Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weiterleitung bei google Suchergebnissen (https://www.trojaner-board.de/119645-weiterleitung-google-suchergebnissen.html)

flo231_464 16.07.2012 16:18
Weiterleitung bei google Suchergebnissen
 
Hallo Trojanerboard Experten,

folgendes Problem tritt bei meinem Windows 7 64bit Laptop seit gestern auf: Wenn ich bei google auf ein Suchergenis klicke, dann werde ich auf verschiedene andere Webseiten umgeleitet, aber natürlich nicht die, auf die ich eigentlich will. Der Scan mit OTL hat folgendes ergeben:

OTL logfile created on: 16.07.2012 16:54:23 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Fl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,98% Memory free
15,83 Gb Paging File | 13,90 Gb Available in Paging File | 87,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 56,47 Gb Free Space | 37,89% Space Free | Partition Type: NTFS
Drive D: | 425,64 Gb Total Space | 43,07 Gb Free Space | 10,12% Space Free | Partition Type: NTFS
Drive G: | 1,90 Gb Total Space | 1,90 Gb Free Space | 99,94% Space Free | Partition Type: FAT

Computer Name: FL-PC | User Name: Fl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.16 16:53:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fl\Downloads\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.07 14:32:48 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.01.25 17:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.10.07 20:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 20:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 16:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 16:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 23:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.22 23:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 03:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.20 15:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010.04.17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2009.07.14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.26 00:03:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 14:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 16:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.15 23:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.22 12:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.15 12:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.08 11:15:02 | 000,656,896 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2011.08.08 11:15:02 | 000,624,640 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2011.07.05 16:28:36 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.31 12:41:38 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.31 12:41:38 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.25 15:54:35 | 000,133,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.13 15:12:39 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.14 04:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.03 12:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.06.23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010.03.02 21:48:34 | 002,103,336 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2009.07.21 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.09.02 13:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/11/08 19:09:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.03.25 15:54:35 | 000,133,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.07.26 19:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 00:03:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.16 22:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.07.10 01:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fl\AppData\Roaming\mozilla\Extensions
[2011.05.31 10:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.22 23:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fl\AppData\Roaming\mozilla\Firefox\Profiles\ya42uc0v.default\extensions
[2012.05.22 23:44:03 | 000,000,000 | ---D | M] (BrowserTexting) -- C:\Users\Fl\AppData\Roaming\mozilla\Firefox\Profiles\ya42uc0v.default\extensions\browsertexting@browsertexting.com
[2012.05.17 17:26:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Fl\AppData\Roaming\mozilla\Firefox\Profiles\ya42uc0v.default\extensions\ich@maltegoetz.de
[2011.11.12 15:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.21 23:53:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.31 10:27:11 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\FL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA42UC0V.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012.06.26 00:03:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 00:03:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 00:03:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 00:03:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 00:03:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 00:03:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 00:03:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.07.03 17:22:19 | 000,001,469 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 googleads.g.doubleclick.net
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O1 - Hosts: 127.0.0.1 wodas.wetteronline.de
O1 - Hosts: 127.0.0.1 adsfac.eu
O1 - Hosts: 127.0.0.1 redtube.com
O1 - Hosts: 127.0.0.1 img03.redtubefiles.com
O1 - Hosts: 127.0.0.1 content.yieldmanager.edgesuite.net
O1 - Hosts: 127.0.0.1 eads.to
O1 - Hosts: 127.0.0.1 static.fundorado.com
O1 - Hosts: 127.0.0.1 ext.affaire.com
O1 - Hosts: 127.0.0.1 rgmarket.adspirit.net
O1 - Hosts: 127.0.0.1 *.redtubefiles.com
O1 - Hosts: 127.0.0.1 www.d03x2011.com
O1 - Hosts: 127.0.0.1 static.eu.criteo.net
O1 - Hosts: 127.0.0.1 ih.adscale.de
O1 - Hosts: 127.0.0.1 ads.adcloud.net
O1 - Hosts: 127.0.0.1 livejasmin.com
O1 - Hosts: 127.0.0.1 tag.admeld.com
O1 - Hosts: 127.0.0.1 imagesrv.adition.com
O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net
O1 - Hosts: 127.0.0.1 ad-emea.doubleclick.net
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe File not found
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Fl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426948A9-854A-4ACE-90D6-2C62A5E4487E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87DF1F8B-05D3-47F0-AF96-5625A23C0219}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.16 00:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.07.16 00:39:05 | 000,000,000 | ---D | C] -- C:\Users\Fl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.07.16 00:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.07.16 00:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoKMS
[2012.07.15 18:00:48 | 000,000,000 | ---D | C] -- C:\Directx
[2012.07.15 17:28:40 | 000,000,000 | ---D | C] -- C:\Games
[2012.07.15 02:52:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.07.15 02:30:30 | 000,000,000 | ---D | C] -- C:\Users\Fl\AppData\Roaming\xsecva
[2012.07.10 16:09:10 | 000,000,000 | ---D | C] -- C:\Users\Fl\Desktop\florian.jochheim.3
[2012.07.09 11:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012.07.09 11:30:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\kodak

========== Files - Modified Within 30 Days ==========

[2012.07.16 16:56:46 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:56:46 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:53:47 | 001,835,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 16:53:47 | 000,777,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 16:53:47 | 000,731,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 16:53:47 | 000,177,446 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 16:53:47 | 000,150,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.16 16:48:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 16:47:42 | 2078,158,847 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 16:46:41 | 000,000,188 | ---- | M] () -- C:\Users\Fl\defogger_reenable
[2012.07.16 12:57:35 | 000,001,511 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012.07.16 11:21:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.07.16 00:39:05 | 000,003,191 | ---- | M] () -- C:\Users\Fl\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012.07.16 00:14:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.15 21:59:05 | 000,435,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012.07.15 18:13:11 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\The Conquerors.lnk
[2012.07.15 18:11:47 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.07.15 18:10:01 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012.07.15 05:38:09 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.07.08 13:50:45 | 000,444,756 | ---- | M] () -- C:\Users\Fl\Desktop\ie_analysis_II.pdf
[2012.07.03 16:06:16 | 001,856,136 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012.06.20 20:07:59 | 005,244,423 | ---- | M] () -- C:\EL1_11VL.pdf
[2012.06.20 20:04:25 | 003,325,009 | ---- | M] () -- C:\EL1_12VL.pdf
[2012.06.20 20:02:19 | 000,077,040 | ---- | M] () -- C:\A12_Differenzverstaerker.pdf
[2012.06.19 13:15:33 | 000,000,146 | ---- | M] () -- C:\Windows\capture.INI
[2012.06.19 13:10:23 | 000,000,217 | ---- | M] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep
[2012.06.17 13:39:47 | 004,093,511 | ---- | M] () -- C:\EL1.pdf

