| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Qv06 Virus geht nicht weg.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2013, 13:35
| #1 |
| |  Qv06 Virus geht nicht weg. Hallo alle, Ich habe mir vor Ca. 2 Wochen den Browser Hijacker "Qv06" auf den PC gezogen. Ich habe es zwar schon geschafft die Startseite wieder zu ändern(Rechtsklick auf Browser>Einstellungen>Link hinter den Ziel entfernen). Ich wollte mit vielen Programmen den Virus entfernen (Malwarebytes, Spyhunter 4 usw.). Zuerst dachte ich, dass er weg wäre doch als ich heute auf die PayPal Website wollte, hat mich JEDER Webbrowser geblockt bzw. Wollte mir die Wensite nicht anzeigem. Ich vermute dass es der Virus ist und KIS 2013 findet den Virus ebenfalls nicht. Danke schonmal im Vorraus |
|
08.07.2013, 13:40
| #2 |
| /// Malware-holic   |  Qv06 Virus geht nicht weg. Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
08.07.2013, 17:12
| #3 |
| | Qv06 Virus geht nicht weg. Hier mal die Extras.txt:
__________________Code:
ATTFilter GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 26.06.2013 12:19:23 | Computer Name = JerchelPC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 01.07.2013 12:55:19 | Computer Name = JerchelPC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 17.01.2011 11:17:33 | Computer Name = JerchelPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 120 seconds of active time. This session ended with a crash.
Error - 13.03.2011 05:51:36 | Computer Name = JerchelPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.09.2011 12:38:18 | Computer Name = JerchelPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 286
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.07.2013 03:33:12 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7009
Description =
Error - 07.07.2013 03:33:12 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.07.2013 03:34:21 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7009
Description =
Error - 07.07.2013 03:34:21 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.07.2013 10:46:00 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description =
Error - 07.07.2013 10:53:08 | Computer Name = JerchelPC | Source = DCOM | ID = 10010
Description =
Error - 08.07.2013 03:25:26 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.07.2013 03:36:22 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.07.2013 06:53:04 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.07.2013 08:41:25 | Computer Name = JerchelPC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 08.07.2013 17:31:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian Jerchel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,12% Memory free 6,20 Gb Paging File | 4,80 Gb Available in Paging File | 77,34% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,36 Gb Total Space | 225,99 Gb Free Space | 49,85% Space Free | Partition Type: NTFS Drive D: | 12,39 Gb Total Space | 1,71 Gb Free Space | 13,76% Space Free | Partition Type: NTFS Computer Name: JERCHELPC | User Name: Christian Jerchel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.08 17:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian Jerchel\Desktop\OTL.exe PRC - [2013.07.04 12:36:40 | 000,567,880 | ---- | M] () -- C:\Program Files\puush\puush.exe PRC - [2013.07.04 09:16:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.16 07:27:22 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe PRC - [2012.12.10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.08.17 21:38:34 | 000,200,120 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtbws.exe PRC - [2012.03.07 00:06:52 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.03.07 00:06:32 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.09.07 12:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.03 16:41:20 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2003.11.19 13:03:40 | 000,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2013.07.04 12:36:40 | 000,567,880 | ---- | M] () -- C:\Program Files\puush\puush.exe MOD - [2013.05.20 07:54:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fd0b6f713b92e3fbd443f1f1cb058381\System.Configuration.ni.dll MOD - [2013.05.17 17:36:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\74fa000afba3305d1d765611cd66674e\System.Windows.Forms.ni.dll MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTMUI.dll MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTHAL.dll MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTCore.dll MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTUI.dll MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTFC.dll MOD - [2013.01.10 15:20:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8859ad331b1b2c02c03a81c3c0c7b5a2\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 15:20:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\025fc2d92484ad7c0fe120a8fd44d47b\System.Xml.ni.dll MOD - [2013.01.10 15:19:25 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\44025a748649f45d638ca47bc9a0ead3\System.Drawing.ni.dll MOD - [2013.01.10 15:18:27 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d70cd42bae1e041b6c3d937303b8f03c\System.ni.dll MOD - [2013.01.10 15:18:14 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files\MSI Afterburner\RTTSH.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2010.06.28 18:12:47 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2010.02.10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.07.04 09:16:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc) SRV - [2013.06.12 18:46:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.16 07:27:22 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.12.10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv) DRV - [2013.07.03 17:18:35 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2013.05.16 07:27:20 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2013.05.16 07:27:20 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2012.03.07 01:06:00 | 011,407,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.06 14:24:40 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32) DRV - [2009.07.27 17:45:35 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.08.01 14:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.07.21 18:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.05.22 11:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=395049983_1052451_9E10E6CC&ts=1373034886 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{18237890-2735-480A-B070-1E6F6E31D14A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\..