Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Qv06 Virus geht nicht weg.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.07.2013, 14:35   #1
Fichi3d
 
Qv06 Virus geht nicht weg. - Frage

Qv06 Virus geht nicht weg.



Hallo alle,
Ich habe mir vor Ca. 2 Wochen den Browser Hijacker "Qv06" auf den PC gezogen. Ich habe es zwar schon geschafft die Startseite wieder zu ändern(Rechtsklick auf Browser>Einstellungen>Link hinter den Ziel entfernen). Ich wollte mit vielen Programmen den Virus entfernen (Malwarebytes, Spyhunter 4 usw.). Zuerst dachte ich, dass er weg wäre doch als ich heute auf die PayPal Website wollte, hat mich JEDER Webbrowser geblockt bzw. Wollte mir die Wensite nicht anzeigem. Ich vermute dass es der Virus ist und KIS 2013 findet den Virus ebenfalls nicht. Danke schonmal im Vorraus

Alt 08.07.2013, 14:40   #2
markusg
/// Malware-holic
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 08.07.2013, 18:12   #3
Fichi3d
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



Hier mal die Extras.txt:
Code:
ATTFilter
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 26.06.2013 12:19:23 | Computer Name = JerchelPC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.07.2013 12:55:19 | Computer Name = JerchelPC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 17.01.2011 11:17:33 | Computer Name = JerchelPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 13.03.2011 05:51:36 | Computer Name = JerchelPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.09.2011 12:38:18 | Computer Name = JerchelPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 286
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.07.2013 03:33:12 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.07.2013 03:33:12 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.07.2013 03:34:21 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.07.2013 03:34:21 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.07.2013 10:46:00 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 07.07.2013 10:53:08 | Computer Name = JerchelPC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.07.2013 03:25:26 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 08.07.2013 03:36:22 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 08.07.2013 06:53:04 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 08.07.2013 08:41:25 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
Und hier ist die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 08.07.2013 17:31:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian Jerchel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,12% Memory free
6,20 Gb Paging File | 4,80 Gb Available in Paging File | 77,34% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,36 Gb Total Space | 225,99 Gb Free Space | 49,85% Space Free | Partition Type: NTFS
Drive D: | 12,39 Gb Total Space | 1,71 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
 