========== Files Created - No Company Name ==========

[2012.07.16 16:46:41 | 000,000,188 | ---- | C] () -- C:\Users\Fl\defogger_reenable
[2012.07.16 16:41:44 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@
[2012.07.16 00:39:05 | 000,003,191 | ---- | C] () -- C:\Users\Fl\Desktop\Sophos Virus Removal Tool.lnk
[2012.07.15 18:13:11 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\The Conquerors.lnk
[2012.07.15 18:11:47 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.07.15 18:02:34 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.07.15 17:18:13 | 3836,164,096 | ---- | C] () -- C:\Users\Fl\Desktop\C.O.H.iso
[2012.07.15 02:30:41 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000032.@
[2012.07.15 02:30:41 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000064.@
[2012.07.15 02:30:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\L\00000004.@
[2012.07.15 02:30:40 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000000.@
[2012.07.15 02:30:40 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000004.@
[2012.07.15 02:30:40 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\000000cb.@
[2012.07.08 13:50:45 | 000,444,756 | ---- | C] () -- C:\Users\Fl\Desktop\ie_analysis_II.pdf
[2012.07.02 16:05:52 | 001,096,338 | ---- | C] () -- C:\Users\Fl\Desktop\KSCN0001.jpg
[2012.06.20 20:07:59 | 005,244,423 | ---- | C] () -- C:\EL1_11VL.pdf
[2012.06.20 20:04:25 | 003,325,009 | ---- | C] () -- C:\EL1_12VL.pdf
[2012.06.20 20:02:19 | 000,077,040 | ---- | C] () -- C:\A12_Differenzverstaerker.pdf
[2012.06.19 13:15:33 | 000,000,146 | ---- | C] () -- C:\Windows\capture.INI
[2012.06.19 13:10:23 | 000,000,217 | ---- | C] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep
[2012.06.17 13:39:47 | 004,093,511 | ---- | C] () -- C:\EL1.pdf
[2012.06.04 23:22:22 | 000,000,144 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.04 23:22:20 | 000,251,904 | ---- | C] () -- C:\Windows\SysWow64\orant71.dll
[2012.06.04 23:22:18 | 000,903,168 | ---- | C] () -- C:\Windows\SysWow64\mitmdl30.dll
[2012.06.04 23:22:17 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2012.06.04 23:22:17 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2012.06.04 23:22:17 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2012.06.04 23:22:17 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2012.06.04 23:22:17 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2012.06.04 23:22:17 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2012.06.04 23:22:17 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2012.06.04 23:22:17 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2012.06.04 23:22:17 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2012.06.04 23:22:17 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2012.06.04 23:22:17 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2012.06.04 23:22:17 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2012.06.04 23:22:17 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2012.06.04 23:22:17 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2012.06.04 23:22:17 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Users\Fl\AppData\Local\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@
[2011.10.14 00:07:27 | 001,856,136 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.31 20:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.07.06 15:19:37 | 000,000,017 | ---- | C] () -- C:\Users\Fl\AppData\Roaming\Options.ini
[2011.06.01 00:39:15 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.31 09:22:40 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.04.07 13:58:57 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.04.07 13:18:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011.05.31 07:27:59 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Asus WebStorage
[2011.06.28 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Auslogics
[2011.11.03 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\benibela
[2011.06.08 23:49:10 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\DAEMON Tools Lite
[2012.07.16 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Dropbox
[2012.05.27 03:21:34 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\e-academy Inc
[2011.11.20 13:11:46 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\LyX2.0
[2012.01.13 11:50:03 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.06.28 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.07.23 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.07.06 15:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\My Battle for Middle-earth Files
[2011.07.07 01:23:55 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\OpenOffice.org
[2011.08.08 23:07:11 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\PDF Writer
[2012.06.18 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\pdfforge
[2012.06.28 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\TerraTec
[2012.01.27 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\The Creative Assembly
[2011.05.31 10:20:52 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Thunderbird
[2012.07.09 11:43:54 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\uTorrent
[2012.07.16 00:40:00 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\xsecva
[2011.05.31 08:30:00 | 000,000,000 | ---D | M] -- C:\Users\Fl\AppData\Roaming\Zeon
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.01 05:01:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D20FFA63
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568

< End of report >

t'john 16.07.2012 17:06
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe File not found
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" File not found
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp20FFA63
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568

[2012.06.26 00:03:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.16 16:50:19 | 000,000,540 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012.07.16 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012.07.16 00:38:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012.07.15 18:19:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012.06.29 15:28:54 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012.06.19 13:10:23 | 000,000,217 | ---- | M] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep
[2012.06.19 13:10:23 | 000,000,217 | ---- | C] () -- C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep
[2012.07.16 16:41:44 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@
[2012.07.15 02:30:30 | 000,000,000 | ---D | C] -- C:\Users\Fl\AppData\Roaming\xsecva
[2012.07.15 02:30:41 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000032.@
[2012.07.15 02:30:41 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000064.@
[2012.07.15 02:30:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\L\00000004.@
[2012.07.15 02:30:40 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000000.@
[2012.07.15 02:30:40 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000004.@
[2012.07.15 02:30:40 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\000000cb.@
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@
[2012.01.26 13:59:28 | 000,002,048 | -HS- | C] () -- C:\Users\Fl\AppData\Local\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

flo231_464 16.07.2012 17:33
So, ausgeführt und reboot nach Aufforderung durchgeführt:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BDRegion deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKAiO2StatusMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Unable to delete ADS C:\ProgramData\Temp20FFA63 .
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job moved successfully.
File C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job not found.
C:\Windows\Tasks\At1.job moved successfully.
File C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At4.job moved successfully.
File C:\Windows\Tasks\At4.job not found.
C:\Windows\Tasks\At2.job moved successfully.
File C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At3.job moved successfully.
File C:\Windows\Tasks\At3.job not found.
C:\Windows\SysWOW64\design1-SCHEMATIC1-Sweep moved successfully.
File C:\Windows\SysWow64\design1-SCHEMATIC1-Sweep not found.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ moved successfully.
C:\Users\Fl\AppData\Roaming\xsecva folder moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000032.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000064.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\L\00000004.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\80000000.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000004.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@ moved successfully.
C:\Users\Fl\AppData\Local\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Fl\Downloads\cmd.bat deleted successfully.
C:\Users\Fl\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fl
->Temp folder emptied: 1538134945 bytes
->Temporary Internet Files folder emptied: 65514379 bytes
->Java cache emptied: 1466159 bytes
->FireFox cache emptied: 173371495 bytes
->Flash cache emptied: 76514 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 265909265 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 1534389677 bytes
 
Total Files Cleaned = 3.413,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Fl
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_182559

Files\Folders moved on Reboot...
C:\Users\Fl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Fl\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.16 18:29:29 | 000,000,197 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

t'john 16.07.2012 18:51
Sehr gut! :daumenhoc

1. Schritt

Neue Version! Bitte neu runterladen!
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

flo231_464 16.07.2012 23:52
Danke schonmal für die tolle Hilfe und die schnellen Antwortn. Habe beides ausgeführt. Hier die Logs:
Code:
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 00:50:17
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Fl - FL-PC
# Running from : C:\Users\Fl\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Fl\AppData\Roaming\pdfforge

***** [Registry] *****

Key Found : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Fl\AppData\Roaming\Mozilla\Firefox\Profiles\ya42uc0v.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1322 octets] - [17/07/2012 00:50:17]