\SearchScopes\{2F9C5E29-E769-47B1-9E31-112F6A113055}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=395049983_1052451_9E10E6CC&ts=7209033 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3321154450784934&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKLM\..\SearchScopes\{B7F50122-58FC-4823-A630-7744ECB0C208}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=395049983_1052451_9E10E6CC&ts=1372698548 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Christian Jerchel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Christian Jerchel\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Christian Jerchel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christian Jerchel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christian Jerchel\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian Jerchel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.07.03 14:25:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.07.03 14:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.07.03 14:25:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com [2013.07.03 14:25:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com [2013.07.03 14:25:11 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_1\npBFHUpdater.dll CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_1\BFHUpdater.exe CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Christian Jerchel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian Jerchel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: Bitdefender QuickScan = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\ CHR - Extension: Google Mail = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\Christian Jerchel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Facebook Connect) - {11DCAFD6-DDBA-4ADA-998B-996B7B691AE0} - C:\Users\Manfred Jerchel\AppData\Roaming\FBConnect\IE\FBConnect.dll (Facebook Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [HPADVISOR] File not found O4 - HKCU..\Run: [puush] C:\Program Files\puush\puush.exe () O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ie_banner_deny.htm () O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D705716D-686F-4756-9B95-0CCD3C86981D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{44dd71ad-92e7-11e2-8b3d-002354f0e2e0}\Shell - "" = AutoRun O33 - MountPoints2\{44dd71ad-92e7-11e2-8b3d-002354f0e2e0}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) MsConfig - StartUpReg: DVDAgent - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.07.08 17:30:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian Jerchel\Desktop\OTL.exe [2013.07.08 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\QuickScan [2013.07.08 13:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2013.07.08 13:16:47 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Fighters [2013.07.08 13:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2013.07.07 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013.07.07 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\NVIDIA [2013.07.06 20:12:53 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.07.06 19:24:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2013.07.06 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.07.06 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.07.06 18:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal Beta [2013.07.06 18:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Craften Terminal Beta [2013.07.05 19:09:51 | 000,367,014 | ---- | C] (hxxp://magiclauncher.com) -- C:\Users\Christian Jerchel\Desktop\MagicLauncher_1.1.6.exe [2013.07.04 18:32:17 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\Documents\New Unity Project [2013.07.04 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\PACE Anti-Piracy [2013.07.04 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\PACE Anti-Piracy [2013.07.04 18:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2013.07.04 18:21:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects [2013.07.04 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity [2013.07.04 18:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unity [2013.07.03 16:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.07.03 14:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.07.03 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.07.03 14:21:41 | 000,594,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys [2013.07.03 14:21:41 | 000,074,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys [2013.07.02 19:00:30 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Malwarebytes [2013.07.02 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.02 18:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.01 19:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BasicServe [2013.07.01 19:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\BasicServe [2013.07.01 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013.06.30 12:52:14 | 000,000,000 | R--D | C] -- C:\Users\Christian Jerchel\Download [2013.06.28 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\puush [2013.06.28 19:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush [2013.06.28 19:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\puush [2013.06.26 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Mozilla [2013.06.22 20:00:38 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Need