[ENG] achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Removal?

[truetaurus]

DONE:

Code:

ComboFix 12-04-09.01 - Phil 09.04.2012  14:54:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.8103.5651 [GMT 2:00]
Running from: c:\users\Phil\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\programdata\FullRemove.OLDexe
c:\programdata\LPzyUiSWt8Q4KA
c:\programdata\Roaming
c:\users\Phil\AppData\Roaming\Directory
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\test.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-09 to 2012-04-09  )))))))))))))))))))))))))))))))
.
.
2012-04-09 13:30 . 2012-04-09 13:30	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 13:30 . 2012-04-09 13:30	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-04-09 13:30 . 2012-04-09 13:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-08 22:15 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-04-08 15:42 . 2012-04-07 00:06	2871808	----a-w-	c:\windows\explorer.exe
2012-04-07 14:53 . 2012-04-07 14:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-07 13:57 . 2012-04-07 13:57	--------	d-----w-	c:\program files (x86)\SopCast
2012-04-07 11:38 . 2012-04-07 11:38	--------	d-----w-	c:\windows\SysWow64\drivers\AVG
2012-04-07 11:37 . 2012-04-08 14:16	--------	d-----w-	c:\windows\system32\drivers\AVG
2012-04-07 11:37 . 2012-04-07 11:37	--------	d-----w-	C:\$AVG
2012-04-07 10:48 . 2012-04-07 10:48	--------	d-----w-	c:\users\Phil\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-04-07 10:47 . 2012-04-07 10:47	--------	d-----w-	c:\programdata\Virtualized Applications
2012-04-07 10:31 . 2012-03-20 01:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBBE9BB8-F740-4A45-BFDD-1E3B59A40A2A}\mpengine.dll
2012-04-07 10:24 . 2012-04-07 10:24	--------	d-----w-	C:\_OTL
2012-04-07 10:12 . 2012-04-07 10:12	--------	d-----w-	c:\users\Phil\AppData\Roaming\High Impact eMail 5
2012-04-07 00:16 . 2012-04-07 00:16	--------	d-----w-	c:\program files\CCleaner
2012-04-05 18:11 . 2012-04-05 18:12	--------	d-----w-	c:\programdata\Codecv
2012-04-04 01:06 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-04 01:06 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-04 01:06 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-03 22:08 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-04-03 22:08 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-04-03 22:08 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-04-03 22:08 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-03 22:08 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-03 22:08 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-03 22:07 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-04-03 22:07 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-04-03 22:07 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-03 22:07 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-04-03 20:11 . 2012-04-03 20:11	--------	d-----w-	c:\users\Phil\AppData\Roaming\AVG2012
2012-04-03 20:06 . 2012-04-07 11:38	--------	d-----w-	c:\programdata\AVG2012
2012-04-03 20:05 . 2012-04-03 20:05	--------	d-----w-	c:\program files (x86)\AVG
2012-04-03 20:02 . 2012-04-03 20:02	--------	d--h--w-	c:\programdata\Common Files
2012-04-03 20:02 . 2012-04-08 14:16	--------	d-----w-	c:\programdata\MFAData
2012-04-01 21:11 . 2012-04-01 21:11	--------	d-----w-	c:\users\Phil\AppData\Roaming\Malwarebytes
2012-04-01 21:10 . 2012-04-01 21:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-01 16:33 . 2012-04-01 16:33	--------	d-----w-	C:\Banks
2012-04-01 16:30 . 2012-04-01 16:30	--------	d-----w-	c:\program files (x86)\d-lusion
2012-04-01 16:15 . 2012-04-01 16:15	--------	d--h--w-	c:\users\Phil\AppData\Roaming\SynthMaker
2012-03-25 19:02 . 2012-04-03 21:40	--------	d-----w-	c:\users\Phil\AppData\Roaming\Stellarium
2012-03-25 19:02 . 2012-04-03 21:41	--------	d-----w-	c:\program files (x86)\Stellarium
2012-03-25 14:34 . 2012-03-25 14:34	--------	d--h--w-	c:\programdata\Premium
2012-03-18 16:39 . 2012-03-23 18:38	--------	d--h--w-	c:\users\Phil\AppData\Roaming\UAs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 12:23 . 2011-09-29 17:19	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-03-03 23:22 . 2012-03-03 23:22	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2012-03-03 21:07 . 2012-03-03 21:07	95	----a-w-	c:\windows\SysWow64\InstallGAC.bat
2012-02-23 07:18 . 2011-10-02 10:56	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 03:25 . 2012-02-22 03:25	382032	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-02-22 03:25 . 2012-02-22 03:25	289872	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-01-31 02:46 . 2012-01-31 02:46	36944	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7D034EBB-40BF-43E8-B525-6EB2A7615B2E}]
2012-04-05 16:00	140800	----a-w-	c:\programdata\Codecv\bhoclass.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/17 22:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd14536cd82b34.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-09  15:52:41
ComboFix-quarantined-files.txt  2012-04-09 13:52
.
Pre-Run: 130.358.837.248 bytes free
Post-Run: 129.981.480.960 bytes free
.
- - End Of File - - 7801AAD3ACAEE42C946370E2824A2117

[john.doe]

Also when i do searches in google and then click on the page and sometimes get redirected to some other random page.

Do the redirections only occur in one browser or in both?

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.




--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

bye, andreas

[truetaurus]

Here you go:

Code:

17:25:22.0887 1932	TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37
17:25:22.0959 1932	============================================================
17:25:22.0959 1932	Current date / time: 2012/04/09 17:25:22.0959
17:25:22.0959 1932	SystemInfo:
17:25:22.0959 1932	
17:25:22.0959 1932	OS Version: 6.1.7601 ServicePack: 1.0
17:25:22.0959 1932	Product type: Workstation
17:25:22.0959 1932	ComputerName: PHIL-PC
17:25:22.0959 1932	UserName: Phil
17:25:22.0959 1932	Windows directory: C:\Windows
17:25:22.0959 1932	System windows directory: C:\Windows
17:25:22.0959 1932	Running under WOW64
17:25:22.0959 1932	Processor architecture: Intel x64
17:25:22.0959 1932	Number of processors: 4
17:25:22.0959 1932	Page size: 0x1000
17:25:22.0959 1932	Boot type: Normal boot
17:25:22.0959 1932	============================================================
17:25:23.0507 1932	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:23.0509 1932	Drive \Device\Harddisk1\DR1 - Size: 0x3C800000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:25:23.0512 1932	\Device\Harddisk0\DR0:
17:25:23.0512 1932	MBR used
17:25:23.0512 1932	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
17:25:23.0537 1932	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1C4AEE76
17:25:23.0579 1932	\Device\Harddisk1\DR1:
17:25:23.0582 1932	MBR used
17:25:23.0652 1932	Initialize success
17:25:23.0652 1932	============================================================
17:25:43.0642 3732	============================================================
17:25:43.0642 3732	Scan started
17:25:43.0642 3732	Mode: Manual; SigCheck; TDLFS; 
17:25:43.0642 3732	============================================================
17:25:44.0517 3732	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:25:44.0605 3732	1394ohci - ok
17:25:44.0877 3732	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:25:44.0902 3732	ACPI - ok
17:25:45.0110 3732	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:25:45.0160 3732	AcpiPmi - ok
17:25:45.0295 3732	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:45.0302 3732	AdobeARMservice - ok
17:25:45.0432 3732	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:25:45.0447 3732	adp94xx - ok
17:25:45.0462 3732	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:25:45.0472 3732	adpahci - ok
17:25:45.0567 3732	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:25:45.0590 3732	adpu320 - ok
17:25:45.0662 3732	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:25:45.0712 3732	AeLookupSvc - ok
17:25:45.0820 3732	AFBAgent        (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
17:25:45.0850 3732	AFBAgent - ok
17:25:45.0972 3732	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:25:46.0015 3732	AFD - ok
17:25:46.0112 3732	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:25:46.0130 3732	agp440 - ok
17:25:46.0222 3732	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:25:46.0322 3732	ALG - ok
17:25:46.0490 3732	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:25:46.0500 3732	aliide - ok
17:25:46.0612 3732	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:25:46.0617 3732	amdide - ok
17:25:46.0712 3732	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:25:46.0745 3732	AmdK8 - ok
17:25:46.0847 3732	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:25:46.0895 3732	AmdPPM - ok
17:25:46.0990 3732	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:25:47.0005 3732	amdsata - ok
17:25:47.0112 3732	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:25:47.0137 3732	amdsbs - ok
17:25:47.0317 3732	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:25:47.0325 3732	amdxata - ok
17:25:47.0495 3732	Apache2.2       (f41e453a90ef19217cee1675f5256ee7) c:\xampp\apache\bin\httpd.exe
17:25:47.0497 3732	Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
17:25:47.0497 3732	Apache2.2 - detected UnsignedFile.Multi.Generic (1)
17:25:47.0680 3732	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:25:47.0725 3732	AppID - ok
17:25:47.0865 3732	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:25:47.0927 3732	AppIDSvc - ok
17:25:47.0947 3732	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:25:47.0987 3732	Appinfo - ok
17:25:48.0102 3732	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:25:48.0117 3732	arc - ok
17:25:48.0227 3732	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:25:48.0235 3732	arcsas - ok
17:25:48.0387 3732	ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:25:48.0392 3732	ASLDRService - ok
17:25:48.0552 3732	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:25:48.0560 3732	ASMMAP64 - ok
17:25:48.0690 3732	asmthub3        (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
17:25:48.0725 3732	asmthub3 - ok
17:25:48.0962 3732	asmtxhci        (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
17:25:49.0010 3732	asmtxhci - ok
17:25:49.0107 3732	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:49.0142 3732	AsyncMac - ok
17:25:49.0250 3732	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:25:49.0255 3732	atapi - ok
17:25:49.0427 3732	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
17:25:49.0477 3732	athr - ok
17:25:49.0605 3732	ATKGFNEXSrv     (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:25:49.0615 3732	ATKGFNEXSrv - ok
17:25:49.0747 3732	ATKWMIACPIIO    (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
17:25:49.0762 3732	ATKWMIACPIIO - ok
17:25:49.0857 3732	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:25:49.0922 3732	AudioEndpointBuilder - ok
17:25:49.0962 3732	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:25:50.0002 3732	AudioSrv - ok
17:25:50.0165 3732	AVGIDSAgent     (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:25:50.0235 3732	AVGIDSAgent - ok
17:25:50.0425 3732	AVGIDSDriver    (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:25:50.0430 3732	AVGIDSDriver - ok
17:25:50.0577 3732	AVGIDSEH        (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
17:25:50.0587 3732	AVGIDSEH - ok
17:25:50.0677 3732	AVGIDSFilter    (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:25:50.0685 3732	AVGIDSFilter - ok
17:25:50.0810 3732	Avgldx64        (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
17:25:50.0817 3732	Avgldx64 - ok
17:25:50.0922 3732	Avgmfx64        (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:25:50.0927 3732	Avgmfx64 - ok
17:25:51.0030 3732	Avgrkx64        (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:25:51.0047 3732	Avgrkx64 - ok
17:25:51.0157 3732	Avgtdia         (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
17:25:51.0180 3732	Avgtdia - ok
17:25:51.0277 3732	avgwd           (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:25:51.0290 3732	avgwd - ok
17:25:51.0392 3732	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:25:51.0430 3732	AxInstSV - ok
17:25:51.0575 3732	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:25:51.0617 3732	b06bdrv - ok
17:25:51.0807 3732	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:25:51.0837 3732	b57nd60a - ok
17:25:51.0927 3732	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:25:51.0982 3732	BDESVC - ok
17:25:52.0085 3732	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:25:52.0135 3732	Beep - ok
17:25:52.0215 3732	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:25:52.0280 3732	BFE - ok
17:25:52.0390 3732	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:25:52.0422 3732	BITS - ok
17:25:52.0572 3732	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:25:52.0602 3732	blbdrive - ok
17:25:52.0677 3732	Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:25:52.0707 3732	Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
17:25:52.0710 3732	Bonjour Service - detected UnsignedFile.Multi.Generic (1)
17:25:52.0867 3732	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:25:52.0902 3732	bowser - ok
17:25:53.0007 3732	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:25:53.0037 3732	BrFiltLo - ok
17:25:53.0130 3732	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:25:53.0150 3732	BrFiltUp - ok
17:25:53.0245 3732	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:25:53.0282 3732	BridgeMP - ok
17:25:53.0422 3732	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:25:53.0492 3732	Browser - ok
17:25:53.0587 3732	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:25:53.0635 3732	Brserid - ok
17:25:53.0730 3732	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:25:53.0765 3732	BrSerWdm - ok