########## EOF - C:\AdwCleaner[R1].txt - [1450 octets] ##########
Code:
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fl :: FL-PC [Administrator]

Schutz: Aktiviert

16.07.2012 23:18:49
mbam-log-2012-07-16 (23-18-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 571317
Laufzeit: 1 Stunde(n), 25 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07162012_182559\C_Windows\Installer\{bb5bd670-2a37-b9a2-5c9b-ebd7ae7b517e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john 17.07.2012 16:06
Sehr gut! :daumenhoc

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:

TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.

flo231_464 17.07.2012 20:09
Code:
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 21:04:13
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Fl - FL-PC
# Running from : C:\Users\Fl\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Fl\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Fl\AppData\Roaming\Mozilla\Firefox\Profiles\ya42uc0v.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [17/07/2012 00:50:17]
AdwCleaner[S1].txt - [1155 octets] - [17/07/2012 21:04:13]

########## EOF - C:\AdwCleaner[S1].txt - [1283 octets] ##########
Code:
21:06:09.0386 4204        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:06:09.0485 4204        ============================================================
21:06:09.0485 4204        Current date / time: 2012/07/17 21:06:09.0485
21:06:09.0485 4204        SystemInfo:
21:06:09.0485 4204       
21:06:09.0485 4204        OS Version: 6.1.7601 ServicePack: 1.0
21:06:09.0485 4204        Product type: Workstation
21:06:09.0485 4204        ComputerName: FL-PC
21:06:09.0486 4204        UserName: Fl
21:06:09.0486 4204        Windows directory: C:\Windows
21:06:09.0486 4204        System windows directory: C:\Windows
21:06:09.0486 4204        Running under WOW64
21:06:09.0486 4204        Processor architecture: Intel x64
21:06:09.0486 4204        Number of processors: 4
21:06:09.0486 4204        Page size: 0x1000
21:06:09.0486 4204        Boot type: Normal boot
21:06:09.0486 4204        ============================================================
21:06:10.0429 4204        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:10.0434 4204        Drive \Device\Harddisk1\DR1 - Size: 0x79800000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:10.0436 4204        ============================================================
21:06:10.0436 4204        \Device\Harddisk0\DR0:
21:06:10.0436 4204        MBR partitions:
21:06:10.0437 4204        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x12A151A9
21:06:10.0457 4204        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1550F800, BlocksNum 0x35348000
21:06:10.0458 4204        \Device\Harddisk1\DR1:
21:06:10.0460 4204        MBR partitions:
21:06:10.0460 4204        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xE2, BlocksNum 0x3CBF1E
21:06:10.0460 4204        ============================================================
21:06:10.0519 4204        C: <-> \Device\Harddisk0\DR0\Partition0
21:06:10.0678 4204        D: <-> \Device\Harddisk0\DR0\Partition1
21:06:10.0678 4204        ============================================================
21:06:10.0678 4204        Initialize success
21:06:10.0678 4204        ============================================================
21:06:20.0639 4528        ============================================================
21:06:20.0639 4528        Scan started
21:06:20.0639 4528        Mode: Manual;
21:06:20.0639 4528        ============================================================
21:06:27.0000 4528        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:06:27.0019 4528        1394ohci - ok
21:06:27.0487 4528        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:06:27.0507 4528        ACPI - ok
21:06:27.0598 4528        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:06:27.0598 4528        AcpiPmi - ok
21:06:27.0867 4528        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:27.0898 4528        AdobeARMservice - ok
21:06:28.0455 4528        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:28.0471 4528        adp94xx - ok
21:06:28.0950 4528        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:06:28.0970 4528        adpahci - ok
21:06:29.0261 4528        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:06:29.0278 4528        adpu320 - ok
21:06:29.0377 4528        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:06:29.0378 4528        AeLookupSvc - ok
21:06:29.0918 4528        AFBAgent        (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe
21:06:29.0933 4528        AFBAgent - ok
21:06:30.0320 4528        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:06:30.0323 4528        AFD - ok
21:06:30.0429 4528        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:06:30.0445 4528        agp440 - ok
21:06:30.0617 4528        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:06:30.0618 4528        ALG - ok
21:06:30.0715 4528        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:06:30.0716 4528        aliide - ok
21:06:30.0777 4528        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:06:30.0778 4528        amdide - ok
21:06:31.0064 4528        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:06:31.0067 4528        AmdK8 - ok
21:06:31.0140 4528        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:06:31.0141 4528        AmdPPM - ok
21:06:31.0375 4528        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
21:06:31.0377 4528        amdsata - ok
21:06:31.0723 4528        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:31.0803 4528        amdsbs - ok
21:06:31.0860 4528        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
21:06:31.0860 4528        amdxata - ok
21:06:32.0087 4528        AnyDVD          (a4837260ab5e274d508a52a6da7c9ed1) C:\Windows\system32\Drivers\AnyDVD.sys
21:06:32.0088 4528        AnyDVD - ok
21:06:32.0298 4528        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:06:32.0301 4528        AppID - ok
21:06:32.0507 4528        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:06:32.0525 4528        AppIDSvc - ok
21:06:32.0804 4528        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:06:32.0805 4528        Appinfo - ok
21:06:33.0206 4528        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:06:33.0250 4528        Apple Mobile Device - ok
21:06:33.0443 4528        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:06:33.0472 4528        arc - ok
21:06:33.0625 4528        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:06:33.0664 4528        arcsas - ok
21:06:33.0947 4528        ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:06:33.0950 4528        ASLDRService - ok
21:06:34.0567 4528        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:06:34.0872 4528        aspnet_state - ok
21:06:34.0966 4528        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:34.0968 4528        AsyncMac - ok
21:06:35.0089 4528        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:06:35.0089 4528        atapi - ok
21:06:36.0544 4528        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
21:06:36.0619 4528        athr - ok
21:06:36.0728 4528        ATKGFNEXSrv    (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:06:36.0731 4528        ATKGFNEXSrv - ok
21:06:37.0009 4528        atksgt          (b0d59e2eeb0b9ea65c6dc74ae0e2f045) C:\Windows\system32\DRIVERS\atksgt.sys
21:06:37.0010 4528        atksgt - ok
21:06:37.0091 4528        ATKWMIACPIIO_  (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:06:37.0092 4528        ATKWMIACPIIO_ - ok
21:06:37.0178 4528        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:37.0198 4528        AudioEndpointBuilder - ok
21:06:37.0203 4528        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:06:37.0206 4528        AudioSrv - ok
21:06:37.0258 4528        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:06:37.0261 4528        AxInstSV - ok
21:06:37.0340 4528        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:06:37.0352 4528        b06bdrv - ok
21:06:37.0385 4528        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:37.0396 4528        b57nd60a - ok
21:06:37.0466 4528        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:06:37.0469 4528        BDESVC - ok
21:06:37.0502 4528        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:06:37.0512 4528        Beep - ok
21:06:37.0626 4528        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:06:37.0647 4528        BITS - ok
21:06:37.0668 4528        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:37.0670 4528        blbdrive - ok
21:06:37.0705 4528        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:06:37.0707 4528        bowser - ok
21:06:37.0736 4528        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:37.0738 4528        BrFiltLo - ok
21:06:37.0745 4528        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:37.0747 4528        BrFiltUp - ok
21:06:37.0778 4528        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:06:37.0782 4528        Browser - ok
21:06:37.0804 4528        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:06:37.0817 4528        Brserid - ok