Computer Name: JERCHELPC | User Name: Christian Jerchel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.08 17:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian Jerchel\Desktop\OTL.exe
PRC - [2013.07.04 12:36:40 | 000,567,880 | ---- | M] () -- C:\Program Files\puush\puush.exe
PRC - [2013.07.04 09:16:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.16 07:27:22 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe
PRC - [2012.12.10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.08.17 21:38:34 | 000,200,120 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtbws.exe
PRC - [2012.03.07 00:06:52 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.03.07 00:06:32 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.09.07 12:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.03 16:41:20 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.11.19 13:03:40 | 000,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.04 12:36:40 | 000,567,880 | ---- | M] () -- C:\Program Files\puush\puush.exe
MOD - [2013.05.20 07:54:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fd0b6f713b92e3fbd443f1f1cb058381\System.Configuration.ni.dll
MOD - [2013.05.17 17:36:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\74fa000afba3305d1d765611cd66674e\System.Windows.Forms.ni.dll
MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTMUI.dll
MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTHAL.dll
MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTCore.dll
MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTUI.dll
MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTFC.dll
MOD - [2013.01.10 15:20:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8859ad331b1b2c02c03a81c3c0c7b5a2\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 15:20:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\025fc2d92484ad7c0fe120a8fd44d47b\System.Xml.ni.dll
MOD - [2013.01.10 15:19:25 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\44025a748649f45d638ca47bc9a0ead3\System.Drawing.ni.dll
MOD - [2013.01.10 15:18:27 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d70cd42bae1e041b6c3d937303b8f03c\System.ni.dll
MOD - [2013.01.10 15:18:14 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTTSH.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2010.06.28 18:12:47 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2010.02.10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.04 09:16:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013.06.12 18:46:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.16 07:27:22 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.12.10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2013.07.03 17:18:35 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.05.16 07:27:20 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013.05.16 07:27:20 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012.03.07 01:06:00 | 011,407,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.06 14:24:40 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2009.07.27 17:45:35 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.01 14:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.07.21 18:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.05.22 11:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=395049983_1052451_9E10E6CC&ts=1373034886
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{18237890-2735-480A-B070-1E6F6E31D14A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{2F9C5E29-E769-47B1-9E31-112F6A113055}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=395049983_1052451_9E10E6CC&ts=7209033
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3321154450784934&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKLM\..\SearchScopes\{B7F50122-58FC-4823-A630-7744ECB0C208}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=395049983_1052451_9E10E6CC&ts=1372698548
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Christian Jerchel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Christian Jerchel\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Christian Jerchel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christian Jerchel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christian Jerchel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian Jerchel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.07.03 14:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.07.03 14:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.07.03 14:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com [2013.07.03 14:25:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com [2013.07.03 14:25:11 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_1\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_1\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Christian Jerchel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: Google Mail = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Facebook Connect) - {11DCAFD6-DDBA-4ADA-998B-996B7B691AE0} - C:\Users\Manfred Jerchel\AppData\Roaming\FBConnect\IE\FBConnect.dll (Facebook Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPADVISOR]  File not found
O4 - HKCU..\Run: [puush] C:\Program Files\puush\puush.exe ()
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D705716D-686F-4756-9B95-0CCD3C86981D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{44dd71ad-92e7-11e2-8b3d-002354f0e2e0}\Shell - "" = AutoRun
O33 - MountPoints2\{44dd71ad-92e7-11e2-8b3d-002354f0e2e0}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpReg: DVDAgent - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.08 17:30:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian Jerchel\Desktop\OTL.exe
[2013.07.08 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\QuickScan
[2013.07.08 13:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2013.07.08 13:16:47 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Fighters
[2013.07.08 13:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2013.07.07 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.07.07 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\NVIDIA
[2013.07.06 20:12:53 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.07.06 19:24:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.07.06 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.07.06 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.07.06 18:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal Beta
[2013.07.06 18:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Craften Terminal Beta
[2013.07.05 19:09:51 | 000,367,014 | ---- | C] (hxxp://magiclauncher.com) -- C:\Users\Christian Jerchel\Desktop\MagicLauncher_1.1.6.exe
[2013.07.04 18:32:17 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\Documents\New Unity Project
[2013.07.04 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\PACE Anti-Piracy
[2013.07.04 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\PACE Anti-Piracy
[2013.07.04 18:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013.07.04 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2013.07.04 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2013.07.04 18:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2013.07.03 16:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.07.03 14:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.07.03 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.07.03 14:21:41 | 000,594,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013.07.03 14:21:41 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013.07.02 19:00:30 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Malwarebytes
[2013.07.02 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.02 18:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.01 19:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BasicServe
[2013.07.01 19:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\BasicServe
[2013.07.01 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.06.30 12:52:14 | 000,000,000 | R--D | C] -- C:\Users\Christian Jerchel\Download
[2013.06.28 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\puush
[2013.06.28 19:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[2013.06.28 19:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\puush
[2013.06.26 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Mozilla
[2013.06.22 20:00:38 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Need for Speed World
[2013.06.22 13:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2013.06.19 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\MC Back
[2013.06.17 19:02:51 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\.minecraft
[2013.06.14 18:00:47 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\Temporary Projects
[2013.06.14 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
[2013.06.14 14:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Geevs
[2013.06.14 14:19:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lightworks
[2013.06.14 14:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lightworks
[2013.06.13 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\Desktop\Tutorials
[2013.06.12 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Hewlett-Packard_Company
[2013.06.12 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\Hewlett-Packard_Company
[2013.06.09 16:07:44 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\Documents\Pinnacle VideoSpin
[2013.06.09 11:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2013.06.09 11:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2013.06.09 11:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2013.06.09 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2013.06.09 11:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2013.06.09 11:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2013.06.09 11:22:12 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\Downloaded Installations
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Christian Jerchel\Desktop\*.tmp files -> C:\Users\Christian Jerchel\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.08 17:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian Jerchel\Desktop\OTL.exe
[2013.07.08 17:23:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.08 17:23:14 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RealUpgradeLogonTaskS-1-5-21-1462046329-529929945-268080420-1000.job
[2013.07.08 17:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.08 16:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.08 16:44:00 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001UA.job
[2013.07.08 16:39:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 16:39:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 15:11:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForManfred Jerchel.job
[2013.07.08 14:44:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001Core.job
[2013.07.08 14:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.08 10:17:16 | 513,341,191 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_12_21_450.avi
[2013.07.08 10:11:14 | 2654,572,181 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_03_33_135.avi
[2013.07.08 10:00:58 | 1830,559,338 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_08_09_59_21_602.avi
[2013.07.07 09:56:28 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.07.06 18:08:35 | 000,000,919 | ---- | M] () -- C:\Users\Christian Jerchel\Desktop\Craften Terminal .lnk
[2013.07.06 14:31:14 | 431,116,420 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_19_01_538.avi
[2013.07.05 19:10:02 | 000,367,014 | ---- | M] (hxxp://magiclauncher.com) -- C:\Users\Christian Jerchel\Desktop\MagicLauncher_1.1.6.exe
[2013.07.05 18:46:58 | 1399,450,622 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_05_18_44_22_468.avi
[2013.07.05 18:38:47 | 000,001,199 | ---- | M] () -- C:\Users\Christian Jerchel\Desktop\Google Chrome.lnk
[2013.07.04 18:21:45 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2013.07.04 13:44:09 | 815,163,506 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\GMTE 2_2013_07_04_13_16_09_112.avi
[2013.07.04 13:16:11 | 803,325,533 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_04_13_07_53_149.avi
[2013.07.03 18:44:35 | 000,080,450 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle2.pdf
[2013.07.03 18:44:18 | 000,077,001 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle1.pdf
[2013.07.03 17:18:35 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013.07.03 17:12:00 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1462046329-529929945-268080420-1000.job
[2013.07.03 14:26:45 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.07.01 18:56:57 | 000,000,385 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.scn
[2013.07.01 18:56:31 | 000,746,584 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.A.index
[2013.07.01 18:56:30 | 000,746,096 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.index
[2013.07.01 18:55:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.07.01 18:51:53 | 2993,529,326 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi
[2013.07.01 18:03:27 | 000,484,992 | ---- | M] () -- C:\Users\Christian Jerchel\Desktop\Minecraft.exe
[2013.06.30 10:05:50 | 000,001,031 | ---- | M] () -- C:\WildTangent Games App - hp.lnk
[2013.06.26 18:18:49 | 000,054,272 | ---- | M] () -- C:\Users\Christian Jerchel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.22 13:33:31 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2013.06.17 17:13:28 | 000,671,440 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.17 17:13:28 | 000,632,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.17 17:13:28 | 000,144,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.17 17:13:28 | 000,118,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.09 16:03:13 | 000,488,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.09 11:25:11 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Christian Jerchel\Desktop\*.tmp files -> C:\Users\Christian Jerchel\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.08 15:10:58 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForManfred Jerchel.job
[2013.07.08 10:12:21 | 513,341,191 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_12_21_450.avi
[2013.07.08 10:03:33 | 2654,572,181 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_03_33_135.avi
[2013.07.08 09:59:22 | 1830,559,338 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_08_09_59_21_602.avi
[2013.07.06 18:08:35 | 000,000,919 | ---- | C] () -- C:\Users\Christian Jerchel\Desktop\Craften Terminal .lnk
[2013.07.05 18:44:25 | 1399,450,622 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_05_18_44_22_468.avi
[2013.07.05 18:38:37 | 000,001,199 | ---- | C] () -- C:\Users\Christian Jerchel\Desktop\Google Chrome.lnk
[2013.07.04 18:21:45 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2013.07.04 13:16:09 | 815,163,506 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\GMTE 2_2013_07_04_13_16_09_112.avi
[2013.07.04 13:07:53 | 803,325,533 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_04_13_07_53_149.avi
[2013.07.03 18:44:35 | 000,080,450 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle2.pdf
[2013.07.03 18:44:16 | 000,077,001 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle1.pdf
[2013.07.03 16:58:05 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.07.01 18:56:57 | 000,000,385 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.scn
[2013.07.01 18:56:30 | 000,746,584 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.A.index
[2013.07.01 18:56:30 | 000,746,096 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.index
[2013.07.01 18:36:20 | 2993,529,326 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi
[2013.07.01 18:19:01 | 431,116,420 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_19_01_538.avi
[2013.06.22 13:33:31 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2013.06.09 11:25:11 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
[2013.06.09 11:22:26 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.05.28 19:25:15 | 000,005,020 | ---- | C] () -- C:\ProgramData\ubzyegls.kzt
[2013.05.21 15:50:12 | 000,005,024 | ---- | C] () -- C:\ProgramData\qiwmnyln.lsb
[2013.05.20 08:22:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.14 19:49:19 | 000,003,478 | ---- | C] () -- C:\Users\Christian Jerchel\.recently-used.xbel
[2012.12.25 20:05:41 | 000,001,429 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Local\RecConfig.xml
[2012.09.28 21:45:16 | 000,246,272 | ---- | C] () -- C:\Windows\System32\rtvcvfw64.dll
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.04.12 19:35:03 | 000,002,528 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Roaming\$_hpcst$.hpc
[2011.04.05 20:08:18 | 000,007,592 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Local\d3d9caps.dat
[2011.03.01 19:45:27 | 000,054,272 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.28 20:23:06 | 000,007,581 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2013.07.07 09:46:44 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1462046329-529929945-268080420-1001\$RBDWY9K\n
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.07.08 13:39:12 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\.minecraft
[2012.05.14 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\.mono
[2013.06.07 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\AnvSoft
[2011.03.28 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Atari
[2013.01.03 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\avidemux
[2013.03.06 19:35:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Blender Foundation
[2011.03.05 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\CBL-Electronics
[2013.07.08 13:17:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Fighters
[2013.06.14 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\FileZilla
[2013.02.09 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\FreeScreenToVideo
[2013.03.14 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\gtk-2.0
[2013.02.11 17:07:54 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\JRT Studio
[2012.05.14 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Kalypso Media
[2013.06.19 13:52:17 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\MC Back
[2013.07.07 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Minecraft Version Changer
[2013.06.22 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Need for Speed World
[2011.03.22 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\OpenOffice.org
[2013.07.04 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\PACE Anti-Piracy
[2011.04.12 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\PC Suite
[2012.12.13 18:20:07 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\PeerNetworking
[2012.05.14 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Pole Position 2012
[2013.06.28 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\puush
[2013.07.08 17:24:40 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\QuickScan
[2013.03.02 20:41:30 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\skyz
[2011.04.19 20:09:43 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Try2
[2013.07.08 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\TS3Client
[2012.01.08 20:07:57 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\ts3overlay
[2011.04.15 16:02:18 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\UltraMixer
[2011.07.01 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Unigraphics Solutions
[2013.07.04 18:34:13 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Unity
[2011.03.06 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.04.15 16:38:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.11.07 10:57:15 | 000,000,000 | ---D | M] -- C:\ATRIS_ST
[2010.01.03 11:50:00 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.01.24 14:44:39 | 000,000,000 | ---D | M] -- C:\d6541f6697dd6620f612e1b677d912
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.18 09:55:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.06 12:08:53 | 000,000,000 | -H-D | M] -- C:\hp
[2009.07.18 11:49:54 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.07.06 20:12:53 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.27 18:00:22 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.1 (de) Installation Files
[2011.12.07 17:07:35 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.08 14:56:39 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.07.08 13:17:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.18 09:55:16 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.07.08 17:35:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.04.02 18:12:45 | 000,000,000 | ---D | M] -- C:\tmp
[2013.07.06 19:28:47 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.08 09:25:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.02.03 13:38:59 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.03 13:39:00 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.07.09 14:21:14 | 000,000,542 | ---- | C] () -- C:\Windows\Tasks\Install.job
[2011.06.16 18:55:46 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001Core.job
[2011.06.16 18:55:46 | 000,001,168 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001UA.job
[2011.07.06 17:12:44 | 000,000,306 | ---- | C] () -- C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1462046329-529929945-268080420-1000.job
[2011.07.06 17:12:49 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1462046329-529929945-268080420-1000.job
[2012.04.04 14:28:20 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.07.08 14:39:47 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.07.08 15:10:58 | 000,000,362 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForManfred Jerchel.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\hp\drivers\nvidia_storage\IDE\WinVista\sataraid\nvstor32.sys
[2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\Windows\System32\drivers\nvstor32.sys
[2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_d98c5f2a\nvstor32.sys
[2008.10.10 02:04:02 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_beedd2a9\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2013.05.16 07:27:20 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klflt.sys
[2013.05.16 07:27:20 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klkbdflt.sys
[2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
[2013.07.03 17:18:35 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kltdi.sys
[2013.05.16 07:27:20 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kneps.sys
 
