analyse und Auswertung - 06.12.2011 (10)
  9. Google leitet mich auf andere Seiten um wenn ich auf einen Link klicke
    Plagegeister aller Art und deren Bekämpfung - 21.07.2011 (35)
  10. Google leitet mich auf andere Webseiten um.
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (2)
  11. Google leitet auf andere Seiten um
    Log-Analyse und Auswertung - 05.04.2011 (1)
  12. Mozilla und IE (Vista) leiten mich bei Google-Such-Ergebnisse auf falsche Seiten
    Log-Analyse und Auswertung - 05.04.2011 (28)
  13. Anfänger: Google ergebnisse werden auf andere seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (17)
  14. Google leitet auf andere Seiten um, Seiten wollen sich ungefragt öffnen. Gelöst(?) Sicher?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (8)
  15. Google-Ergebnisse leiten auf andere Seiten um
    Log-Analyse und Auswertung - 02.09.2009 (28)
  16. Firefox leitet mich auf andere Seiten um!
    Log-Analyse und Auswertung - 05.05.2009 (21)
  17. Google leitet mich auf andere Seiten
    Log-Analyse und Auswertung - 11.02.2009 (1)

Zum Thema google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) - Hallo Forengemeinde, hab jetzt das Problem festgestellt, dass ich immer auf fremde Seiten (jedesmal unterschiedliche Inhalte) weitergeleitet werde, wenn ich auf die Links in der Ergebnisliste von Google klicke. Dies - google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)...
Archiv
Du betrachtest: google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.