21:06:37.0832 4528        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:37.0835 4528        BrSerWdm - ok
21:06:37.0846 4528        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:37.0849 4528        BrUsbMdm - ok
21:06:37.0864 4528        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:37.0866 4528        BrUsbSer - ok
21:06:37.0881 4528        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:37.0883 4528        BTHMODEM - ok
21:06:37.0935 4528        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:06:37.0937 4528        bthserv - ok
21:06:37.0958 4528        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:37.0961 4528        cdfs - ok
21:06:38.0008 4528        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:06:38.0012 4528        cdrom - ok
21:06:38.0056 4528        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:06:38.0060 4528        CertPropSvc - ok
21:06:38.0090 4528        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:06:38.0092 4528        circlass - ok
21:06:38.0136 4528        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:06:38.0154 4528        CLFS - ok
21:06:38.0352 4528        CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:06:38.0355 4528        CLHNServiceForPowerDVD - ok
21:06:38.0400 4528        CLKMSVC10_38F51D56 - ok
21:06:38.0511 4528        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:38.0532 4528        clr_optimization_v2.0.50727_32 - ok
21:06:38.0604 4528        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:38.0610 4528        clr_optimization_v2.0.50727_64 - ok
21:06:38.0697 4528        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:38.0867 4528        clr_optimization_v4.0.30319_32 - ok
21:06:39.0095 4528        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:39.0176 4528        clr_optimization_v4.0.30319_64 - ok
21:06:39.0419 4528        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:39.0420 4528        CmBatt - ok
21:06:39.0455 4528        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:06:39.0458 4528        cmdide - ok
21:06:39.0520 4528        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:06:39.0535 4528        CNG - ok
21:06:39.0581 4528        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:06:39.0582 4528        Compbatt - ok
21:06:39.0620 4528        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:06:39.0623 4528        CompositeBus - ok
21:06:39.0634 4528        COMSysApp - ok
21:06:39.0653 4528        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:06:39.0657 4528        crcdisk - ok
21:06:39.0732 4528        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:06:39.0750 4528        CryptSvc - ok
21:06:40.0024 4528        CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:06:40.0043 4528        CyberLink PowerDVD 11.0 Monitor Service - ok
21:06:40.0074 4528        CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
21:06:40.0094 4528        CyberLink PowerDVD 11.0 Service - ok
21:06:40.0184 4528        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:06:40.0208 4528        DcomLaunch - ok
21:06:40.0261 4528        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:06:40.0273 4528        defragsvc - ok
21:06:40.0493 4528        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:06:40.0504 4528        DfsC - ok
21:06:40.0562 4528        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:06:40.0583 4528        Dhcp - ok
21:06:40.0624 4528        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:06:40.0628 4528        discache - ok
21:06:40.0654 4528        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:06:40.0657 4528        Disk - ok
21:06:40.0696 4528        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:06:40.0702 4528        Dnscache - ok
21:06:40.0738 4528        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:06:40.0751 4528        dot3svc - ok
21:06:40.0823 4528        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:06:40.0843 4528        DPS - ok
21:06:40.0920 4528        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:06:40.0923 4528        drmkaud - ok
21:06:41.0003 4528        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:06:41.0008 4528        dtsoftbus01 - ok
21:06:41.0914 4528        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:06:41.0925 4528        DXGKrnl - ok
21:06:42.0004 4528        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:06:42.0008 4528        EapHost - ok
21:06:42.0434 4528        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:06:42.0523 4528        ebdrv - ok
21:06:43.0230 4528        EFS            (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:06:43.0241 4528        EFS - ok
21:06:43.0365 4528        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:06:43.0400 4528        ehRecvr - ok
21:06:43.0455 4528        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:06:43.0459 4528        ehSched - ok
21:06:43.0535 4528        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:06:43.0536 4528        ElbyCDIO - ok
21:06:43.0641 4528        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:06:43.0662 4528        elxstor - ok
21:06:43.0695 4528        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:06:43.0699 4528        ErrDev - ok
21:06:43.0746 4528        ETD            (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
21:06:43.0748 4528        ETD - ok
21:06:43.0810 4528        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:06:43.0829 4528        EventSystem - ok
21:06:43.0883 4528        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:06:43.0896 4528        exfat - ok
21:06:43.0926 4528        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:06:43.0940 4528        fastfat - ok
21:06:44.0039 4528        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:06:44.0067 4528        Fax - ok
21:06:44.0094 4528        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:06:44.0097 4528        fdc - ok
21:06:44.0140 4528        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:06:44.0145 4528        fdPHost - ok
21:06:44.0161 4528        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:06:44.0165 4528        FDResPub - ok
21:06:44.0193 4528        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:06:44.0196 4528        FileInfo - ok
21:06:44.0217 4528        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:06:44.0219 4528        Filetrace - ok
21:06:44.0233 4528        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:44.0236 4528        flpydisk - ok
21:06:44.0458 4528        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:06:44.0473 4528        FltMgr - ok
21:06:44.0561 4528        FontCache      (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
21:06:44.0611 4528        FontCache - ok
21:06:44.0741 4528        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:44.0762 4528        FontCache3.0.0.0 - ok
21:06:44.0827 4528        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:06:44.0830 4528        FsDepends - ok
21:06:44.0851 4528        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:06:44.0852 4528        Fs_Rec - ok
21:06:44.0931 4528        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:06:44.0937 4528        fvevol - ok
21:06:44.0965 4528        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:06:44.0970 4528        gagp30kx - ok
21:06:45.0036 4528        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:06:45.0037 4528        GEARAspiWDM - ok
21:06:45.0607 4528        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:06:45.0646 4528        gpsvc - ok
21:06:45.0677 4528        hamachi        (38230a1356208788c5dd007a945479ff) C:\Windows\system32\DRIVERS\hamachi.sys
21:06:45.0680 4528        hamachi - ok
21:06:45.0707 4528        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:06:45.0710 4528        hcw85cir - ok
21:06:45.0768 4528        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:06:45.0786 4528        HdAudAddService - ok
21:06:45.0821 4528        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:06:45.0823 4528        HDAudBus - ok
21:06:45.0839 4528        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:06:45.0842 4528        HidBatt - ok
21:06:45.0854 4528        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:06:45.0857 4528        HidBth - ok
21:06:45.0888 4528        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:06:45.0891 4528        HidIr - ok
21:06:45.0921 4528        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:06:45.0925 4528        hidserv - ok
21:06:45.0977 4528        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:06:45.0980 4528        HidUsb - ok
21:06:46.0028 4528        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:06:46.0046 4528        hkmsvc - ok
21:06:46.0100 4528        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:06:46.0115 4528        HomeGroupListener - ok
21:06:46.0172 4528        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:06:46.0179 4528        HomeGroupProvider - ok
21:06:46.0210 4528        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:06:46.0213 4528        HpSAMD - ok
21:06:46.0463 4528        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:06:46.0493 4528        HTTP - ok