17:25:53.0875 3732	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:25:53.0915 3732	BrUsbMdm - ok
17:25:54.0020 3732	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:25:54.0060 3732	BrUsbSer - ok
17:25:54.0155 3732	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:25:54.0197 3732	BthEnum - ok
17:25:54.0300 3732	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:25:54.0357 3732	BTHMODEM - ok
17:25:54.0612 3732	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:25:54.0647 3732	BthPan - ok
17:25:54.0807 3732	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:25:54.0852 3732	BTHPORT - ok
17:25:54.0935 3732	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:25:55.0010 3732	bthserv - ok
17:25:55.0112 3732	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:25:55.0152 3732	BTHUSB - ok
17:25:55.0257 3732	catchme - ok
17:25:55.0372 3732	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:25:55.0432 3732	cdfs - ok
17:25:55.0582 3732	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:25:55.0625 3732	cdrom - ok
17:25:55.0665 3732	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:25:55.0727 3732	CertPropSvc - ok
17:25:55.0822 3732	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:25:55.0872 3732	circlass - ok
17:25:56.0012 3732	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:25:56.0022 3732	CLFS - ok
17:25:56.0152 3732	CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
17:25:56.0162 3732	CLKMSVC10_38F51D56 - ok
17:25:56.0260 3732	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:56.0270 3732	clr_optimization_v2.0.50727_32 - ok
17:25:56.0392 3732	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:25:56.0400 3732	clr_optimization_v2.0.50727_64 - ok
17:25:56.0545 3732	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:25:56.0557 3732	clr_optimization_v4.0.30319_32 - ok
17:25:56.0612 3732	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:25:56.0625 3732	clr_optimization_v4.0.30319_64 - ok
17:25:56.0832 3732	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:25:56.0857 3732	CmBatt - ok
17:25:56.0957 3732	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:25:56.0965 3732	cmdide - ok
17:25:57.0005 3732	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:25:57.0020 3732	CNG - ok
17:25:57.0127 3732	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:25:57.0142 3732	Compbatt - ok
17:25:57.0242 3732	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:25:57.0285 3732	CompositeBus - ok
17:25:57.0345 3732	COMSysApp - ok
17:25:57.0425 3732	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:25:57.0432 3732	crcdisk - ok
17:25:57.0557 3732	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:25:57.0590 3732	CryptSvc - ok
17:25:57.0712 3732	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:25:57.0740 3732	cvhsvc - ok
17:25:57.0830 3732	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:25:57.0865 3732	DcomLaunch - ok
17:25:57.0935 3732	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:25:57.0980 3732	defragsvc - ok
17:25:58.0080 3732	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:25:58.0125 3732	DfsC - ok
17:25:58.0202 3732	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:25:58.0280 3732	Dhcp - ok
17:25:58.0425 3732	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:25:58.0567 3732	discache - ok
17:25:58.0707 3732	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:25:58.0720 3732	Disk - ok
17:25:58.0810 3732	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:25:58.0847 3732	Dnscache - ok
17:25:58.0925 3732	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:25:58.0985 3732	dot3svc - ok
17:25:59.0060 3732	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:25:59.0105 3732	DPS - ok
17:25:59.0212 3732	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:25:59.0255 3732	drmkaud - ok
17:25:59.0400 3732	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:25:59.0420 3732	DXGKrnl - ok
17:25:59.0805 3732	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:25:59.0852 3732	EapHost - ok
17:26:00.0210 3732	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:26:00.0267 3732	ebdrv - ok
17:26:00.0347 3732	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:26:00.0355 3732	EFS - ok
17:26:00.0435 3732	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:26:00.0465 3732	ehRecvr - ok
17:26:00.0517 3732	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:26:00.0557 3732	ehSched - ok
17:26:00.0727 3732	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:26:00.0747 3732	elxstor - ok
17:26:00.0842 3732	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:26:00.0862 3732	ErrDev - ok
17:26:00.0967 3732	ETD             (871ab1bfa00eca5dfde99d6eece1bfd4) C:\Windows\system32\DRIVERS\ETD.sys
17:26:00.0985 3732	ETD - ok
17:26:01.0085 3732	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:26:01.0132 3732	EventSystem - ok
17:26:01.0262 3732	EvtEng          (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:26:01.0292 3732	EvtEng - ok
17:26:01.0385 3732	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:26:01.0442 3732	exfat - ok
17:26:01.0682 3732	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:26:01.0767 3732	fastfat - ok
17:26:01.0867 3732	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:26:01.0900 3732	Fax - ok
17:26:01.0997 3732	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:26:02.0032 3732	fdc - ok
17:26:02.0117 3732	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:26:02.0190 3732	fdPHost - ok
17:26:02.0272 3732	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:26:02.0332 3732	FDResPub - ok
17:26:02.0427 3732	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:26:02.0435 3732	FileInfo - ok
17:26:02.0565 3732	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:26:02.0615 3732	Filetrace - ok
17:26:02.0752 3732	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:26:02.0785 3732	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:26:02.0785 3732	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:26:02.0912 3732	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:26:02.0937 3732	flpydisk - ok
17:26:03.0045 3732	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:26:03.0060 3732	FltMgr - ok
17:26:03.0165 3732	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:26:03.0202 3732	FontCache - ok
17:26:03.0307 3732	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:03.0320 3732	FontCache3.0.0.0 - ok
17:26:03.0435 3732	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:26:03.0442 3732	FsDepends - ok
17:26:03.0610 3732	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:26:03.0627 3732	Fs_Rec - ok
17:26:03.0732 3732	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:26:03.0750 3732	fvevol - ok
17:26:03.0807 3732	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:26:03.0817 3732	gagp30kx - ok
17:26:03.0907 3732	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:26:03.0960 3732	gpsvc - ok
17:26:04.0062 3732	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:04.0072 3732	gupdate - ok
17:26:04.0080 3732	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:04.0087 3732	gupdatem - ok
17:26:04.0182 3732	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:26:04.0207 3732	hcw85cir - ok
17:26:04.0307 3732	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:26:04.0342 3732	HdAudAddService - ok
17:26:04.0437 3732	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:04.0472 3732	HDAudBus - ok
17:26:04.0605 3732	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:26:04.0652 3732	HidBatt - ok
17:26:05.0095 3732	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:26:05.0110 3732	HidBth - ok
17:26:05.0300 3732	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:26:05.0310 3732	HidIr - ok
17:26:05.0430 3732	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:26:05.0482 3732	hidserv - ok
17:26:05.0850 3732	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:26:05.0910 3732	HidUsb - ok
17:26:06.0033 3732	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:26:06.0118 3732	hkmsvc - ok
17:26:06.0215 3732	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:26:06.0245 3732	HomeGroupListener - ok
17:26:06.0335 3732	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:26:06.0368 3732	HomeGroupProvider - ok
17:26:06.0448 3732	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:26:06.0470 3732	HpSAMD - ok