for Speed World [2013.06.22 13:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2013.06.19 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\MC Back [2013.06.17 19:02:51 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\.minecraft [2013.06.14 18:00:47 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\Temporary Projects [2013.06.14 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks [2013.06.14 14:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Geevs [2013.06.14 14:19:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lightworks [2013.06.14 14:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lightworks [2013.06.13 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\Desktop\Tutorials [2013.06.12 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Roaming\Hewlett-Packard_Company [2013.06.12 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\Hewlett-Packard_Company [2013.06.09 16:07:44 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\Documents\Pinnacle VideoSpin [2013.06.09 11:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin [2013.06.09 11:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo! [2013.06.09 11:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin [2013.06.09 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle [2013.06.09 11:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle [2013.06.09 11:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle [2013.06.09 11:22:12 | 000,000,000 | ---D | C] -- C:\Users\Christian Jerchel\AppData\Local\Downloaded Installations [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Christian Jerchel\Desktop\*.tmp files -> C:\Users\Christian Jerchel\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.08 17:30:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian Jerchel\Desktop\OTL.exe [2013.07.08 17:23:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.08 17:23:14 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RealUpgradeLogonTaskS-1-5-21-1462046329-529929945-268080420-1000.job [2013.07.08 17:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.08 16:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.08 16:44:00 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001UA.job [2013.07.08 16:39:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 16:39:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 15:11:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForManfred Jerchel.job [2013.07.08 14:44:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001Core.job [2013.07.08 14:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.08 10:17:16 | 513,341,191 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_12_21_450.avi [2013.07.08 10:11:14 | 2654,572,181 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_03_33_135.avi [2013.07.08 10:00:58 | 1830,559,338 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_08_09_59_21_602.avi [2013.07.07 09:56:28 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.07.06 18:08:35 | 000,000,919 | ---- | M] () -- C:\Users\Christian Jerchel\Desktop\Craften Terminal .lnk [2013.07.06 14:31:14 | 431,116,420 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_19_01_538.avi [2013.07.05 19:10:02 | 000,367,014 | ---- | M] (hxxp://magiclauncher.com) -- C:\Users\Christian Jerchel\Desktop\MagicLauncher_1.1.6.exe [2013.07.05 18:46:58 | 1399,450,622 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_05_18_44_22_468.avi [2013.07.05 18:38:47 | 000,001,199 | ---- | M] () -- C:\Users\Christian Jerchel\Desktop\Google Chrome.lnk [2013.07.04 18:21:45 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk [2013.07.04 13:44:09 | 815,163,506 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\GMTE 2_2013_07_04_13_16_09_112.avi [2013.07.04 13:16:11 | 803,325,533 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_04_13_07_53_149.avi [2013.07.03 18:44:35 | 000,080,450 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle2.pdf [2013.07.03 18:44:18 | 000,077,001 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle1.pdf [2013.07.03 17:18:35 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys [2013.07.03 17:12:00 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1462046329-529929945-268080420-1000.job [2013.07.03 14:26:45 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.07.01 18:56:57 | 000,000,385 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.scn [2013.07.01 18:56:31 | 000,746,584 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.A.index [2013.07.01 18:56:30 | 000,746,096 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.index [2013.07.01 18:55:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2013.07.01 18:51:53 | 2993,529,326 | ---- | M] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi [2013.07.01 18:03:27 | 000,484,992 | ---- | M] () -- C:\Users\Christian Jerchel\Desktop\Minecraft.exe [2013.06.30 10:05:50 | 000,001,031 | ---- | M] () -- C:\WildTangent Games App - hp.lnk [2013.06.26 18:18:49 | 000,054,272 | ---- | M] () -- C:\Users\Christian Jerchel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.22 13:33:31 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2013.06.17 17:13:28 | 000,671,440 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.17 17:13:28 | 000,632,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.17 17:13:28 | 000,144,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.17 17:13:28 | 000,118,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.09 16:03:13 | 000,488,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.09 11:25:11 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Christian Jerchel\Desktop\*.tmp files -> C:\Users\Christian Jerchel\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.08 15:10:58 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForManfred Jerchel.job [2013.07.08 10:12:21 | 513,341,191 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_12_21_450.avi [2013.07.08 10:03:33 | 