21:06:46.0546 4528        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:06:46.0547 4528        hwpolicy - ok
21:06:46.0603 4528        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:06:46.0606 4528        i8042prt - ok
21:06:46.0748 4528        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:06:46.0754 4528        iaStor - ok
21:06:47.0056 4528        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
21:06:47.0094 4528        iaStorV - ok
21:06:47.0239 4528        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:06:47.0246 4528        IDriverT - ok
21:06:47.0427 4528        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:06:47.0461 4528        idsvc - ok
21:06:50.0570 4528        igfx            (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:06:50.0812 4528        igfx - ok
21:06:50.0976 4528        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:06:50.0979 4528        iirsp - ok
21:06:51.0079 4528        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:06:51.0110 4528        IKEEXT - ok
21:06:51.0788 4528        IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
21:06:51.0802 4528        IntcAzAudAddService - ok
21:06:52.0134 4528        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:06:52.0146 4528        IntcDAud - ok
21:06:52.0208 4528        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:06:52.0211 4528        intelide - ok
21:06:52.0249 4528        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:06:52.0253 4528        intelppm - ok
21:06:52.0315 4528        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:06:52.0320 4528        IPBusEnum - ok
21:06:52.0351 4528        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:52.0354 4528        IpFilterDriver - ok
21:06:52.0393 4528        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:06:52.0397 4528        IPMIDRV - ok
21:06:52.0443 4528        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:06:52.0448 4528        IPNAT - ok
21:06:52.0876 4528        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:06:52.0910 4528        iPod Service - ok
21:06:52.0953 4528        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:06:52.0956 4528        IRENUM - ok
21:06:52.0989 4528        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:06:52.0991 4528        isapnp - ok
21:06:53.0022 4528        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:06:53.0034 4528        iScsiPrt - ok
21:06:53.0060 4528        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:06:53.0061 4528        kbdclass - ok
21:06:53.0105 4528        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:06:53.0108 4528        kbdhid - ok
21:06:53.0130 4528        kbfiltr        (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:06:53.0130 4528        kbfiltr - ok
21:06:53.0178 4528        KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:06:53.0180 4528        KeyIso - ok
21:06:53.0274 4528        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:06:53.0276 4528        KSecDD - ok
21:06:53.0306 4528        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:06:53.0310 4528        KSecPkg - ok
21:06:53.0344 4528        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:06:53.0346 4528        ksthunk - ok
21:06:53.0398 4528        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:06:53.0419 4528        KtmRm - ok
21:06:53.0503 4528        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:06:53.0518 4528        LanmanServer - ok
21:06:53.0557 4528        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:06:53.0563 4528        LanmanWorkstation - ok
21:06:53.0609 4528        lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
21:06:53.0610 4528        lirsgt - ok
21:06:53.0637 4528        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:06:53.0640 4528        lltdio - ok
21:06:53.0681 4528        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:06:53.0696 4528        lltdsvc - ok
21:06:53.0736 4528        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:06:53.0740 4528        lmhosts - ok
21:06:53.0780 4528        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:06:53.0784 4528        LSI_FC - ok
21:06:53.0798 4528        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:06:53.0801 4528        LSI_SAS - ok
21:06:53.0821 4528        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:06:53.0824 4528        LSI_SAS2 - ok
21:06:53.0840 4528        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:06:53.0844 4528        LSI_SCSI - ok
21:06:53.0867 4528        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:06:53.0870 4528        luafv - ok
21:06:53.0919 4528        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:06:53.0922 4528        MBAMProtector - ok
21:06:54.0160 4528        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:06:54.0195 4528        MBAMService - ok
21:06:54.0236 4528        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:06:54.0243 4528        Mcx2Svc - ok
21:06:54.0263 4528        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:06:54.0266 4528        megasas - ok
21:06:54.0291 4528        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:06:54.0311 4528        MegaSR - ok
21:06:54.0352 4528        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:06:54.0354 4528        MEIx64 - ok
21:06:54.0402 4528        Microsoft SharePoint Workspace Audit Service - ok
21:06:54.0492 4528        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:06:54.0496 4528        MMCSS - ok
21:06:54.0525 4528        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:06:54.0528 4528        Modem - ok
21:06:54.0550 4528        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:06:54.0553 4528        monitor - ok
21:06:54.0589 4528        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:06:54.0590 4528        mouclass - ok
21:06:54.0617 4528        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:06:54.0620 4528        mouhid - ok
21:06:54.0695 4528        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:06:54.0699 4528        mountmgr - ok
21:06:54.0805 4528        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:06:54.0809 4528        MozillaMaintenance - ok
21:06:54.0845 4528        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:06:54.0849 4528        mpio - ok
21:06:54.0894 4528        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:06:54.0899 4528        mpsdrv - ok
21:06:54.0990 4528        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:06:54.0995 4528        MRxDAV - ok
21:06:55.0048 4528        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:55.0053 4528        mrxsmb - ok
21:06:55.0096 4528        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:55.0114 4528        mrxsmb10 - ok
21:06:55.0140 4528        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:55.0144 4528        mrxsmb20 - ok
21:06:55.0172 4528        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:06:55.0173 4528        msahci - ok
21:06:55.0206 4528        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:06:55.0210 4528        msdsm - ok
21:06:55.0238 4528        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:06:55.0242 4528        MSDTC - ok
21:06:55.0271 4528        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:06:55.0273 4528        Msfs - ok
21:06:55.0298 4528        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:06:55.0300 4528        mshidkmdf - ok
21:06:55.0330 4528        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:06:55.0330 4528        msisadrv - ok
21:06:55.0360 4528        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:06:55.0366 4528        MSiSCSI - ok
21:06:55.0369 4528        msiserver - ok
21:06:55.0404 4528        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:06:55.0406 4528        MSKSSRV - ok
21:06:55.0419 4528        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:55.0422 4528        MSPCLOCK - ok
21:06:55.0431 4528        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:06:55.0434 4528        MSPQM - ok
21:06:55.0506 4528        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:06:55.0528 4528        MsRPC - ok
21:06:55.0562 4528        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:06:55.0563 4528        mssmbios - ok
21:06:55.0648 4528        MSSQL$SQLEXPRESS - ok
21:06:55.0747 4528        MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:06:55.0751 4528        MSSQLServerADHelper100 - ok
21:06:55.0783 4528        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:06:55.0787 4528        MSTEE - ok
21:06:55.0803 4528        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:06:55.0806 4528        MTConfig - ok
21:06:55.0824 4528        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:06:55.0825 4528        Mup - ok
21:06:55.0879 4528        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:06:55.0899 4528        napagent - ok
21:06:55.0945 4528        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:06:55.0956 4528        NativeWifiP - ok
21:06:56.0072 4528        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:06:56.0108 4528        NDIS - ok
21:06:56.0153 4528        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:56.0156 4528        NdisCap - ok