< %systemroot%\System32\config\*.sav >
[2008.12.01 15:45:59 | 017,625,088 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.12.01 15:45:43 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.12.01 15:45:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.12.01 15:46:08 | 017,616,896 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.12.01 15:46:09 | 006,643,712 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.03.14 19:49:19 | 000,003,478 | ---- | M] () -- C:\Users\Christian Jerchel\.recently-used.xbel
[2013.07.08 17:58:28 | 007,077,888 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT
[2013.07.08 17:58:26 | 000,262,144 | -H-- | M] () -- C:\Users\Christian Jerchel\ntuser.dat.LOG1
[2011.02.28 20:20:35 | 000,000,000 | -H-- | M] () -- C:\Users\Christian Jerchel\ntuser.dat.LOG2
[2013.06.05 15:44:57 | 007,077,888 | -HS- | M] () -- C:\Users\Christian Jerchel\ntuser.dat_previous
[2013.07.08 13:54:52 | 000,065,536 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.07.21 16:02:22 | 000,524,288 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2013.07.08 13:54:52 | 000,524,288 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.02.28 20:20:36 | 000,000,020 | -HS- | M] () -- C:\Users\Christian Jerchel\ntuser.ini
[2011.08.27 16:27:18 | 000,010,752 | -HS- | M] () -- C:\Users\Christian Jerchel\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB21986$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_19_01_538.avi:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 1173 bytes -> C:\Users\Christian Jerchel\AppData\Local\Temp:eo1nLkAf6VnT6yfgnwjxi

< End of report >
         
Ich hoffe es hilft dir. Danke
__________________

Alt 08.07.2013, 18:21   #4
markusg
/// Malware-holic
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 18:28   #5
Fichi3d
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