2654,572,181 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\java_2013_07_08_10_03_33_135.avi [2013.07.08 09:59:22 | 1830,559,338 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_08_09_59_21_602.avi [2013.07.06 18:08:35 | 000,000,919 | ---- | C] () -- C:\Users\Christian Jerchel\Desktop\Craften Terminal .lnk [2013.07.05 18:44:25 | 1399,450,622 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_05_18_44_22_468.avi [2013.07.05 18:38:37 | 000,001,199 | ---- | C] () -- C:\Users\Christian Jerchel\Desktop\Google Chrome.lnk [2013.07.04 18:21:45 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk [2013.07.04 13:16:09 | 815,163,506 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\GMTE 2_2013_07_04_13_16_09_112.avi [2013.07.04 13:07:53 | 803,325,533 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_04_13_07_53_149.avi [2013.07.03 18:44:35 | 000,080,450 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle2.pdf [2013.07.03 18:44:16 | 000,077,001 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\BWR Geschäftsfälle1.pdf [2013.07.03 16:58:05 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.07.01 18:56:57 | 000,000,385 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.scn [2013.07.01 18:56:30 | 000,746,584 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.A.index [2013.07.01 18:56:30 | 000,746,096 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi.index [2013.07.01 18:36:20 | 2993,529,326 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_36_20_249.avi [2013.07.01 18:19:01 | 431,116,420 | ---- | C] () -- C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_19_01_538.avi [2013.06.22 13:33:31 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2013.06.09 11:25:11 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk [2013.06.09 11:22:26 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI [2013.05.28 19:25:15 | 000,005,020 | ---- | C] () -- C:\ProgramData\ubzyegls.kzt [2013.05.21 15:50:12 | 000,005,024 | ---- | C] () -- C:\ProgramData\qiwmnyln.lsb [2013.05.20 08:22:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.14 19:49:19 | 000,003,478 | ---- | C] () -- C:\Users\Christian Jerchel\.recently-used.xbel [2012.12.25 20:05:41 | 000,001,429 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Local\RecConfig.xml [2012.09.28 21:45:16 | 000,246,272 | ---- | C] () -- C:\Windows\System32\rtvcvfw64.dll [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll [2011.04.12 19:35:03 | 000,002,528 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Roaming\$_hpcst$.hpc [2011.04.05 20:08:18 | 000,007,592 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Local\d3d9caps.dat [2011.03.01 19:45:27 | 000,054,272 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.28 20:23:06 | 000,007,581 | ---- | C] () -- C:\Users\Christian Jerchel\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2013.07.07 09:46:44 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1462046329-529929945-268080420-1001\$RBDWY9K\n [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.07.08 13:39:12 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\.minecraft [2012.05.14 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\.mono [2013.06.07 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\AnvSoft [2011.03.28 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Atari [2013.01.03 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\avidemux [2013.03.06 19:35:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Blender Foundation [2011.03.05 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\CBL-Electronics [2013.07.08 13:17:27 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Fighters [2013.06.14 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\FileZilla [2013.02.09 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\FreeScreenToVideo [2013.03.14 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\gtk-2.0 [2013.02.11 17:07:54 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\JRT Studio [2012.05.14 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Kalypso Media [2013.06.19 13:52:17 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\MC Back [2013.07.07 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Minecraft Version Changer [2013.06.22 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Need for Speed World [2011.03.22 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\OpenOffice.org [2013.07.04 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\PACE Anti-Piracy [2011.04.12 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\PC Suite [2012.12.13 18:20:07 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\PeerNetworking [2012.05.14 17:25:40 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Pole Position 2012 [2013.06.28 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\puush [2013.07.08 17:24:40 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\QuickScan [2013.03.02 20:41:30 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\skyz [2011.04.19 20:09:43 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Try2 [2013.07.08 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\TS3Client [2012.01.08 20:07:57 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\ts3overlay [2011.04.15 16:02:18 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\UltraMixer [2011.07.01 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Unigraphics Solutions [2013.07.04 18:34:13 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\Unity [2011.03.06 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Christian Jerchel\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.15 16:38:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.11.07 10:57:15 | 000,000,000 | ---D | M] -- C:\ATRIS_ST [2010.01.03 11:50:00 | 000,000,000 | -HSD | M] -- C:\Boot [2013.01.24 14:44:39 | 000,000,000 | ---D | M] -- C:\d6541f6697dd6620f612e1b677d912 [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.07.18 