21:06:56.0197 4528        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:56.0200 4528        NdisTapi - ok
21:06:56.0270 4528        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:56.0280 4528        Ndisuio - ok
21:06:56.0330 4528        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:56.0343 4528        NdisWan - ok
21:06:56.0359 4528        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:06:56.0362 4528        NDProxy - ok
21:06:56.0401 4528        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:06:56.0404 4528        NetBIOS - ok
21:06:56.0471 4528        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:06:56.0482 4528        NetBT - ok
21:06:56.0538 4528        Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:06:56.0541 4528        Netlogon - ok
21:06:56.0786 4528        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:06:56.0804 4528        Netman - ok
21:06:56.0927 4528        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:56.0953 4528        NetMsmqActivator - ok
21:06:56.0963 4528        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:56.0966 4528        NetPipeActivator - ok
21:06:57.0031 4528        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:06:57.0050 4528        netprofm - ok
21:06:57.0068 4528        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:57.0070 4528        NetTcpActivator - ok
21:06:57.0074 4528        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:57.0076 4528        NetTcpPortSharing - ok
21:06:57.0189 4528        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:06:57.0192 4528        nfrd960 - ok
21:06:57.0256 4528        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:06:57.0275 4528        NlaSvc - ok
21:06:57.0298 4528        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:06:57.0301 4528        Npfs - ok
21:06:57.0337 4528        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:06:57.0342 4528        nsi - ok
21:06:57.0355 4528        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:06:57.0358 4528        nsiproxy - ok
21:06:57.0632 4528        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
21:06:57.0672 4528        Ntfs - ok
21:06:57.0898 4528        ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:06:57.0899 4528        ntk_PowerDVD - ok
21:06:58.0177 4528        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:06:58.0179 4528        Null - ok
21:06:59.0739 4528        nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:06:59.0803 4528        nvlddmkm - ok
21:06:59.0929 4528        nvpciflt        (715d45ed30003fc70cfa0d9c6dd0b538) C:\Windows\system32\DRIVERS\nvpciflt.sys
21:06:59.0929 4528        nvpciflt - ok
21:06:59.0967 4528        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
21:06:59.0970 4528        nvraid - ok
21:06:59.0990 4528        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
21:06:59.0994 4528        nvstor - ok
21:07:00.0046 4528        NVSvc          (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
21:07:00.0072 4528        NVSvc - ok
21:07:00.0215 4528        nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:07:00.0264 4528        nvUpdatusService - ok
21:07:00.0394 4528        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:07:00.0397 4528        nv_agp - ok
21:07:00.0435 4528        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:07:00.0437 4528        ohci1394 - ok
21:07:00.0561 4528        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:00.0564 4528        ose - ok
21:07:00.0671 4528        ose64          (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:00.0675 4528        ose64 - ok
21:07:00.0890 4528        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:07:00.0988 4528        osppsvc - ok
21:07:01.0116 4528        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:01.0130 4528        p2pimsvc - ok
21:07:01.0161 4528        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:07:01.0180 4528        p2psvc - ok
21:07:01.0224 4528        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:07:01.0227 4528        Parport - ok
21:07:01.0260 4528        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:07:01.0262 4528        partmgr - ok
21:07:01.0302 4528        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:07:01.0306 4528        PcaSvc - ok
21:07:01.0344 4528        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:07:01.0347 4528        pci - ok
21:07:01.0378 4528        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:07:01.0379 4528        pciide - ok
21:07:01.0416 4528        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:01.0420 4528        pcmcia - ok
21:07:01.0441 4528        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:07:01.0442 4528        pcw - ok
21:07:01.0479 4528        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:07:01.0497 4528        PEAUTH - ok
21:07:01.0571 4528        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:07:01.0573 4528        PerfHost - ok
21:07:01.0693 4528        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:07:01.0742 4528        pla - ok
21:07:01.0870 4528        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:07:01.0884 4528        PlugPlay - ok
21:07:01.0926 4528        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:07:01.0929 4528        PNRPAutoReg - ok
21:07:01.0960 4528        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:07:01.0963 4528        PNRPsvc - ok
21:07:02.0016 4528        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:07:02.0037 4528        PolicyAgent - ok
21:07:02.0061 4528        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:07:02.0065 4528        Power - ok
21:07:02.0449 4528        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:02.0459 4528        PptpMiniport - ok
21:07:02.0628 4528        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:07:02.0681 4528        Processor - ok
21:07:03.0240 4528        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:07:03.0280 4528        ProfSvc - ok
21:07:03.0414 4528        ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:03.0415 4528        ProtectedStorage - ok
21:07:03.0627 4528        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:07:03.0629 4528        Psched - ok
21:07:05.0753 4528        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:05.0827 4528        ql2300 - ok
21:07:07.0206 4528        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:07.0245 4528        ql40xx - ok
21:07:07.0621 4528        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:07:07.0638 4528        QWAVE - ok
21:07:07.0764 4528        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:07:07.0766 4528        QWAVEdrv - ok
21:07:07.0797 4528        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:07.0799 4528        RasAcd - ok
21:07:07.0920 4528        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:07.0922 4528        RasAgileVpn - ok
21:07:08.0131 4528        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:07:08.0152 4528        RasAuto - ok
21:07:08.0399 4528        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:08.0420 4528        Rasl2tp - ok
21:07:08.0882 4528        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:07:08.0960 4528        RasMan - ok
21:07:09.0180 4528        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:09.0187 4528        RasPppoe - ok
21:07:09.0360 4528        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:09.0363 4528        RasSstp - ok
21:07:09.0628 4528        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:09.0664 4528        rdbss - ok
21:07:09.0716 4528        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:09.0718 4528        rdpbus - ok
21:07:09.0786 4528        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:09.0797 4528        RDPCDD - ok
21:07:09.0846 4528        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:07:09.0853 4528        RDPENCDD - ok
21:07:09.0899 4528        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:07:09.0904 4528        RDPREFMP - ok
21:07:10.0222 4528        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:07:10.0242 4528        RDPWD - ok
21:07:10.0574 4528        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:07:10.0592 4528        rdyboost - ok
21:07:10.0714 4528        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:07:10.0719 4528        RemoteAccess - ok
21:07:10.0962 4528        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:07:10.0980 4528        RemoteRegistry - ok
21:07:11.0117 4528        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:07:11.0157 4528        RpcEptMapper - ok
21:07:11.0204 4528        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:07:11.0207 4528        RpcLocator - ok
21:07:11.0765 4528        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:07:11.0777 4528        RpcSs - ok
21:07:11.0955 4528        RsFx0103        (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
21:07:11.0987 4528        RsFx0103 - ok
21:07:12.0028 4528        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:12.0031 4528        rspndr - ok
21:07:12.0097 4528        RSUSBVSTOR      (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
21:07:12.0102 4528        RSUSBVSTOR - ok