17:26:06.0590 3732	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:26:06.0640 3732	HTTP - ok
17:26:06.0948 3732	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:26:06.0975 3732	hwpolicy - ok
17:26:07.0063 3732	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:07.0075 3732	i8042prt - ok
17:26:07.0235 3732	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
17:26:07.0260 3732	iaStor - ok
17:26:07.0503 3732	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:26:07.0533 3732	iaStorV - ok
17:26:07.0670 3732	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:07.0685 3732	idsvc - ok
17:26:08.0048 3732	igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:26:08.0178 3732	igfx - ok
17:26:08.0268 3732	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:26:08.0275 3732	iirsp - ok
17:26:08.0373 3732	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:26:08.0410 3732	IKEEXT - ok
17:26:08.0555 3732	IntcAzAudAddService (9f573c952961f444f400489e81eca381) C:\Windows\system32\drivers\RTKVHD64.sys
17:26:08.0605 3732	IntcAzAudAddService - ok
17:26:08.0805 3732	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:26:08.0850 3732	IntcDAud - ok
17:26:08.0935 3732	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:26:08.0958 3732	intelide - ok
17:26:09.0068 3732	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:26:09.0100 3732	intelppm - ok
17:26:09.0180 3732	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:26:09.0235 3732	IPBusEnum - ok
17:26:09.0315 3732	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:09.0360 3732	IpFilterDriver - ok
17:26:09.0445 3732	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:26:09.0513 3732	iphlpsvc - ok
17:26:09.0605 3732	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:26:09.0618 3732	IPMIDRV - ok
17:26:09.0693 3732	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:26:09.0740 3732	IPNAT - ok
17:26:09.0845 3732	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:26:09.0885 3732	IRENUM - ok
17:26:09.0975 3732	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:26:09.0983 3732	isapnp - ok
17:26:10.0068 3732	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:26:10.0083 3732	iScsiPrt - ok
17:26:10.0173 3732	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:10.0190 3732	kbdclass - ok
17:26:10.0268 3732	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:26:10.0288 3732	kbdhid - ok
17:26:10.0395 3732	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:26:10.0403 3732	kbfiltr - ok
17:26:10.0480 3732	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:26:10.0490 3732	KeyIso - ok
17:26:10.0588 3732	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:26:10.0598 3732	KSecDD - ok
17:26:10.0700 3732	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:26:10.0728 3732	KSecPkg - ok
17:26:10.0800 3732	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:26:10.0828 3732	ksthunk - ok
17:26:10.0900 3732	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:26:10.0940 3732	KtmRm - ok
17:26:11.0023 3732	L1C             (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
17:26:11.0045 3732	L1C - ok
17:26:11.0130 3732	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:26:11.0208 3732	LanmanServer - ok
17:26:11.0328 3732	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:26:11.0373 3732	LanmanWorkstation - ok
17:26:11.0503 3732	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:26:11.0550 3732	lltdio - ok
17:26:11.0763 3732	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:26:11.0818 3732	lltdsvc - ok
17:26:12.0033 3732	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:26:12.0105 3732	lmhosts - ok
17:26:12.0195 3732	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:26:12.0220 3732	LSI_FC - ok
17:26:12.0420 3732	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:26:12.0428 3732	LSI_SAS - ok
17:26:12.0720 3732	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:26:12.0728 3732	LSI_SAS2 - ok
17:26:12.0813 3732	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:26:12.0820 3732	LSI_SCSI - ok
17:26:12.0855 3732	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:26:12.0913 3732	luafv - ok
17:26:13.0033 3732	MBAMProtector - ok
17:26:13.0118 3732	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:26:13.0135 3732	MBAMService - ok
17:26:13.0275 3732	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:26:13.0305 3732	Mcx2Svc - ok
17:26:13.0358 3732	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:26:13.0368 3732	megasas - ok
17:26:13.0468 3732	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:26:13.0483 3732	MegaSR - ok
17:26:13.0555 3732	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
17:26:13.0560 3732	MEIx64 - ok
17:26:13.0663 3732	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:26:13.0713 3732	MMCSS - ok
17:26:13.0795 3732	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:26:13.0840 3732	Modem - ok
17:26:13.0943 3732	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:26:13.0973 3732	monitor - ok
17:26:14.0055 3732	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:26:14.0063 3732	mouclass - ok
17:26:14.0185 3732	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:26:14.0228 3732	mouhid - ok
17:26:14.0358 3732	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:26:14.0363 3732	mountmgr - ok
17:26:14.0498 3732	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:26:14.0510 3732	mpio - ok
17:26:14.0553 3732	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:26:14.0598 3732	mpsdrv - ok
17:26:14.0678 3732	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:26:14.0725 3732	MpsSvc - ok
17:26:15.0215 3732	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:26:15.0293 3732	MRxDAV - ok
17:26:15.0450 3732	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:15.0473 3732	mrxsmb - ok
17:26:15.0578 3732	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:15.0588 3732	mrxsmb10 - ok
17:26:15.0663 3732	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:15.0698 3732	mrxsmb20 - ok
17:26:15.0780 3732	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:26:15.0795 3732	msahci - ok
17:26:15.0880 3732	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:26:15.0888 3732	msdsm - ok
17:26:15.0983 3732	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:26:16.0018 3732	MSDTC - ok
17:26:16.0333 3732	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:26:16.0370 3732	Msfs - ok
17:26:16.0450 3732	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:26:16.0498 3732	mshidkmdf - ok
17:26:16.0583 3732	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:26:16.0590 3732	msisadrv - ok
17:26:16.0678 3732	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:26:16.0730 3732	MSiSCSI - ok
17:26:17.0175 3732	msiserver - ok
17:26:17.0240 3732	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:26:17.0300 3732	MSKSSRV - ok
17:26:17.0408 3732	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:17.0473 3732	MSPCLOCK - ok
17:26:17.0538 3732	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:26:17.0583 3732	MSPQM - ok
17:26:17.0673 3732	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:26:17.0698 3732	MsRPC - ok
17:26:17.0785 3732	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:17.0793 3732	mssmbios - ok
17:26:17.0885 3732	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:26:17.0955 3732	MSTEE - ok
17:26:18.0318 3732	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:26:18.0345 3732	MTConfig - ok
17:26:18.0405 3732	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:26:18.0413 3732	Mup - ok
17:26:18.0518 3732	mysql - ok
17:26:18.0643 3732	MyWiFiDHCPDNS   (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:26:18.0658 3732	MyWiFiDHCPDNS - ok
17:26:18.0730 3732	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:26:18.0993 3732	napagent - ok
17:26:19.0175 3732	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:26:19.0213 3732	NativeWifiP - ok
17:26:19.0443 3732	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
17:26:19.0468 3732	NDIS - ok
17:26:19.0720 3732	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:26:19.0773 3732	NdisCap - ok
17:26:19.0853 3732	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:19.0898 3732	NdisTapi - ok
17:26:19.0998 3732	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:20.0053 3732	Ndisuio - ok
17:26:20.0145 3732	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:20.0203 3732	NdisWan - ok
17:26:20.0268 3732	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:26:20.0343 3732	NDProxy - ok