09:55:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.01.06 12:08:53 | 000,000,000 | -H-D | M] -- C:\hp [2009.07.18 11:49:54 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.07.06 20:12:53 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.27 18:00:22 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.1 (de) Installation Files [2011.12.07 17:07:35 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.07.08 14:56:39 | 000,000,000 | ---D | M] -- C:\Program Files [2013.07.08 13:17:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.07.18 09:55:16 | 000,000,000 | -HSD | M] -- C:\Programme [2013.07.08 17:35:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.04.02 18:12:45 | 000,000,000 | ---D | M] -- C:\tmp [2013.07.06 19:28:47 | 000,000,000 | R--D | M] -- C:\Users [2013.07.08 09:25:59 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.02.03 13:38:59 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.02.03 13:39:00 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2010.07.09 14:21:14 | 000,000,542 | ---- | C] () -- C:\Windows\Tasks\Install.job [2011.06.16 18:55:46 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001Core.job [2011.06.16 18:55:46 | 000,001,168 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462046329-529929945-268080420-1001UA.job [2011.07.06 17:12:44 | 000,000,306 | ---- | C] () -- C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1462046329-529929945-268080420-1000.job [2011.07.06 17:12:49 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1462046329-529929945-268080420-1000.job [2012.04.04 14:28:20 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.07.08 14:39:47 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.07.08 15:10:58 | 000,000,362 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForManfred Jerchel.job < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\hp\drivers\nvidia_storage\IDE\WinVista\sataraid\nvstor32.sys [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\Windows\System32\drivers\nvstor32.sys [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_d98c5f2a\nvstor32.sys [2008.10.10 02:04:02 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_beedd2a9\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2013.05.16 07:27:20 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klflt.sys [2013.05.16 07:27:20 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klkbdflt.sys [2013.05.16 07:27:20 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys [2013.07.03 17:18:35 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kltdi.sys [2013.05.16 07:27:20 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kneps.sys < %systemroot%\System32\config\*.sav > [2008.12.01 15:45:59 | 017,625,088 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.12.01 15:45:43 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.12.01 15:45:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2008.12.01 15:46:08 | 017,616,896 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2008.12.01 15:46:09 | 006,643,712 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.03.14 19:49:19 | 000,003,478 | ---- | M] () -- C:\Users\Christian Jerchel\.recently-used.xbel [2013.07.08 17:58:28 | 007,077,888 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT [2013.07.08 17:58:26 | 000,262,144 | -H-- | M] () -- C:\Users\Christian Jerchel\ntuser.dat.LOG1 [2011.02.28 20:20:35 | 000,000,000 | -H-- | M] () -- C:\Users\Christian Jerchel\ntuser.dat.LOG2 [2013.06.05 15:44:57 | 007,077,888 | -HS- | M] () -- C:\Users\Christian Jerchel\ntuser.dat_previous [2013.07.08 13:54:52 | 000,065,536 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.07.21 16:02:22 | 000,524,288 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2013.07.08 13:54:52 | 000,524,288 | -HS- | M] () -- C:\Users\Christian Jerchel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.02.28 20:20:36 | 000,000,020 | -HS- | M] () -- C:\Users\Christian Jerchel\ntuser.ini [2011.08.27 16:27:18 | 000,010,752 | -HS- | M] () -- C:\Users\Christian Jerchel\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB21986$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Christian Jerchel\Documents\Desktop_2013_07_01_18_19_01_538.avi:TOC.WMV @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BF3D62E7 @Alternate Data Stream - 1173 bytes -> C:\Users\Christian Jerchel\AppData\Local\Temp:eo1nLkAf6VnT6yfgnwjxi < End of report > |
|
08.07.2013, 17:21
| #4 |
| /// Malware-holic | Qv06 Virus geht nicht weg. Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 17:28
| #5 |
| | Qv06 Virus geht nicht weg. Hab alles gemacht wie es in der Anleitung steht. Hier die Log: Code:
ATTFilter 18:25:25.0435 3668 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:25:25.0856 3668 ============================================================
18:25:25.0856 3668 Current date / time: 2013/07/08 18:25:25.0856
18:25:25.0856 3668 SystemInfo:
18:25:25.0856 3668
18:25:25.0856 3668 OS Version: 6.0.6002 ServicePack: 2.0
18:25:25.0856 3668 Product type: Workstation
18:25:25.0856 3668 ComputerName: JERCHELPC
18:25:25.0856 3668 UserName: Christian Jerchel
18:25:25.0856 3668 Windows directory: C:\Windows
18:25:25.0856 3668 System windows directory: C:\Windows
18:25:25.0856 3668 Processor architecture: Intel x86
18:25:25.0856 3668 Number of processors: 3
18:25:25.0856 3668 Page size: 0x1000
18:25:25.0856 3668 Boot type: Normal boot
18:25:25.0856 3668 ============================================================
18:25:31.0631 3668 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:25:31.0687 3668 ============================================================
18:25:31.0687 3668 \Device\Harddisk0\DR0:
18:25:31.0688 3668 MBR partitions:
18:25:31.0688 3668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38ABAC30
18:25:31.0688 3668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38ABAC6F, BlocksNum 0x18C9FD2
18:25:31.0688 3668 ============================================================