Hab alles gemacht wie es in der Anleitung steht. Hier die Log:
Code:
ATTFilter
18:25:25.0435 3668  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:25:25.0856 3668  ============================================================
18:25:25.0856 3668  Current date / time: 2013/07/08 18:25:25.0856
18:25:25.0856 3668  SystemInfo:
18:25:25.0856 3668  
18:25:25.0856 3668  OS Version: 6.0.6002 ServicePack: 2.0
18:25:25.0856 3668  Product type: Workstation
18:25:25.0856 3668  ComputerName: JERCHELPC
18:25:25.0856 3668  UserName: Christian Jerchel
18:25:25.0856 3668  Windows directory: C:\Windows
18:25:25.0856 3668  System windows directory: C:\Windows
18:25:25.0856 3668  Processor architecture: Intel x86
18:25:25.0856 3668  Number of processors: 3
18:25:25.0856 3668  Page size: 0x1000
18:25:25.0856 3668  Boot type: Normal boot
18:25:25.0856 3668  ============================================================
18:25:31.0631 3668  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:25:31.0687 3668  ============================================================
18:25:31.0687 3668  \Device\Harddisk0\DR0:
18:25:31.0688 3668  MBR partitions:
18:25:31.0688 3668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38ABAC30
18:25:31.0688 3668  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38ABAC6F, BlocksNum 0x18C9FD2
18:25:31.0688 3668  ============================================================
18:25:31.0735 3668  C: <-> \Device\Harddisk0\DR0\Partition1
18:25:31.0933 3668  D: <-> \Device\Harddisk0\DR0\Partition2
18:25:31.0934 3668  ============================================================
18:25:31.0934 3668  Initialize success
18:25:31.0934 3668  ============================================================
18:25:45.0157 2012  ============================================================
18:25:45.0157 2012  Scan started
18:25:45.0157 2012  Mode: Manual; SigCheck; TDLFS; 
18:25:45.0157 2012  ============================================================
18:25:45.0934 2012  ================ Scan system memory ========================
18:25:45.0934 2012  System memory - ok
18:25:45.0936 2012  ================ Scan services =============================
18:25:46.0368 2012  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:25:46.0471 2012  ACPI - ok
18:25:46.0554 2012  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:25:46.0573 2012  AdobeFlashPlayerUpdateSvc - ok
18:25:46.0638 2012  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:25:46.0662 2012  adp94xx - ok
18:25:46.0697 2012  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:25:46.0714 2012  adpahci - ok
18:25:46.0760 2012  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:25:46.0774 2012  adpu160m - ok
18:25:46.0797 2012  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:25:46.0812 2012  adpu320 - ok
18:25:46.0870 2012  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:25:47.0045 2012  AeLookupSvc - ok
18:25:47.0084 2012  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
18:25:47.0157 2012  AFD - ok
18:25:47.0184 2012  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:25:47.0197 2012  agp440 - ok
18:25:47.0221 2012  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:25:47.0234 2012  aic78xx - ok
18:25:47.0253 2012  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:25:47.0526 2012  ALG - ok
18:25:47.0556 2012  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:25:47.0573 2012  aliide - ok
18:25:47.0605 2012  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:25:47.0641 2012  amdagp - ok
18:25:47.0680 2012  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:25:47.0693 2012  amdide - ok
18:25:47.0732 2012  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:25:47.0813 2012  AmdK7 - ok
18:25:47.0823 2012  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:25:47.0887 2012  AmdK8 - ok
18:25:47.0914 2012  anvsnddrv - ok
18:25:47.0961 2012  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:25:48.0022 2012  Appinfo - ok
18:25:48.0191 2012  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:48.0212 2012  Apple Mobile Device - ok
18:25:48.0248 2012  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
18:25:48.0263 2012  arc - ok
18:25:48.0304 2012  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:25:48.0319 2012  arcsas - ok
18:25:48.0601 2012  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:25:48.0616 2012  aspnet_state - ok
18:25:48.0677 2012  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:48.0730 2012  AsyncMac - ok
18:25:48.0792 2012  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:25:48.0805 2012  atapi - ok
18:25:48.0901 2012  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:25:48.0951 2012  AudioEndpointBuilder - ok
18:25:48.0960 2012  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:25:48.0986 2012  Audiosrv - ok
18:25:49.0098 2012  AVFSFilter - ok
18:25:49.0710 2012  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
18:25:49.0794 2012  AVP - ok
18:25:49.0858 2012  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:25:49.0924 2012  Beep - ok
18:25:49.0981 2012  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
18:25:50.0039 2012  BFE - ok
18:25:50.0117 2012  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
18:25:50.0323 2012  BITS - ok
18:25:50.0338 2012  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:25:50.0365 2012  blbdrive - ok
18:25:50.0438 2012  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:25:50.0511 2012  Bonjour Service - ok
18:25:50.0554 2012  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:25:50.0614 2012  bowser - ok
18:25:50.0664 2012  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:25:50.0709 2012  BrFiltLo - ok
18:25:50.0739 2012  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:25:50.0810 2012  BrFiltUp - ok
18:25:50.0839 2012  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:25:50.0970 2012  Browser - ok
18:25:50.0995 2012  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:25:51.0251 2012  Brserid - ok
18:25:51.0269 2012  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:25:51.0345 2012  BrSerWdm - ok
18:25:51.0389 2012  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:25:51.0465 2012  BrUsbMdm - ok
18:25:51.0500 2012  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:25:51.0546 2012  BrUsbSer - ok
18:25:51.0568 2012  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:25:51.0635 2012  BTHMODEM - ok
18:25:51.0691 2012  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:25:51.0778 2012  cdfs - ok
18:25:51.0844 2012  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:25:51.0884 2012  cdrom - ok
18:25:51.0928 2012  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:25:51.0973 2012  CertPropSvc - ok
18:25:51.0997 2012  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
18:25:52.0043 2012  circlass - ok
18:25:52.0081 2012  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
18:25:52.0101 2012  CLFS - ok
18:25:52.0127 2012  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:52.0231 2012  clr_optimization_v2.0.50727_32 - ok
18:25:52.0284 2012  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:52.0328 2012  clr_optimization_v4.0.30319_32 - ok
18:25:52.0342 2012  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:25:52.0356 2012  cmdide - ok
18:25:52.0370 2012  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:25:52.0383 2012  Compbatt - ok
18:25:52.0388 2012  COMSysApp - ok
18:25:52.0424 2012  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:25:52.0437 2012  crcdisk - ok
18:25:52.0450 2012  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:25:52.0477 2012  Crusoe - ok
18:25:52.0554 2012  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:25:52.0604 2012  CryptSvc - ok
18:25:52.0701 2012  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:25:52.0802 2012  DcomLaunch - ok
18:25:52.0835 2012  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:25:52.0926 2012  DfsC - ok
18:25:53.0034 2012  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
18:25:53.0267 2012  DFSR - ok
18:25:53.0357 2012  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:25:53.0398 2012  Dhcp - ok
18:25:53.0427 2012  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
18:25:53.0442 2012  disk - ok
18:25:53.0466 2012  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:25:53.0541 2012  Dnscache - ok
18:25:53.0571 2012  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:25:53.0611 2012  dot3svc - ok
18:25:53.0648 2012  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
18:25:53.0679 2012  DPS - ok
18:25:53.0754 2012  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:25:53.0812 2012  drmkaud - ok
18:25:53.0862 2012  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:25:53.0891 2012  DXGKrnl - ok
18:25:53.0953 2012  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:25:54.0006 2012  E1G60 - ok
18:25:54.0069 2012  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:25:54.0118 2012  EapHost - ok
18:25:54.0205 2012  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:25:54.0220 2012  Ecache - ok
18:25:54.0298 2012  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:25:54.0334 2012  ehRecvr - ok
18:25:54.0351 2012  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
18:25:54.0418 2012  ehSched - ok
18:25:54.0431 2012  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:25:54.0465 2012  ehstart - ok
18:25:54.0486 2012  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:25:54.0506 2012  elxstor - ok
18:25:54.0565 2012  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:25:54.0709 2012  EMDMgmt - ok
18:25:54.0788 2012  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:25:54.0842 2012  ErrDev - ok
18:25:54.0910 2012  esgiguard - ok
18:25:54.0954 2012  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
18:25:55.0009 2012  EventSystem - ok
18:25:55.0054 2012  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
18:25:55.0120 2012  exfat - ok
18:25:55.0222 2012  [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc     C:\Windows\System32\ezsvc7.dll
18:25:55.0235 2012  ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
18:25:55.0235 2012  ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
18:25:55.0266 2012  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:25:55.0305 2012  fastfat - ok
18:25:55.0337 2012  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:25:55.0384 2012  fdc - ok
18:25:55.0415 2012  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:25:55.0449 2012  fdPHost - ok
18:25:55.0469 2012  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:25:55.0530 2012  FDResPub - ok
18:25:55.0558 2012  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:25:55.0571 2012  FileInfo - ok
18:25:55.0589 2012  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:25:55.0629 2012  Filetrace - ok
18:25:55.0658 2012  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:55.0708 2012  flpydisk - ok
18:25:55.0778 2012  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:25:55.0795 2012  FltMgr - ok
18:25:55.0886 2012  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
18:25:56.0034 2012  FontCache - ok
18:25:56.0062 2012  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:25:56.0075 2012  FontCache3.0.0.0 - ok
18:25:56.0096 2012  [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
18:25:56.0130 2012  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:25:56.0130 2012  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:25:56.0161 2012  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:25:56.0226 2012  Fs_Rec - ok
18:25:56.0249 2012  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:25:56.0264 2012  gagp30kx - ok
18:25:56.0424 2012  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
18:25:56.0441 2012  GamesAppService - ok