17:26:20.0435 3732	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:26:20.0483 3732	NetBIOS - ok
17:26:20.0588 3732	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:26:20.0663 3732	NetBT - ok
17:26:20.0748 3732	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:26:20.0758 3732	Netlogon - ok
17:26:20.0835 3732	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:26:20.0865 3732	Netman - ok
17:26:20.0945 3732	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:26:20.0995 3732	netprofm - ok
17:26:21.0110 3732	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:21.0135 3732	NetTcpPortSharing - ok
17:26:21.0370 3732	NETwNs64        (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:26:21.0463 3732	NETwNs64 - ok
17:26:21.0565 3732	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:26:21.0588 3732	nfrd960 - ok
17:26:21.0733 3732	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:26:21.0785 3732	NlaSvc - ok
17:26:21.0958 3732	nmwcd           (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
17:26:22.0000 3732	nmwcd - ok
17:26:22.0238 3732	nmwcdc          (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
17:26:22.0290 3732	nmwcdc - ok
17:26:22.0383 3732	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:26:22.0430 3732	Npfs - ok
17:26:22.0493 3732	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:26:22.0535 3732	nsi - ok
17:26:22.0670 3732	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:26:22.0743 3732	nsiproxy - ok
17:26:23.0240 3732	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:26:23.0278 3732	Ntfs - ok
17:26:23.0363 3732	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:26:23.0400 3732	Null - ok
17:26:23.0750 3732	nvlddmkm        (07ca1d99512ee5ef99e954a13f3bffa8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:26:23.0928 3732	nvlddmkm - ok
17:26:24.0070 3732	nvpciflt        (a8db9ebd9887a9820dbc1878f0301ee7) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:26:24.0083 3732	nvpciflt - ok
17:26:24.0265 3732	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:26:24.0280 3732	nvraid - ok
17:26:24.0418 3732	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:26:24.0433 3732	nvstor - ok
17:26:24.0533 3732	NVSvc           (9007a22a1938a9ef81ca5122121eccd8) C:\Windows\system32\nvvsvc.exe
17:26:24.0560 3732	NVSvc - ok
17:26:24.0693 3732	nvUpdatusService (00572c26c6dcf99362068fb7283b7126) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:26:24.0740 3732	nvUpdatusService - ok
17:26:24.0860 3732	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:26:24.0870 3732	nv_agp - ok
17:26:25.0388 3732	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:26:25.0420 3732	ohci1394 - ok
17:26:25.0615 3732	OpenVPNService  (d29d5e61a5722630bb58940d1e4e231a) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
17:26:25.0643 3732	OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
17:26:25.0643 3732	OpenVPNService - detected UnsignedFile.Multi.Generic (1)
17:26:25.0793 3732	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:25.0810 3732	ose - ok
17:26:26.0328 3732	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:26:26.0398 3732	osppsvc - ok
17:26:26.0483 3732	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:26:26.0520 3732	p2pimsvc - ok
17:26:26.0613 3732	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:26:26.0640 3732	p2psvc - ok
17:26:26.0793 3732	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:26:26.0845 3732	Parport - ok
17:26:26.0958 3732	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:26:26.0968 3732	partmgr - ok
17:26:27.0050 3732	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:26:27.0065 3732	PcaSvc - ok
17:26:27.0245 3732	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:26:27.0273 3732	pccsmcfd - ok
17:26:27.0313 3732	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:26:27.0328 3732	pci - ok
17:26:27.0420 3732	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:26:27.0430 3732	pciide - ok
17:26:27.0518 3732	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:26:27.0538 3732	pcmcia - ok
17:26:27.0638 3732	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:26:27.0660 3732	pcw - ok
17:26:27.0760 3732	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:26:27.0830 3732	PEAUTH - ok
17:26:27.0900 3732	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:26:27.0928 3732	PerfHost - ok
17:26:28.0035 3732	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:26:28.0090 3732	pla - ok
17:26:28.0183 3732	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:26:28.0230 3732	PlugPlay - ok
17:26:28.0308 3732	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:26:28.0353 3732	PNRPAutoReg - ok
17:26:28.0448 3732	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:26:28.0480 3732	PNRPsvc - ok
17:26:28.0583 3732	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:26:28.0635 3732	PolicyAgent - ok
17:26:28.0723 3732	postgresql-x64-9.1 - ok
17:26:28.0835 3732	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:26:28.0890 3732	Power - ok
17:26:28.0978 3732	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:26:29.0050 3732	PptpMiniport - ok
17:26:29.0143 3732	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:26:29.0165 3732	Processor - ok
17:26:29.0250 3732	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:26:29.0290 3732	ProfSvc - ok
17:26:29.0370 3732	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:26:29.0393 3732	ProtectedStorage - ok
17:26:29.0473 3732	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:26:29.0538 3732	Psched - ok
17:26:29.0673 3732	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:26:29.0700 3732	ql2300 - ok
17:26:29.0848 3732	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:26:29.0870 3732	ql40xx - ok
17:26:30.0058 3732	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:26:30.0093 3732	QWAVE - ok
17:26:30.0203 3732	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:26:30.0240 3732	QWAVEdrv - ok
17:26:30.0338 3732	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:26:30.0395 3732	RasAcd - ok
17:26:30.0493 3732	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:26:30.0545 3732	RasAgileVpn - ok
17:26:30.0948 3732	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:26:31.0033 3732	RasAuto - ok
17:26:31.0250 3732	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:31.0320 3732	Rasl2tp - ok
17:26:31.0403 3732	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:26:31.0463 3732	RasMan - ok
17:26:31.0550 3732	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:31.0608 3732	RasPppoe - ok
17:26:31.0783 3732	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:26:31.0833 3732	RasSstp - ok
17:26:32.0070 3732	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:26:32.0125 3732	rdbss - ok
17:26:32.0220 3732	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:26:32.0288 3732	rdpbus - ok
17:26:32.0393 3732	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:32.0435 3732	RDPCDD - ok
17:26:32.0535 3732	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:26:32.0563 3732	RDPENCDD - ok
17:26:32.0665 3732	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:26:32.0735 3732	RDPREFMP - ok
17:26:32.0910 3732	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:26:32.0938 3732	RDPWD - ok
17:26:33.0178 3732	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:26:33.0185 3732	rdyboost - ok
17:26:33.0290 3732	RegSrvc         (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:26:33.0308 3732	RegSrvc - ok
17:26:33.0380 3732	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:26:33.0425 3732	RemoteAccess - ok
17:26:33.0520 3732	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:26:33.0563 3732	RemoteRegistry - ok
17:26:33.0840 3732	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:26:33.0890 3732	RFCOMM - ok
17:26:34.0138 3732	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:26:34.0218 3732	RpcEptMapper - ok
17:26:34.0298 3732	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:26:34.0308 3732	RpcLocator - ok
17:26:34.0390 3732	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:26:34.0440 3732	RpcSs - ok
17:26:34.0523 3732	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:26:34.0573 3732	rspndr - ok
17:26:34.0693 3732	RSUSBVSTOR      (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
17:26:34.0705 3732	RSUSBVSTOR - ok