21:07:12.0133 4528        RTL8167        (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:07:12.0136 4528        RTL8167 - ok
21:07:12.0176 4528        SamSs          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:12.0178 4528        SamSs - ok
21:07:12.0213 4528        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:07:12.0218 4528        sbp2port - ok
21:07:12.0259 4528        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:07:12.0280 4528        SCardSvr - ok
21:07:12.0337 4528        SCDEmu          (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
21:07:12.0339 4528        SCDEmu - ok
21:07:12.0379 4528        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:12.0382 4528        scfilter - ok
21:07:12.0483 4528        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:07:12.0538 4528        Schedule - ok
21:07:12.0572 4528        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:07:12.0573 4528        SCPolicySvc - ok
21:07:12.0641 4528        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:07:12.0655 4528        SDRSVC - ok
21:07:12.0723 4528        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:07:12.0726 4528        secdrv - ok
21:07:12.0763 4528        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:07:12.0768 4528        seclogon - ok
21:07:12.0800 4528        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:07:12.0806 4528        SENS - ok
21:07:12.0822 4528        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:07:12.0827 4528        SensrSvc - ok
21:07:12.0850 4528        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:07:12.0853 4528        Serenum - ok
21:07:12.0892 4528        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:07:12.0896 4528        Serial - ok
21:07:12.0927 4528        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:12.0930 4528        sermouse - ok
21:07:12.0978 4528        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:07:12.0983 4528        SessionEnv - ok
21:07:13.0007 4528        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:07:13.0009 4528        sffdisk - ok
21:07:13.0016 4528        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:13.0019 4528        sffp_mmc - ok
21:07:13.0034 4528        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:07:13.0038 4528        sffp_sd - ok
21:07:13.0052 4528        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:13.0055 4528        sfloppy - ok
21:07:13.0083 4528        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:07:13.0102 4528        ShellHWDetection - ok
21:07:13.0151 4528        simptcp        (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
21:07:13.0155 4528        simptcp - ok
21:07:13.0201 4528        SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:07:13.0204 4528        SiSGbeLH - ok
21:07:13.0228 4528        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:13.0231 4528        SiSRaid2 - ok
21:07:13.0246 4528        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:13.0250 4528        SiSRaid4 - ok
21:07:13.0354 4528        SkypeUpdate    (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:07:13.0359 4528        SkypeUpdate - ok
21:07:13.0393 4528        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:07:13.0398 4528        Smb - ok
21:07:13.0461 4528        SNMP            (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
21:07:13.0467 4528        SNMP - ok
21:07:13.0513 4528        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:07:13.0519 4528        SNMPTRAP - ok
21:07:13.0536 4528        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:07:13.0537 4528        spldr - ok
21:07:13.0597 4528        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:07:13.0632 4528        Spooler - ok
21:07:13.0968 4528        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:07:14.0036 4528        sppsvc - ok
21:07:14.0139 4528        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:07:14.0147 4528        sppuinotify - ok
21:07:14.0170 4528        sptd - ok
21:07:14.0295 4528        SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:07:14.0313 4528        SQLAgent$SQLEXPRESS - ok
21:07:14.0410 4528        SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:07:14.0423 4528        SQLBrowser - ok
21:07:14.0494 4528        SQLWriter      (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:07:14.0499 4528        SQLWriter - ok
21:07:14.0587 4528        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:07:14.0605 4528        srv - ok
21:07:14.0653 4528        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:07:14.0673 4528        srv2 - ok
21:07:14.0698 4528        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:14.0712 4528        srvnet - ok
21:07:14.0756 4528        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:07:14.0778 4528        SSDPSRV - ok
21:07:14.0808 4528        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:07:14.0816 4528        SstpSvc - ok
21:07:14.0941 4528        StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
21:07:14.0959 4528        StarWindServiceAE - ok
21:07:15.0008 4528        Steam Client Service - ok
21:07:15.0038 4528        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:15.0042 4528        stexstor - ok
21:07:15.0118 4528        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:07:15.0163 4528        stisvc - ok
21:07:15.0200 4528        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:07:15.0201 4528        swenum - ok
21:07:15.0258 4528        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:07:15.0280 4528        swprv - ok
21:07:15.0385 4528        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:07:15.0451 4528        SysMain - ok
21:07:15.0556 4528        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:07:15.0573 4528        TabletInputService - ok
21:07:15.0616 4528        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:07:15.0636 4528        TapiSrv - ok
21:07:15.0684 4528        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:07:15.0689 4528        TBS - ok
21:07:15.0854 4528        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:07:15.0914 4528        Tcpip - ok
21:07:16.0171 4528        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:16.0187 4528        TCPIP6 - ok
21:07:16.0267 4528        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:07:16.0269 4528        tcpipreg - ok
21:07:16.0300 4528        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:07:16.0303 4528        TDPIPE - ok
21:07:16.0319 4528        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:07:16.0321 4528        TDTCP - ok
21:07:16.0360 4528        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:07:16.0363 4528        tdx - ok
21:07:16.0449 4528        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:07:16.0451 4528        TermDD - ok
21:07:16.0514 4528        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:07:16.0546 4528        TermService - ok
21:07:16.0584 4528        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:07:16.0591 4528        Themes - ok
21:07:16.0629 4528        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:07:16.0632 4528        THREADORDER - ok
21:07:16.0675 4528        TlntSvr        (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
21:07:16.0683 4528        TlntSvr - ok
21:07:16.0723 4528        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:07:16.0739 4528        TrkWks - ok
21:07:16.0809 4528        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:07:16.0823 4528        TrustedInstaller - ok
21:07:16.0888 4528        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:16.0891 4528        tssecsrv - ok
21:07:16.0941 4528        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:07:16.0945 4528        TsUsbFlt - ok
21:07:17.0085 4528        TS_AR5416      (519738ff21539146ebcf8cf9d809a1d9) C:\Windows\system32\DRIVERS\ts_athwx.sys
21:07:17.0138 4528        TS_AR5416 - ok
21:07:17.0293 4528        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:17.0297 4528        tunnel - ok
21:07:17.0330 4528        TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
21:07:17.0331 4528        TurboB - ok
21:07:17.0395 4528        TurboBoost      (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:07:17.0399 4528        TurboBoost - ok
21:07:17.0435 4528        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:17.0439 4528        uagp35 - ok
21:07:17.0482 4528        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:07:17.0503 4528        udfs - ok
21:07:17.0549 4528        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:07:17.0556 4528        UI0Detect - ok
21:07:17.0596 4528        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:07:17.0600 4528        uliagpkx - ok
21:07:17.0659 4528        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:07:17.0662 4528        umbus - ok
21:07:17.0699 4528        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:07:17.0703 4528        UmPass - ok
21:07:17.0758 4528        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:07:17.0777 4528        upnphost - ok
21:07:17.0849 4528        USB28xxBGA      (9f653328c93be4a65fbc8fa8d6d41a36) C:\Windows\system32\DRIVERS\emBDA64.sys
21:07:17.0873 4528        USB28xxBGA - ok