18:25:56.0471 2012  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:25:56.0481 2012  GEARAspiWDM - ok
18:25:56.0585 2012  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:25:56.0708 2012  gpsvc - ok
18:25:56.0820 2012  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caa439edb2f560 C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:56.0835 2012  gupdate1caa439edb2f560 - ok
18:25:56.0842 2012  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:56.0855 2012  gupdatem - ok
18:25:56.0929 2012  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
18:25:56.0940 2012  hamachi - ok
18:25:57.0040 2012  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:25:57.0321 2012  Hamachi2Svc - ok
18:25:57.0427 2012  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:25:57.0510 2012  HDAudBus - ok
18:25:57.0623 2012  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:25:57.0732 2012  HidBth - ok
18:25:57.0810 2012  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:25:57.0898 2012  HidIr - ok
18:25:57.0932 2012  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
18:25:58.0068 2012  hidserv - ok
18:25:58.0103 2012  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:25:58.0210 2012  HidUsb - ok
18:25:58.0242 2012  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:25:58.0341 2012  hkmsvc - ok
18:25:58.0404 2012  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
18:25:58.0480 2012  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
18:25:58.0480 2012  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
18:25:58.0514 2012  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:25:58.0527 2012  HpCISSs - ok
18:25:58.0591 2012  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:25:58.0820 2012  HTTP - ok
18:25:58.0843 2012  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:25:58.0857 2012  i2omp - ok
18:25:58.0920 2012  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:25:58.0958 2012  i8042prt - ok
18:25:58.0980 2012  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:25:58.0997 2012  iaStorV - ok
18:25:59.0147 2012  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:25:59.0166 2012  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:25:59.0166 2012  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:25:59.0431 2012  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:25:59.0557 2012  idsvc - ok
18:25:59.0591 2012  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:25:59.0603 2012  iirsp - ok
18:25:59.0712 2012  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:25:59.0777 2012  IKEEXT - ok
18:26:00.0039 2012  [ 0E70E4485F0ED782248E26353A08D312 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:26:00.0257 2012  IntcAzAudAddService - ok
18:26:00.0282 2012  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:26:00.0295 2012  intelide - ok
18:26:00.0355 2012  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:26:00.0411 2012  intelppm - ok
18:26:00.0463 2012  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:26:00.0515 2012  IPBusEnum - ok
18:26:00.0538 2012  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:00.0591 2012  IpFilterDriver - ok
18:26:00.0642 2012  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:26:00.0731 2012  iphlpsvc - ok
18:26:00.0736 2012  IpInIp - ok
18:26:00.0751 2012  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:26:00.0800 2012  IPMIDRV - ok
18:26:00.0824 2012  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:26:00.0852 2012  IPNAT - ok
18:26:01.0213 2012  [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:26:01.0243 2012  iPod Service - ok
18:26:01.0277 2012  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:26:01.0304 2012  IRENUM - ok
18:26:01.0357 2012  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:26:01.0371 2012  isapnp - ok
18:26:01.0436 2012  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:26:01.0458 2012  iScsiPrt - ok
18:26:01.0484 2012  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:26:01.0496 2012  iteatapi - ok
18:26:01.0572 2012  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:26:01.0584 2012  iteraid - ok
18:26:01.0608 2012  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:26:01.0622 2012  kbdclass - ok
18:26:01.0676 2012  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:26:01.0727 2012  kbdhid - ok
18:26:01.0773 2012  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
18:26:01.0842 2012  KeyIso - ok
18:26:01.0906 2012  [ EA26CB00F83686856F2C79673C00C686 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
18:26:02.0027 2012  kl1 - ok
18:26:02.0136 2012  [ BE21AC70BB25B9BA0D79AA510D6BBFCB ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:26:02.0264 2012  KLIF - ok
18:26:02.0342 2012  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:26:02.0358 2012  KLIM6 - ok
18:26:02.0457 2012  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
18:26:02.0470 2012  klkbdflt - ok
18:26:02.0504 2012  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:26:02.0516 2012  klmouflt - ok
18:26:02.0554 2012  [ 8FD802F86D4AB3FB329B8E51517BFF2A ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
18:26:02.0571 2012  kltdi - ok
18:26:02.0605 2012  [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
18:26:02.0623 2012  kneps - ok
18:26:02.0651 2012  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:26:02.0680 2012  KSecDD - ok
18:26:02.0815 2012  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:26:02.0970 2012  KtmRm - ok
18:26:03.0006 2012  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:26:03.0074 2012  LanmanServer - ok
18:26:03.0114 2012  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:26:03.0209 2012  LanmanWorkstation - ok
18:26:03.0245 2012  [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:26:03.0272 2012  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:26:03.0272 2012  LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:26:03.0311 2012  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:26:03.0358 2012  lltdio - ok
18:26:03.0410 2012  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:26:03.0442 2012  lltdsvc - ok
18:26:03.0497 2012  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:26:03.0567 2012  lmhosts - ok
18:26:03.0591 2012  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:26:03.0607 2012  LSI_FC - ok
18:26:03.0626 2012  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:26:03.0642 2012  LSI_SAS - ok
18:26:03.0667 2012  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:26:03.0683 2012  LSI_SCSI - ok
18:26:03.0697 2012  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:26:03.0781 2012  luafv - ok
18:26:03.0786 2012  MBAMSwissArmy - ok
18:26:03.0814 2012  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:26:03.0911 2012  Mcx2Svc - ok
18:26:03.0961 2012  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:26:03.0976 2012  megasas - ok
18:26:04.0007 2012  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:26:04.0116 2012  MegaSR - ok
18:26:04.0309 2012  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:26:04.0324 2012  Microsoft Office Groove Audit Service - ok
18:26:04.0360 2012  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:26:04.0452 2012  MMCSS - ok
18:26:04.0466 2012  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:26:04.0521 2012  Modem - ok
18:26:04.0580 2012  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:26:04.0608 2012  monitor - ok
18:26:04.0623 2012  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:26:04.0669 2012  mouclass - ok
18:26:04.0723 2012  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:26:04.0781 2012  mouhid - ok
18:26:04.0798 2012  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:26:04.0813 2012  MountMgr - ok
18:26:04.0856 2012  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:26:04.0873 2012  mpio - ok
18:26:04.0909 2012  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:26:04.0953 2012  mpsdrv - ok
18:26:04.0988 2012  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:26:05.0106 2012  MpsSvc - ok
18:26:05.0135 2012  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:26:05.0181 2012  Mraid35x - ok
18:26:05.0203 2012  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:26:05.0267 2012  MRxDAV - ok
18:26:05.0295 2012  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:05.0365 2012  mrxsmb - ok
18:26:05.0380 2012  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:05.0432 2012  mrxsmb10 - ok
18:26:05.0437 2012  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:05.0463 2012  mrxsmb20 - ok
18:26:05.0491 2012  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
18:26:05.0505 2012  msahci - ok
18:26:05.0517 2012  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:26:05.0534 2012  msdsm - ok
18:26:05.0550 2012  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:26:05.0581 2012  MSDTC - ok
18:26:05.0601 2012  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:26:05.0651 2012  Msfs - ok
18:26:05.0672 2012  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:26:05.0688 2012  msisadrv - ok
18:26:05.0732 2012  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:26:05.0787 2012  MSiSCSI - ok
18:26:05.0793 2012  msiserver - ok
18:26:05.0840 2012  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:26:05.0972 2012  MSKSSRV - ok
18:26:05.0999 2012  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:06.0051 2012  MSPCLOCK - ok
18:26:06.0079 2012  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:26:06.0110 2012  MSPQM - ok
18:26:06.0138 2012  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:26:06.0157 2012  MsRPC - ok
18:26:06.0167 2012  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:26:06.0184 2012  mssmbios - ok
18:26:06.0211 2012  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:26:06.0270 2012  MSTEE - ok
18:26:06.0291 2012  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:26:06.0345 2012  Mup - ok
18:26:06.0381 2012  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
18:26:06.0489 2012  napagent - ok
18:26:06.0541 2012  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:26:06.0561 2012  NativeWifiP - ok
18:26:06.0608 2012  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:26:06.0672 2012  NDIS - ok
18:26:06.0733 2012  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:06.0814 2012  NdisTapi - ok
18:26:06.0842 2012  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:06.0881 2012  Ndisuio - ok
18:26:06.0933 2012  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:06.0978 2012  NdisWan - ok
18:26:07.0003 2012  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:26:07.0055 2012  NDProxy - ok
18:26:07.0109 2012  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:26:07.0139 2012  NetBIOS - ok
18:26:07.0210 2012  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:26:07.0290 2012  netbt - ok
18:26:07.0295 2012  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
18:26:07.0308 2012  Netlogon - ok
18:26:07.0350 2012  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
18:26:07.0430 2012  Netman - ok
18:26:07.0473 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0501 2012  NetMsmqActivator - ok
18:26:07.0511 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0524 2012  NetPipeActivator - ok
18:26:07.0552 2012  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
18:26:07.0585 2012  netprofm - ok
18:26:07.0591 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0605 2012  NetTcpActivator - ok
18:26:07.0611 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0624 2012  NetTcpPortSharing - ok
18:26:07.0665 2012  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:26:07.0718 2012  nfrd960 - ok
18:26:07.0750 2012  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:26:07.0801 2012  NlaSvc - ok
18:26:07.0850 2012  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:26:07.0895 2012  Npfs - ok