17:26:34.0980 3732	RTL8167         (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:26:35.0003 3732	RTL8167 - ok
17:26:35.0138 3732	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:26:35.0155 3732	SamSs - ok
17:26:35.0248 3732	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:26:35.0273 3732	sbp2port - ok
17:26:35.0340 3732	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:26:35.0385 3732	SCardSvr - ok
17:26:35.0480 3732	SCDEmu          (9c9df6d9a604178ddcdd703846f6ccec) C:\Windows\system32\drivers\SCDEmu.sys
17:26:35.0505 3732	SCDEmu - ok
17:26:35.0623 3732	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:26:35.0670 3732	scfilter - ok
17:26:35.0775 3732	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:26:35.0818 3732	Schedule - ok
17:26:35.0900 3732	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:26:35.0928 3732	SCPolicySvc - ok
17:26:36.0063 3732	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:26:36.0088 3732	SDRSVC - ok
17:26:36.0178 3732	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:26:36.0255 3732	secdrv - ok
17:26:36.0323 3732	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:26:36.0383 3732	seclogon - ok
17:26:36.0448 3732	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:26:36.0493 3732	SENS - ok
17:26:36.0568 3732	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:26:36.0588 3732	SensrSvc - ok
17:26:36.0675 3732	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:26:36.0760 3732	Serenum - ok
17:26:37.0000 3732	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:26:37.0053 3732	Serial - ok
17:26:37.0178 3732	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:26:37.0230 3732	sermouse - ok
17:26:37.0405 3732	ServiceLayer    (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:26:37.0460 3732	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:26:37.0460 3732	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:26:37.0578 3732	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:26:37.0643 3732	SessionEnv - ok
17:26:37.0813 3732	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:26:37.0888 3732	sffdisk - ok
17:26:38.0223 3732	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:26:38.0258 3732	sffp_mmc - ok
17:26:38.0458 3732	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:26:38.0493 3732	sffp_sd - ok
17:26:38.0591 3732	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:26:38.0616 3732	sfloppy - ok
17:26:38.0721 3732	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:26:38.0751 3732	Sftfs - ok
17:26:38.0871 3732	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:26:38.0896 3732	sftlist - ok
17:26:39.0031 3732	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:26:39.0043 3732	Sftplay - ok
17:26:39.0138 3732	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:26:39.0148 3732	Sftredir - ok
17:26:39.0236 3732	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:26:39.0251 3732	Sftvol - ok
17:26:39.0336 3732	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:26:39.0343 3732	sftvsa - ok
17:26:39.0428 3732	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:26:39.0488 3732	SharedAccess - ok
17:26:39.0586 3732	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:26:39.0628 3732	ShellHWDetection - ok
17:26:39.0738 3732	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
17:26:39.0786 3732	SiSGbeLH - ok
17:26:39.0871 3732	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:26:39.0898 3732	SiSRaid2 - ok
17:26:39.0986 3732	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:26:40.0001 3732	SiSRaid4 - ok
17:26:40.0086 3732	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:26:40.0166 3732	Smb - ok
17:26:40.0243 3732	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:26:40.0278 3732	SNMPTRAP - ok
17:26:40.0391 3732	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:26:40.0403 3732	spldr - ok
17:26:40.0493 3732	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:26:40.0528 3732	Spooler - ok
17:26:40.0678 3732	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:26:40.0816 3732	sppsvc - ok
17:26:40.0971 3732	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:26:41.0028 3732	sppuinotify - ok
17:26:41.0101 3732	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:26:41.0138 3732	srv - ok
17:26:41.0248 3732	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:26:41.0296 3732	srv2 - ok
17:26:41.0403 3732	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:26:41.0418 3732	srvnet - ok
17:26:41.0766 3732	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:26:41.0818 3732	SSDPSRV - ok
17:26:41.0928 3732	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:26:41.0996 3732	SstpSvc - ok
17:26:42.0143 3732	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:26:42.0161 3732	stexstor - ok
17:26:42.0258 3732	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:26:42.0306 3732	stisvc - ok
17:26:42.0406 3732	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:26:42.0428 3732	swenum - ok
17:26:42.0626 3732	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:26:42.0683 3732	swprv - ok
17:26:43.0023 3732	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:26:43.0078 3732	SysMain - ok
17:26:43.0168 3732	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:26:43.0211 3732	TabletInputService - ok
17:26:43.0378 3732	tap0901         (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
17:26:43.0408 3732	tap0901 - ok
17:26:43.0526 3732	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:26:43.0566 3732	TapiSrv - ok
17:26:43.0691 3732	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:26:43.0746 3732	TBS - ok
17:26:44.0018 3732	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:26:44.0066 3732	Tcpip - ok
17:26:44.0208 3732	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:26:44.0251 3732	TCPIP6 - ok
17:26:44.0373 3732	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:26:44.0421 3732	tcpipreg - ok
17:26:44.0513 3732	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:26:44.0548 3732	TDPIPE - ok
17:26:44.0731 3732	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:26:44.0751 3732	TDTCP - ok
17:26:44.0916 3732	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:26:44.0961 3732	tdx - ok
17:26:44.0981 3732	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:26:44.0988 3732	TermDD - ok
17:26:45.0088 3732	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:26:45.0146 3732	TermService - ok
17:26:45.0213 3732	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:26:45.0256 3732	Themes - ok
17:26:45.0341 3732	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:26:45.0386 3732	THREADORDER - ok
17:26:45.0451 3732	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:26:45.0508 3732	TrkWks - ok
17:26:45.0933 3732	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:26:46.0018 3732	TrustedInstaller - ok
17:26:46.0223 3732	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:46.0281 3732	tssecsrv - ok
17:26:46.0376 3732	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:26:46.0401 3732	TsUsbFlt - ok
17:26:46.0488 3732	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:26:46.0533 3732	TsUsbGD - ok
17:26:46.0641 3732	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:26:46.0668 3732	tunnel - ok
17:26:46.0868 3732	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
17:26:46.0886 3732	TurboB - ok
17:26:47.0046 3732	TurboBoost      (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:26:47.0058 3732	TurboBoost - ok
17:26:47.0271 3732	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:26:47.0291 3732	uagp35 - ok
17:26:47.0426 3732	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:26:47.0501 3732	udfs - ok
17:26:47.0578 3732	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:26:47.0598 3732	UI0Detect - ok
17:26:47.0681 3732	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:26:47.0696 3732	uliagpkx - ok
17:26:47.0778 3732	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:26:47.0806 3732	umbus - ok
17:26:47.0891 3732	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:26:47.0936 3732	UmPass - ok
17:26:48.0026 3732	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:26:48.0078 3732	upnphost - ok
17:26:48.0173 3732	upperdev        (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:26:48.0206 3732	upperdev - ok
17:26:48.0433 3732	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:48.0463 3732	usbccgp - ok
17:26:48.0653 3732	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:26:48.0683 3732	usbcir - ok