21:07:17.0908 4528        USB28xxOEM      (9ae41342a484a808aa9cecc69db0ebfe) C:\Windows\system32\DRIVERS\emOEM64.sys
21:07:17.0920 4528        USB28xxOEM - ok
21:07:17.0966 4528        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:07:17.0969 4528        USBAAPL64 - ok
21:07:18.0017 4528        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:18.0021 4528        usbccgp - ok
21:07:18.0048 4528        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:07:18.0051 4528        usbcir - ok
21:07:18.0072 4528        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
21:07:18.0074 4528        usbehci - ok
21:07:18.0116 4528        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
21:07:18.0134 4528        usbhub - ok
21:07:18.0155 4528        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
21:07:18.0158 4528        usbohci - ok
21:07:18.0192 4528        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:18.0195 4528        usbprint - ok
21:07:18.0216 4528        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:07:18.0219 4528        usbscan - ok
21:07:18.0239 4528        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:18.0242 4528        USBSTOR - ok
21:07:18.0273 4528        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
21:07:18.0275 4528        usbuhci - ok
21:07:18.0321 4528        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:07:18.0325 4528        usbvideo - ok
21:07:18.0351 4528        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:07:18.0356 4528        UxSms - ok
21:07:18.0392 4528        VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:07:18.0394 4528        VaultSvc - ok
21:07:18.0408 4528        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:07:18.0409 4528        vdrvroot - ok
21:07:18.0468 4528        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:07:18.0491 4528        vds - ok
21:07:18.0537 4528        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:18.0540 4528        vga - ok
21:07:18.0558 4528        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:07:18.0561 4528        VgaSave - ok
21:07:18.0598 4528        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:07:18.0603 4528        vhdmp - ok
21:07:18.0614 4528        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:07:18.0617 4528        viaide - ok
21:07:18.0635 4528        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:07:18.0638 4528        volmgr - ok
21:07:18.0684 4528        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:07:18.0701 4528        volmgrx - ok
21:07:18.0726 4528        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:07:18.0738 4528        volsnap - ok
21:07:18.0786 4528        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:18.0791 4528        vsmraid - ok
21:07:18.0896 4528        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:07:18.0966 4528        VSS - ok
21:07:19.0146 4528        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:19.0149 4528        vwifibus - ok
21:07:19.0170 4528        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:19.0174 4528        vwififlt - ok
21:07:19.0207 4528        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:19.0209 4528        vwifimp - ok
21:07:19.0265 4528        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:07:19.0288 4528        W32Time - ok
21:07:19.0321 4528        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:19.0324 4528        WacomPen - ok
21:07:19.0380 4528        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:19.0383 4528        WANARP - ok
21:07:19.0387 4528        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:19.0388 4528        Wanarpv6 - ok
21:07:19.0487 4528        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:07:19.0538 4528        WatAdminSvc - ok
21:07:19.0642 4528        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:07:19.0704 4528        wbengine - ok
21:07:19.0888 4528        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:07:19.0908 4528        WbioSrvc - ok
21:07:19.0958 4528        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:07:19.0977 4528        wcncsvc - ok
21:07:20.0013 4528        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:07:20.0020 4528        WcsPlugInService - ok
21:07:20.0067 4528        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:07:20.0070 4528        Wd - ok
21:07:20.0112 4528        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:07:20.0137 4528        Wdf01000 - ok
21:07:20.0176 4528        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:20.0182 4528        WdiServiceHost - ok
21:07:20.0186 4528        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:07:20.0190 4528        WdiSystemHost - ok
21:07:20.0235 4528        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:07:20.0255 4528        WebClient - ok
21:07:20.0287 4528        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:07:20.0300 4528        Wecsvc - ok
21:07:20.0331 4528        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:07:20.0337 4528        wercplsupport - ok
21:07:20.0373 4528        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:07:20.0378 4528        WerSvc - ok
21:07:20.0443 4528        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:20.0446 4528        WfpLwf - ok
21:07:20.0482 4528        WimFltr        (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:07:20.0496 4528        WimFltr - ok
21:07:20.0515 4528        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:07:20.0518 4528        WIMMount - ok
21:07:20.0531 4528        WinHttpAutoProxySvc - ok
21:07:20.0590 4528        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:07:20.0605 4528        Winmgmt - ok
21:07:20.0742 4528        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:07:20.0803 4528        WinRM - ok
21:07:21.0038 4528        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:07:21.0041 4528        WinUsb - ok
21:07:21.0099 4528        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:07:21.0142 4528        Wlansvc - ok
21:07:21.0173 4528        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:07:21.0175 4528        WmiAcpi - ok
21:07:21.0235 4528        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:21.0249 4528        wmiApSrv - ok
21:07:21.0297 4528        WMPNetworkSvc - ok
21:07:21.0323 4528        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:07:21.0330 4528        WPCSvc - ok
21:07:21.0368 4528        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:07:21.0373 4528        WPDBusEnum - ok
21:07:21.0395 4528        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:21.0397 4528        ws2ifsl - ok
21:07:21.0424 4528        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:07:21.0427 4528        WSDPrintDevice - ok
21:07:21.0462 4528        WSDScan        (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
21:07:21.0465 4528        WSDScan - ok
21:07:21.0468 4528        WSearch - ok
21:07:21.0602 4528        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:07:21.0693 4528        wuauserv - ok
21:07:21.0824 4528        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:07:21.0829 4528        WudfPf - ok
21:07:21.0881 4528        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:21.0896 4528        WUDFRd - ok
21:07:21.0933 4528        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:07:21.0940 4528        wudfsvc - ok
21:07:21.0983 4528        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:07:22.0008 4528        WwanSvc - ok
21:07:22.0150 4528        {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:07:22.0154 4528        {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:07:22.0212 4528        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:07:22.0464 4528        \Device\Harddisk0\DR0 - ok
21:07:22.0472 4528        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:07:22.0515 4528        \Device\Harddisk1\DR1 - ok
21:07:22.0517 4528        Boot (0x1200)  (d2c6aa70cfdde4c1166cfbe7376d8ee0) \Device\Harddisk0\DR0\Partition0
21:07:22.0518 4528        \Device\Harddisk0\DR0\Partition0 - ok
21:07:22.0543 4528        Boot (0x1200)  (c249e3b68397e4c75837f0c65bfe86a5) \Device\Harddisk0\DR0\Partition1
21:07:22.0546 4528        \Device\Harddisk0\DR0\Partition1 - ok
21:07:22.0549 4528        Boot (0x1200)  (fcc88c8e5ef6040d17e64b7133199298) \Device\Harddisk1\DR1\Partition0
21:07:22.0552 4528        \Device\Harddisk1\DR1\Partition0 - ok
21:07:22.0552 4528        ============================================================
21:07:22.0552 4528        Scan finished
21:07:22.0552 4528        ============================================================
21:07:22.0558 4544        Detected object count: 0
21:07:22.0558 4544        Actual detected object count: 0
21:08:27.0823 4224        Deinitialize success

t'john 17.07.2012 20:12
Sehr gut! :daumenhoc

Wie laeuft der Rechner?
Immer noch Weiterleitungen?

flo231_464 18.07.2012 17:42
Rechner läuft super, hab keine Probleme mehr festgestellt. Danke auf jeden Fall. Bei korrekter Schädlingsbekämpfung hörts echt auf mit meinen Computerkentnissen. Bin froh das es die netten Experten vom Trojaner-Board gibt.

Gruß,
Flo

t'john 18.07.2012 20:40
Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131