18:26:07.0915 2012  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:26:07.0962 2012  nsi - ok
18:26:08.0014 2012  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:26:08.0089 2012  nsiproxy - ok
18:26:08.0158 2012  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:26:08.0413 2012  Ntfs - ok
18:26:08.0449 2012  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:26:08.0502 2012  ntrigdigi - ok
18:26:08.0516 2012  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:26:08.0544 2012  Null - ok
18:26:08.0630 2012  [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:26:08.0692 2012  NVENETFD - ok
18:26:10.0025 2012  [ 87522F44E3291B059A220ACC8AB0B54E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:26:11.0524 2012  nvlddmkm - ok
18:26:11.0557 2012  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:26:11.0578 2012  nvraid - ok
18:26:11.0598 2012  [ 085E88101D0D4B321ABF9C7E2B6EE99D ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys
18:26:11.0613 2012  nvrd32 - ok
18:26:11.0636 2012  [ 62754E376185EACBB73D06FEA0FFC54A ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
18:26:11.0758 2012  nvsmu - ok
18:26:11.0772 2012  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:26:11.0786 2012  nvstor - ok
18:26:11.0805 2012  [ 17E55BACBE90B0E97A2219B4B67A6011 ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys
18:26:11.0822 2012  nvstor32 - ok
18:26:11.0868 2012  [ 9D7033C20C209EF90C8DF24FFBA854EF ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:26:12.0082 2012  nvsvc - ok
18:26:12.0295 2012  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:26:12.0391 2012  nvUpdatusService - ok
18:26:12.0421 2012  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:26:12.0438 2012  nv_agp - ok
18:26:12.0442 2012  NwlnkFlt - ok
18:26:12.0449 2012  NwlnkFwd - ok
18:26:12.0576 2012  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:26:12.0601 2012  odserv - ok
18:26:12.0677 2012  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:26:12.0723 2012  ohci1394 - ok
18:26:12.0760 2012  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:12.0774 2012  ose - ok
18:26:12.0816 2012  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:26:12.0982 2012  p2pimsvc - ok
18:26:13.0006 2012  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:26:13.0086 2012  p2psvc - ok
18:26:13.0122 2012  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:26:13.0220 2012  Parport - ok
18:26:13.0255 2012  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:26:13.0272 2012  partmgr - ok
18:26:13.0289 2012  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:26:13.0358 2012  Parvdm - ok
18:26:13.0402 2012  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:26:13.0450 2012  PcaSvc - ok
18:26:13.0493 2012  [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:26:13.0541 2012  pccsmcfd - ok
18:26:13.0571 2012  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
18:26:13.0592 2012  pci - ok
18:26:13.0605 2012  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
18:26:13.0652 2012  pciide - ok
18:26:13.0711 2012  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:26:13.0814 2012  pcmcia - ok
18:26:13.0893 2012  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:26:13.0974 2012  PEAUTH - ok
18:26:14.0071 2012  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
18:26:14.0284 2012  pla - ok
18:26:14.0372 2012  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:26:14.0454 2012  PlugPlay - ok
18:26:14.0487 2012  [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
18:26:14.0502 2012  PnkBstrA - ok
18:26:14.0523 2012  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:26:14.0550 2012  PNRPAutoReg - ok
18:26:14.0610 2012  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:26:14.0691 2012  PNRPsvc - ok
18:26:14.0784 2012  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:26:14.0871 2012  PolicyAgent - ok
18:26:14.0908 2012  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:26:15.0020 2012  PptpMiniport - ok
18:26:15.0049 2012  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:26:15.0084 2012  Processor - ok
18:26:15.0102 2012  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:26:15.0126 2012  ProfSvc - ok
18:26:15.0142 2012  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:26:15.0176 2012  ProtectedStorage - ok
18:26:15.0221 2012  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:26:15.0265 2012  PSched - ok
18:26:15.0346 2012  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:26:15.0554 2012  ql2300 - ok
18:26:15.0573 2012  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:26:15.0587 2012  ql40xx - ok
18:26:15.0650 2012  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
18:26:15.0672 2012  QWAVE - ok
18:26:15.0677 2012  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:26:15.0692 2012  QWAVEdrv - ok
18:26:15.0705 2012  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:26:15.0792 2012  RasAcd - ok
18:26:15.0832 2012  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:26:15.0882 2012  RasAuto - ok
18:26:15.0908 2012  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:15.0960 2012  Rasl2tp - ok
18:26:16.0032 2012  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
18:26:16.0112 2012  RasMan - ok
18:26:16.0139 2012  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:16.0217 2012  RasPppoe - ok
18:26:16.0262 2012  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:26:16.0310 2012  RasSstp - ok
18:26:16.0365 2012  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:26:16.0391 2012  rdbss - ok
18:26:16.0420 2012  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:26:16.0505 2012  RDPCDD - ok
18:26:16.0541 2012  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:26:16.0600 2012  rdpdr - ok
18:26:16.0606 2012  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:26:16.0634 2012  RDPENCDD - ok
18:26:16.0677 2012  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:26:16.0755 2012  RDPWD - ok
18:26:16.0803 2012  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:26:16.0855 2012  RemoteAccess - ok
18:26:16.0894 2012  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:26:16.0966 2012  RemoteRegistry - ok
18:26:16.0991 2012  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:26:17.0043 2012  RpcLocator - ok
18:26:17.0071 2012  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
18:26:17.0160 2012  RpcSs - ok
18:26:17.0234 2012  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:26:17.0328 2012  rspndr - ok
18:26:17.0349 2012  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
18:26:17.0367 2012  SamSs - ok
18:26:17.0377 2012  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:26:17.0393 2012  sbp2port - ok
18:26:17.0429 2012  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:26:17.0453 2012  SCardSvr - ok
18:26:17.0548 2012  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
18:26:17.0707 2012  Schedule - ok
18:26:17.0724 2012  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:26:17.0745 2012  SCPolicySvc - ok
18:26:17.0772 2012  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:26:17.0880 2012  SDRSVC - ok
18:26:17.0895 2012  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:26:17.0970 2012  secdrv - ok
18:26:17.0995 2012  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:26:18.0028 2012  seclogon - ok
18:26:18.0061 2012  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:26:18.0152 2012  SENS - ok
18:26:18.0180 2012  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:26:18.0255 2012  Serenum - ok
18:26:18.0278 2012  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
18:26:18.0379 2012  Serial - ok
18:26:18.0424 2012  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:26:18.0455 2012  sermouse - ok
18:26:18.0588 2012  [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:26:18.0662 2012  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:26:18.0662 2012  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:26:18.0701 2012  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:26:18.0764 2012  SessionEnv - ok
18:26:18.0792 2012  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:26:18.0812 2012  sffdisk - ok
18:26:18.0826 2012  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:26:18.0875 2012  sffp_mmc - ok
18:26:18.0898 2012  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:26:19.0012 2012  sffp_sd - ok
18:26:19.0032 2012  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:26:19.0099 2012  sfloppy - ok
18:26:19.0133 2012  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:26:19.0191 2012  SharedAccess - ok
18:26:19.0278 2012  [ 179AF7B52C59EED5635F69870D9E75E0 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:26:19.0380 2012  ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
18:26:19.0380 2012  ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
18:26:19.0404 2012  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:26:19.0423 2012  sisagp - ok
18:26:19.0439 2012  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:26:19.0454 2012  SiSRaid2 - ok
18:26:19.0495 2012  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:26:19.0567 2012  SiSRaid4 - ok
18:26:19.0675 2012  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:26:19.0690 2012  SkypeUpdate - ok
18:26:19.0808 2012  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
18:26:20.0205 2012  slsvc - ok
18:26:20.0309 2012  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:26:20.0373 2012  SLUINotify - ok
18:26:20.0405 2012  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:26:20.0431 2012  Smb - ok
18:26:20.0472 2012  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:26:20.0506 2012  SNMPTRAP - ok
18:26:20.0664 2012  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
18:26:20.0679 2012  Sony PC Companion - ok
18:26:20.0711 2012  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:26:20.0731 2012  spldr - ok
18:26:20.0755 2012  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
18:26:20.0818 2012  Spooler - ok
18:26:20.0866 2012  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:26:20.0926 2012  srv - ok
18:26:20.0958 2012  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:26:21.0045 2012  srv2 - ok
18:26:21.0075 2012  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:26:21.0110 2012  srvnet - ok
18:26:21.0159 2012  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:26:21.0256 2012  SSDPSRV - ok
18:26:21.0280 2012  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:26:21.0360 2012  SstpSvc - ok
18:26:21.0391 2012  [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
18:26:21.0404 2012  ss_bbus - ok
18:26:21.0440 2012  [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:26:21.0451 2012  ss_bmdfl - ok
18:26:21.0483 2012  [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:26:21.0498 2012  ss_bmdm - ok
18:26:21.0552 2012  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:26:21.0668 2012  StillCam - ok
18:26:21.0723 2012  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
18:26:21.0797 2012  stisvc - ok
18:26:21.0857 2012  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:26:21.0936 2012  swenum - ok
18:26:21.0994 2012  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
18:26:22.0023 2012  swprv - ok
18:26:22.0039 2012  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:26:22.0053 2012  Symc8xx - ok
18:26:22.0066 2012  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:26:22.0081 2012  Sym_hi - ok
18:26:22.0098 2012  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:26:22.0113 2012  Sym_u3 - ok
18:26:22.0171 2012  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
18:26:22.0260 2012  SysMain - ok
18:26:22.0301 2012  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:26:22.0351 2012  TabletInputService - ok