17:26:48.0791 3732	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:26:48.0831 3732	usbehci - ok
17:26:48.0923 3732	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:26:48.0948 3732	usbhub - ok
17:26:49.0038 3732	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:26:49.0083 3732	usbohci - ok
17:26:49.0176 3732	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:26:49.0206 3732	usbprint - ok
17:26:49.0336 3732	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
17:26:49.0346 3732	usbser - ok
17:26:49.0696 3732	UsbserFilt      (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:26:49.0761 3732	UsbserFilt - ok
17:26:49.0858 3732	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:49.0881 3732	USBSTOR - ok
17:26:49.0971 3732	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:26:49.0996 3732	usbuhci - ok
17:26:50.0083 3732	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:26:50.0098 3732	usbvideo - ok
17:26:50.0176 3732	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:26:50.0256 3732	UxSms - ok
17:26:50.0638 3732	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:26:50.0648 3732	VaultSvc - ok
17:26:50.0793 3732	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:26:50.0813 3732	vdrvroot - ok
17:26:50.0953 3732	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:26:50.0988 3732	vds - ok
17:26:51.0073 3732	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:51.0091 3732	vga - ok
17:26:51.0203 3732	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:26:51.0266 3732	VgaSave - ok
17:26:51.0356 3732	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:26:51.0366 3732	vhdmp - ok
17:26:51.0491 3732	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:26:51.0501 3732	viaide - ok
17:26:51.0621 3732	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:26:51.0641 3732	volmgr - ok
17:26:51.0823 3732	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:26:51.0848 3732	volmgrx - ok
17:26:51.0966 3732	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:26:51.0991 3732	volsnap - ok
17:26:52.0081 3732	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:26:52.0103 3732	vsmraid - ok
17:26:52.0211 3732	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:26:52.0263 3732	VSS - ok
17:26:52.0346 3732	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:26:52.0376 3732	vwifibus - ok
17:26:52.0488 3732	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:26:52.0521 3732	vwififlt - ok
17:26:52.0611 3732	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:26:52.0658 3732	vwifimp - ok
17:26:52.0758 3732	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:26:52.0801 3732	W32Time - ok
17:26:52.0893 3732	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:26:52.0928 3732	WacomPen - ok
17:26:53.0026 3732	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:26:53.0078 3732	WANARP - ok
17:26:53.0083 3732	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:26:53.0113 3732	Wanarpv6 - ok
17:26:53.0266 3732	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:26:53.0298 3732	WatAdminSvc - ok
17:26:53.0563 3732	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:26:53.0611 3732	wbengine - ok
17:26:53.0761 3732	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:26:53.0803 3732	WbioSrvc - ok
17:26:53.0888 3732	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:26:53.0933 3732	wcncsvc - ok
17:26:53.0998 3732	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:26:54.0023 3732	WcsPlugInService - ok
17:26:54.0118 3732	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:26:54.0123 3732	Wd - ok
17:26:54.0343 3732	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:26:54.0373 3732	Wdf01000 - ok
17:26:54.0523 3732	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:26:54.0563 3732	WdiServiceHost - ok
17:26:54.0566 3732	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:26:54.0583 3732	WdiSystemHost - ok
17:26:54.0636 3732	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:26:54.0671 3732	WebClient - ok
17:26:54.0761 3732	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:26:54.0821 3732	Wecsvc - ok
17:26:54.0901 3732	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:26:54.0961 3732	wercplsupport - ok
17:26:55.0038 3732	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:26:55.0088 3732	WerSvc - ok
17:26:55.0481 3732	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:26:55.0526 3732	WfpLwf - ok
17:26:55.0821 3732	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
17:26:55.0846 3732	WimFltr - ok
17:26:55.0938 3732	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:26:55.0966 3732	WIMMount - ok
17:26:56.0008 3732	WinDefend - ok
17:26:56.0011 3732	WinHttpAutoProxySvc - ok
17:26:56.0116 3732	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:26:56.0171 3732	Winmgmt - ok
17:26:56.0263 3732	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:26:56.0336 3732	WinRM - ok
17:26:56.0538 3732	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:26:56.0596 3732	WinUsb - ok
17:26:56.0706 3732	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:26:56.0756 3732	Wlansvc - ok
17:26:56.0898 3732	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:26:56.0951 3732	wlidsvc - ok
17:26:57.0071 3732	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:26:57.0101 3732	WmiAcpi - ok
17:26:57.0201 3732	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:26:57.0233 3732	wmiApSrv - ok
17:26:57.0268 3732	WMPNetworkSvc - ok
17:26:57.0343 3732	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:26:57.0353 3732	WPCSvc - ok
17:26:57.0433 3732	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:26:57.0456 3732	WPDBusEnum - ok
17:26:57.0546 3732	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:26:57.0588 3732	ws2ifsl - ok
17:26:57.0668 3732	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:26:57.0706 3732	wscsvc - ok
17:26:57.0756 3732	WSearch - ok
17:26:57.0831 3732	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:26:57.0901 3732	wuauserv - ok
17:26:58.0061 3732	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:26:58.0108 3732	WudfPf - ok
17:26:58.0213 3732	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:58.0273 3732	WUDFRd - ok
17:26:58.0366 3732	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:26:58.0406 3732	wudfsvc - ok
17:26:58.0498 3732	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:26:58.0531 3732	WwanSvc - ok
17:26:58.0578 3732	MBR (0x1B8)     (b0d37aa9e76ed639f22035945343f397) \Device\Harddisk0\DR0
17:26:58.0618 3732	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
17:26:58.0618 3732	\Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
17:26:58.0888 3732	MBR (0x1B8)     (aeaa8d3d811df3191c0396c451d56aca) \Device\Harddisk1\DR1
17:27:03.0208 3732	\Device\Harddisk1\DR1 - ok
17:27:03.0228 3732	Boot (0x1200)   (1ac1a0df5506c185b97e5e631af78847) \Device\Harddisk0\DR0\Partition0
17:27:03.0231 3732	\Device\Harddisk0\DR0\Partition0 - ok
17:27:03.0253 3732	Boot (0x1200)   (b7fffeb3fb97bfc4b59770eb038b9003) \Device\Harddisk0\DR0\Partition1
17:27:03.0256 3732	\Device\Harddisk0\DR0\Partition1 - ok
17:27:03.0258 3732	============================================================
17:27:03.0258 3732	Scan finished
17:27:03.0258 3732	============================================================
17:27:03.0266 3412	Detected object count: 6
17:27:03.0266 3412	Actual detected object count: 6
17:27:43.0424 3412	Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0424 3412	Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:43.0427 3412	Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0427 3412	Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:43.0427 3412	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0427 3412	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:43.0427 3412	OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0429 3412	OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:43.0429 3412	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0429 3412	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:27:43.0544 3412	\Device\Harddisk0\DR0\# - copied to quarantine
17:27:43.0544 3412	\Device\Harddisk0\DR0 - copied to quarantine
17:27:43.0934 3412	\Device\Harddisk0\DR0 - processing error
17:27:51.0914 3412	\Device\Harddisk0\DR0 - will be restored on reboot
17:27:51.0919 3412	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore 
17:32:20.0316 5852	Deinitialize success

[john.doe]

1.) Disable Windows Defender => http://windows.microsoft.com/en-US/w...nder-on-or-off

2.) Close any open browsers.

3.) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

4.) Open notepad and copy/paste the text in the codebox below into it:

Code:

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7D034EBB-40BF-43E8-B525-6EB2A7615B2E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

DirLook::
c:\users\Phil\AppData\Roaming\UAs
c:\programdata\Codecv

FileLook::
c:\windows\SysWow64\vorbis.acm
c:\windows\explorer.exe

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

bye, andreas

[truetaurus]

Heres the combo log file

Code:

ComboFix 12-04-09.01 - Phil 09.04.2012  18:34:32.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.8103.5373 [GMT 2:00]
ausgeführt von:: c:\users\Phil\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Phil\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-09 bis 2012-04-09  ))))))))))))))))))))))))))))))
.
.
2012-04-09 16:40 . 2012-04-09 16:40	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 16:40 . 2012-04-09 16:40	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2012-04-08 22:15 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-04-08 15:42 . 2012-04-07 00:06	2871808	----a-w-	c:\windows\explorer.exe
2012-04-07 14:53 . 2012-04-07 14:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-07 13:57 . 2012-04-07 13:57	--------	d-----w-	c:\program files (x86)\SopCast
2012-04-07 11:38 . 2012-04-07 11:38	--------	d-----w-	c:\windows\SysWow64\drivers\AVG
2012-04-07 11:37 . 2012-04-08 14:16	--------	d-----w-	c:\windows\system32\drivers\AVG
2012-04-07 11:37 . 2012-04-07 11:37	--------	d-----w-	C:\$AVG
2012-04-07 10:48 . 2012-04-07 10:48	--------	d-----w-	c:\users\Phil\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-04-07 10:47 . 2012-04-07 10:47	--------	d-----w-	c:\programdata\Virtualized Applications
2012-04-07 10:31 . 2012-03-20 01:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBBE9BB8-F740-4A45-BFDD-1E3B59A40A2A}\mpengine.dll
2012-04-07 10:24 . 2012-04-07 10:24	--------	d-----w-	C:\_OTL
2012-04-07 10:12 . 2012-04-07 10:12	--------	d-----w-	c:\users\Phil\AppData\Roaming\High Impact eMail 5
2012-04-07 00:16 . 2012-04-07 00:16	--------	d-----w-	c:\program files\CCleaner
2012-04-05 18:11 . 2012-04-05 18:12	--------	d-----w-	c:\programdata\Codecv
2012-04-04 01:06 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-04 01:06 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-04 01:06 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-03 22:08 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-04-03 22:08 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-04-03 22:08 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-04-03 22:08 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-03 22:08 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-03 22:08 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-03 22:07 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-04-03 22:07 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-04-03 22:07 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-03 22:07 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-04-03 20:11 . 2012-04-03 20:11	--------	d-----w-	c:\users\Phil\AppData\Roaming\AVG2012
2012-04-03 20:06 . 2012-04-07 11:38	--------	d-----w-	c:\programdata\AVG2012
2012-04-03 20:05 . 2012-04-03 20:05	--------	d-----w-	c:\program files (x86)\AVG
2012-04-03 20:02 . 2012-04-03 20:02	--------	d--h--w-	c:\programdata\Common Files
2012-04-03 20:02 . 2012-04-08 14:16	--------	d-----w-	c:\programdata\MFAData
2012-04-01 21:11 . 2012-04-01 21:11	--------	d-----w-	c:\users\Phil\AppData\Roaming\Malwarebytes
2012-04-01 21:10 . 2012-04-01 21:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-01 16:33 . 2012-04-01 16:33	--------	d-----w-	C:\Banks
2012-04-01 16:30 . 2012-04-01 16:30	--------	d-----w-	c:\program files (x86)\d-lusion
2012-04-01 16:15 . 2012-04-01 16:15	--------	d--h--w-	c:\users\Phil\AppData\Roaming\SynthMaker
2012-03-25 19:02 . 2012-04-03 21:40	--------	d-----w-	c:\users\Phil\AppData\Roaming\Stellarium
2012-03-25 19:02 . 2012-04-03 21:41	--------	d-----w-	c:\program files (x86)\Stellarium
2012-03-25 14:34 . 2012-03-25 14:34	--------	d--h--w-	c:\programdata\Premium
2012-03-18 16:39 . 2012-03-23 18:38	--------	d--h--w-	c:\users\Phil\AppData\Roaming\UAs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 16:42 . 2011-09-29 17:19	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-03-03 23:22 . 2012-03-03 23:22	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2012-03-03 21:07 . 2012-03-03 21:07	95	----a-w-	c:\windows\SysWow64\InstallGAC.bat
2012-02-23 07:18 . 2011-10-02 10:56	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 03:25 . 2012-02-22 03:25	382032	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-02-22 03:25 . 2012-02-22 03:25	289872	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-01-31 02:46 . 2012-01-31 02:46	36944	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE.MUI
File size: 2871808
Created time: 2012-04-08 15:42
Modified time: 2012-04-07 00:06
MD5: 332FEAB1435662FC6C672E25BEB37BE3
SHA1: 5A49D7390EE87519B9D69D3E4AA66CA066CC8255
.
.
--- c:\windows\SysWow64\vorbis.acm ---
Company: HMS http://hp.vector.co.jp/authors/VA012897/
File Description: Ogg Vorbis CODEC for MSACM
File Version: 0, 0, 3, 6
Product Name: Ogg Vorbis Audio codec for MSACM
Copyright: Copyright (C)2001 H.Mutsuki
Original Filename: vorbis.acm
File size: 1554944
Created time: 2012-04-08 22:15
Modified time: 2009-09-15 09:14
MD5: 9033DAF3277F0498BC86C8D4566C25CE
SHA1: AFC3E14F15B49BBB531FE1DABA42182A17927C7A
.
---- Directory of c:\programdata\Codecv ----
.
2012-04-05 18:12 . 2012-04-09 00:36	938	----a-w-	c:\programdata\Codecv\data\content.js
2012-04-05 18:12 . 2012-04-09 00:36	1104	----a-w-	c:\programdata\Codecv\data\jsondb.js
2012-04-05 18:11 . 2012-04-05 18:11	47445	----a-w-	c:\programdata\Codecv\uninstall.exe
2012-04-05 18:11 . 2012-04-05 16:00	140800	----a-w-	c:\programdata\Codecv\bhoclass.dll
2012-04-05 18:11 . 2012-04-05 16:00	388	----a-w-	c:\programdata\Codecv\content.js
2012-04-05 18:11 . 2012-04-05 16:00	4923	----a-w-	c:\programdata\Codecv\background.html
2012-04-05 18:11 . 2012-04-05 16:00	610	----a-w-	c:\programdata\Codecv\settings.ini
2012-04-05 18:11 . 2012-04-05 16:00	38119	----a-w-	c:\programdata\Codecv\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
.
---- Directory of c:\users\Phil\AppData\Roaming\UAs ----
.
2012-03-23 18:38 . 2012-03-23 18:38	31	---ha-w-	c:\users\Phil\AppData\Roaming\UAs\chrome.exe_UAs001.dat
2012-03-18 17:39 . 2012-03-18 17:39	15	---ha-w-	c:\users\Phil\AppData\Roaming\UAs\UAs_UAs001.dat
2012-03-18 16:39 . 2012-03-18 16:39	10	---ha-w-	c:\users\Phil\AppData\Roaming\UAs\_UAs002.dat
2012-03-18 16:39 . 2012-03-18 16:39	10	---ha-w-	c:\users\Phil\AppData\Roaming\UAs\_UAs001.dat
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-09_13.32.40   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-09 16:41 . 2012-04-09 16:41	13306              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-09 12:22 . 2012-04-09 12:22	13306              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-02-18 20:13 . 2012-04-09 15:35	42610              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 15:35	23518              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-29 17:23 . 2012-04-09 16:20	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-29 17:23 . 2012-04-09 00:36	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-08 22:15 . 2012-04-09 16:20	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-08 22:15 . 2012-04-09 00:36	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 00:36	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 16:20	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-29 17:20 . 2012-04-09 15:35	8534              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011566674-3117849484-245789612-1001_UserData.bin
- 2012-04-09 12:23 . 2012-04-09 12:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 16:42 . 2012-04-09 16:42	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-09 12:23 . 2012-04-09 12:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-09 16:42 . 2012-04-09 16:42	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-09 16:41	427168              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-09 11:23	427168              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-17 14:58 . 2012-04-09 12:22	1453160              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-17 14:58 . 2012-04-09 16:41	1453160              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-29 19:44 . 2012-04-09 16:41	2015564              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011566674-3117849484-245789612-1001-8192.dat
- 2011-09-29 19:44 . 2012-04-09 11:23	2015564              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011566674-3117849484-245789612-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/17 22:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd14536cd82b34.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\ComUpdatus.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-09  18:47:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-09 16:47
ComboFix2.txt  2012-04-09 13:52
.
Vor Suchlauf: 130.524.831.744 bytes free
Nach Suchlauf: 130.136.010.752 bytes free
.
- - End Of File - - 1D9B0BB2FC3DEC0623AE3183903DFAEA

[john.doe]

Please test with MSIE and Opera if you are still redirected at Googlesearch.

bye, andreas

[truetaurus]

seems to be working fine now. Danke!

But still not sure whats wrong with my explorer. keeps crashing?

[john.doe]

Hm, something is strange about the explorer, it was modified very last time, but the MD5 and SHA1 say, it's ok.

1.) Press Start => Searchfield => (type in) sfc /scannow => Enter

It will take some time, keep your Windows Installation DVD in range, probably you will need it.

2.) Download and run => Sophos Anti Rootkit

If scan is done, start Windows Explorer and
type in the address field => %temp%

You should see a file sarscan.log, attach it to your next reply.

bye, andreas

[truetaurus]

so I did the sfc scan and there were errors it could not fix, so im going to have to find a windows 7 cd somewhere before i can show you the rest.

[john.doe]

OK, thought so. Some of your Systemfiles are corrupted and need to be replaced with original ones.

bye, andreas