18:26:22.0420 2012  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:26:22.0504 2012  TapiSrv - ok
18:26:22.0524 2012  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:26:22.0573 2012  TBS - ok
18:26:22.0657 2012  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:26:22.0813 2012  Tcpip - ok
18:26:22.0920 2012  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:26:22.0954 2012  Tcpip6 - ok
18:26:23.0013 2012  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:26:23.0084 2012  tcpipreg - ok
18:26:23.0106 2012  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:26:23.0134 2012  TDPIPE - ok
18:26:23.0151 2012  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:26:23.0201 2012  TDTCP - ok
18:26:23.0224 2012  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:26:23.0272 2012  tdx - ok
18:26:23.0296 2012  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:26:23.0375 2012  TermDD - ok
18:26:23.0410 2012  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
18:26:23.0466 2012  TermService - ok
18:26:23.0551 2012  [ 179AF7B52C59EED5635F69870D9E75E0 ] Themes          C:\Windows\system32\shsvcs.dll
18:26:23.0561 2012  Themes ( UnsignedFile.Multi.Generic ) - warning
18:26:23.0561 2012  Themes - detected UnsignedFile.Multi.Generic (1)
18:26:23.0584 2012  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:26:23.0614 2012  THREADORDER - ok
18:26:23.0673 2012  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:26:23.0721 2012  TrkWks - ok
18:26:23.0846 2012  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:26:23.0883 2012  TrustedInstaller - ok
18:26:23.0920 2012  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:23.0951 2012  tssecsrv - ok
18:26:23.0964 2012  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:26:24.0011 2012  tunmp - ok
18:26:24.0032 2012  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:26:24.0133 2012  tunnel - ok
18:26:24.0160 2012  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:26:24.0232 2012  uagp35 - ok
18:26:24.0302 2012  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:26:24.0340 2012  udfs - ok
18:26:24.0403 2012  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:26:24.0489 2012  UI0Detect - ok
18:26:24.0531 2012  [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:26:24.0537 2012  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:26:24.0537 2012  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:26:24.0549 2012  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:26:24.0566 2012  uliagpkx - ok
18:26:24.0592 2012  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:26:24.0665 2012  uliahci - ok
18:26:24.0684 2012  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:26:24.0699 2012  UlSata - ok
18:26:24.0713 2012  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:26:24.0733 2012  ulsata2 - ok
18:26:24.0765 2012  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:26:24.0792 2012  umbus - ok
18:26:24.0824 2012  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
18:26:24.0898 2012  upnphost - ok
18:26:24.0948 2012  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:26:24.0986 2012  usbaudio - ok
18:26:25.0045 2012  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:25.0074 2012  usbccgp - ok
18:26:25.0110 2012  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:26:25.0190 2012  usbcir - ok
18:26:25.0211 2012  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:26:25.0256 2012  usbehci - ok
18:26:25.0288 2012  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:26:25.0345 2012  usbhub - ok
18:26:25.0382 2012  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:26:25.0421 2012  usbohci - ok
18:26:25.0441 2012  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:26:25.0485 2012  usbprint - ok
18:26:25.0530 2012  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:26:25.0605 2012  usbscan - ok
18:26:25.0627 2012  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:25.0651 2012  USBSTOR - ok
18:26:25.0666 2012  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:26:25.0688 2012  usbuhci - ok
18:26:25.0702 2012  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
18:26:25.0748 2012  UxSms - ok
18:26:25.0803 2012  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
18:26:25.0878 2012  vds - ok
18:26:25.0912 2012  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:25.0974 2012  vga - ok
18:26:26.0001 2012  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:26:26.0028 2012  VgaSave - ok
18:26:26.0041 2012  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:26:26.0056 2012  viaagp - ok
18:26:26.0072 2012  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:26:26.0101 2012  ViaC7 - ok
18:26:26.0117 2012  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:26:26.0136 2012  viaide - ok
18:26:26.0179 2012  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:26:26.0233 2012  volmgr - ok
18:26:26.0251 2012  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:26:26.0275 2012  volmgrx - ok
18:26:26.0310 2012  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:26:26.0383 2012  volsnap - ok
18:26:26.0402 2012  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:26:26.0476 2012  vsmraid - ok
18:26:26.0509 2012  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
18:26:26.0590 2012  VSS - ok
18:26:26.0638 2012  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
18:26:26.0716 2012  W32Time - ok
18:26:26.0742 2012  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:26:26.0790 2012  WacomPen - ok
18:26:26.0813 2012  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:26:26.0877 2012  Wanarp - ok
18:26:26.0881 2012  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:26:26.0904 2012  Wanarpv6 - ok
18:26:26.0964 2012  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:26:27.0040 2012  wcncsvc - ok
18:26:27.0082 2012  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:26:27.0124 2012  WcsPlugInService - ok
18:26:27.0151 2012  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
18:26:27.0223 2012  Wd - ok
18:26:27.0255 2012  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:26:27.0386 2012  Wdf01000 - ok
18:26:27.0442 2012  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:26:27.0557 2012  WdiServiceHost - ok
18:26:27.0561 2012  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:26:27.0590 2012  WdiSystemHost - ok
18:26:27.0628 2012  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
18:26:27.0651 2012  WebClient - ok
18:26:27.0693 2012  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:26:27.0765 2012  Wecsvc - ok
18:26:27.0779 2012  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:26:27.0823 2012  wercplsupport - ok
18:26:27.0857 2012  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:26:27.0883 2012  WerSvc - ok
18:26:27.0970 2012  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:26:27.0991 2012  WinDefend - ok
18:26:28.0057 2012  [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
18:26:28.0177 2012  WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
18:26:28.0177 2012  WinDriver6 - detected UnsignedFile.Multi.Generic (1)
18:26:28.0181 2012  WinHttpAutoProxySvc - ok
18:26:28.0263 2012  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:26:28.0286 2012  Winmgmt - ok
18:26:28.0331 2012  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:26:28.0532 2012  WinRM - ok
18:26:28.0582 2012  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:26:28.0702 2012  Wlansvc - ok
18:26:28.0823 2012  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:26:28.0929 2012  wlidsvc - ok
18:26:28.0981 2012  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:26:29.0091 2012  WmiAcpi - ok
18:26:29.0123 2012  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:26:29.0166 2012  wmiApSrv - ok
18:26:29.0317 2012  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:26:29.0596 2012  WMPNetworkSvc - ok
18:26:29.0621 2012  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:26:29.0695 2012  WPCSvc - ok
18:26:29.0722 2012  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:26:29.0782 2012  WPDBusEnum - ok
18:26:29.0838 2012  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:26:29.0883 2012  WpdUsb - ok
18:26:29.0990 2012  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:26:30.0034 2012  WPFFontCache_v0400 - ok
18:26:30.0069 2012  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:26:30.0116 2012  ws2ifsl - ok
18:26:30.0164 2012  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
18:26:30.0196 2012  wscsvc - ok
18:26:30.0200 2012  WSearch - ok
18:26:30.0286 2012  [ 640D75DC77F6D0CFE654F7EA5BFE1421 ] WsysSvc         C:\ProgramData\eSafe\eGdpSvc.exe
18:26:30.0423 2012  WsysSvc - ok
18:26:30.0523 2012  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:26:30.0785 2012  wuauserv - ok
18:26:30.0836 2012  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:26:30.0865 2012  WudfPf - ok
18:26:30.0956 2012  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:31.0055 2012  WUDFRd - ok
18:26:31.0088 2012  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:26:31.0105 2012  wudfsvc - ok
18:26:31.0172 2012  [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:26:31.0185 2012  xusb21 - ok
18:26:31.0217 2012  ================ Scan global ===============================
18:26:31.0245 2012  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:26:31.0285 2012  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:26:31.0304 2012  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:26:31.0345 2012  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:26:31.0415 2012  [Global] - ok
18:26:31.0416 2012  ================ Scan MBR ==================================
18:26:31.0427 2012  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
18:26:31.0971 2012  \Device\Harddisk0\DR0 - ok
18:26:31.0971 2012  ================ Scan VBR ==================================
18:26:31.0974 2012  [ D7B3D8C6E635394AA5CF6A891109C6C9 ] \Device\Harddisk0\DR0\Partition1
18:26:31.0976 2012  \Device\Harddisk0\DR0\Partition1 - ok
18:26:31.0980 2012  [ 900265109F1213C58F9AB5896A75CAAA ] \Device\Harddisk0\DR0\Partition2
18:26:31.0982 2012  \Device\Harddisk0\DR0\Partition2 - ok
18:26:31.0982 2012  ============================================================
18:26:31.0982 2012  Scan finished
18:26:31.0982 2012  ============================================================
18:26:31.0996 5464  Detected object count: 10
18:26:31.0996 5464  Actual detected object count: 10
18:26:57.0336 5464  ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0336 5464  ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0336 5464  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0337 5464  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0338 5464  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0338 5464  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0341 5464  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0341 5464  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0342 5464  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0342 5464  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0344 5464  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0344 5464  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0346 5464  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0346 5464  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0347 5464  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0347 5464  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0350 5464  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0350 5464  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:57.0352 5464  WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0352 5464  WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:27:03.0217 0208  Deinitialize success
         


Alt 08.07.2013, 18:37   #6
markusg
/// Malware-holic
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Qv06 Virus geht nicht weg.

Alt 08.07.2013, 19:23   #7
Fichi3d
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



Combofix funktioniert leider nicht. Er sucht länger als eine halbe Stunde und findet nichts.

Alt 08.07.2013, 19:25   #8
markusg
/// Malware-holic
 
Qv06 Virus geht nicht weg. - Standard

Qv06 Virus geht nicht weg.



i,
Hwas heißt, findet nichts. laufen die Stufen weiter, wo hängt er?
die angegebene Zeit im Combofix fenster ist natürlich nur ein Richtwert, solange die Stufen weiter fertiggestellt werden ists ok
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Qv06 Virus geht nicht weg.
browser, browser hijacker, ebenfalls, einstellungen, entferne, entfernen, geblockt, geht nicht weg, hartnäckig, heute, hijacker, kis, link, malwarebytes, paypal, programme, programmen, qv06 virus, rechtsklick, schonmal, seite, startseite, virus, virus entfernen, vitus, webbrowser, website, woche, wochen, ändern



Ähnliche Themen: Qv06 Virus geht nicht weg.


  1. Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (19)
  2. Virus? PC Langsam Anti-Virus/GMER geht nicht!
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (11)
  3. Auf ein mal mehrere Probleme: Datein nicht zu öffnen, youtube geht nicht, Download geht nicht...
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (20)
  4. QV06 ! virus ?
    Log-Analyse und Auswertung - 08.10.2013 (9)
  5. Virus Whilokii/QV06?
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (7)
  6. Windows 7: Infektion mit qv06 lässt sich nicht entfernen!
    Log-Analyse und Auswertung - 22.09.2013 (11)
  7. QV06 Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (16)
  8. QV06 Virus Reste entfernen
    Log-Analyse und Auswertung - 12.09.2013 (9)
  9. Startseiten von IE und FF werden auf QV06 umgeleitet. Virus?
    Log-Analyse und Auswertung - 04.09.2013 (16)
  10. qv06-Virus eingefangen
    Log-Analyse und Auswertung - 30.08.2013 (7)
  11. Windows 7: QV06 Virus verschwindet nicht
    Log-Analyse und Auswertung - 23.08.2013 (3)
  12. Qv06 enfternt oder doch nicht?
    Log-Analyse und Auswertung - 22.08.2013 (9)
  13. QV06 Virus, ich werde es nicht los
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (9)
  14. Qv06 Virus
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (15)
  15. Win7 herunterfahren Button reagiert nicht, strg+alt+entf geht nicht mehr & cmd.exe geht nicht auf
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (25)
  16. Virus systemsteuerung nicht vorhanden systemwiederherstellung geht nicht...
    Log-Analyse und Auswertung - 10.05.2011 (8)
  17. Virus ja nein?Anti Virus geht nicht mehr!
    Antiviren-, Firewall- und andere Schutzprogramme - 05.08.2010 (23)

Zum Thema Qv06 Virus geht nicht weg. - Hallo alle, Ich habe mir vor Ca. 2 Wochen den Browser Hijacker "Qv06" auf den PC gezogen. Ich habe es zwar schon geschafft die Startseite wieder zu ändern(Rechtsklick auf Browser>Einstellungen>Link - Qv06 Virus geht nicht weg....
Archiv
Du betrachtest: Qv06 Virus geht nicht weg. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.