18:25:31.0735 3668 C: <-> \Device\Harddisk0\DR0\Partition1
18:25:31.0933 3668 D: <-> \Device\Harddisk0\DR0\Partition2
18:25:31.0934 3668 ============================================================
18:25:31.0934 3668 Initialize success
18:25:31.0934 3668 ============================================================
18:25:45.0157 2012 ============================================================
18:25:45.0157 2012 Scan started
18:25:45.0157 2012 Mode: Manual; SigCheck; TDLFS;
18:25:45.0157 2012 ============================================================
18:25:45.0934 2012 ================ Scan system memory ========================
18:25:45.0934 2012 System memory - ok
18:25:45.0936 2012 ================ Scan services =============================
18:25:46.0368 2012 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:25:46.0471 2012 ACPI - ok
18:25:46.0554 2012 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:25:46.0573 2012 AdobeFlashPlayerUpdateSvc - ok
18:25:46.0638 2012 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:25:46.0662 2012 adp94xx - ok
18:25:46.0697 2012 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:25:46.0714 2012 adpahci - ok
18:25:46.0760 2012 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:25:46.0774 2012 adpu160m - ok
18:25:46.0797 2012 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:25:46.0812 2012 adpu320 - ok
18:25:46.0870 2012 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:25:47.0045 2012 AeLookupSvc - ok
18:25:47.0084 2012 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:25:47.0157 2012 AFD - ok
18:25:47.0184 2012 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:25:47.0197 2012 agp440 - ok
18:25:47.0221 2012 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:25:47.0234 2012 aic78xx - ok
18:25:47.0253 2012 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:25:47.0526 2012 ALG - ok
18:25:47.0556 2012 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:25:47.0573 2012 aliide - ok
18:25:47.0605 2012 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:25:47.0641 2012 amdagp - ok
18:25:47.0680 2012 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:25:47.0693 2012 amdide - ok
18:25:47.0732 2012 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:25:47.0813 2012 AmdK7 - ok
18:25:47.0823 2012 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:25:47.0887 2012 AmdK8 - ok
18:25:47.0914 2012 anvsnddrv - ok
18:25:47.0961 2012 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:25:48.0022 2012 Appinfo - ok
18:25:48.0191 2012 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:48.0212 2012 Apple Mobile Device - ok
18:25:48.0248 2012 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:25:48.0263 2012 arc - ok
18:25:48.0304 2012 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:25:48.0319 2012 arcsas - ok
18:25:48.0601 2012 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:25:48.0616 2012 aspnet_state - ok
18:25:48.0677 2012 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:48.0730 2012 AsyncMac - ok
18:25:48.0792 2012 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:25:48.0805 2012 atapi - ok
18:25:48.0901 2012 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:25:48.0951 2012 AudioEndpointBuilder - ok
18:25:48.0960 2012 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:25:48.0986 2012 Audiosrv - ok
18:25:49.0098 2012 AVFSFilter - ok
18:25:49.0710 2012 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
18:25:49.0794 2012 AVP - ok
18:25:49.0858 2012 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:25:49.0924 2012 Beep - ok
18:25:49.0981 2012 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:25:50.0039 2012 BFE - ok
18:25:50.0117 2012 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:25:50.0323 2012 BITS - ok
18:25:50.0338 2012 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:25:50.0365 2012 blbdrive - ok
18:25:50.0438 2012 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:25:50.0511 2012 Bonjour Service - ok
18:25:50.0554 2012 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:25:50.0614 2012 bowser - ok
18:25:50.0664 2012 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:25:50.0709 2012 BrFiltLo - ok
18:25:50.0739 2012 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:25:50.0810 2012 BrFiltUp - ok
18:25:50.0839 2012 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:25:50.0970 2012 Browser - ok
18:25:50.0995 2012 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:25:51.0251 2012 Brserid - ok
18:25:51.0269 2012 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:25:51.0345 2012 BrSerWdm - ok
18:25:51.0389 2012 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:25:51.0465 2012 BrUsbMdm - ok
18:25:51.0500 2012 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:25:51.0546 2012 BrUsbSer - ok
18:25:51.0568 2012 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:25:51.0635 2012 BTHMODEM - ok
18:25:51.0691 2012 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:25:51.0778 2012 cdfs - ok
18:25:51.0844 2012 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:25:51.0884 2012 cdrom - ok
18:25:51.0928 2012 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:25:51.0973 2012 CertPropSvc - ok
18:25:51.0997 2012 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:25:52.0043 2012 circlass - ok
18:25:52.0081 2012 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:25:52.0101 2012 CLFS - ok
18:25:52.0127 2012 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:52.0231 2012 clr_optimization_v2.0.50727_32 - ok
18:25:52.0284 2012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:52.0328 2012 clr_optimization_v4.0.30319_32 - ok
18:25:52.0342 2012 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:25:52.0356 2012 cmdide - ok
18:25:52.0370 2012 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:25:52.0383 2012 Compbatt - ok
18:25:52.0388 2012 COMSysApp - ok
18:25:52.0424 2012 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:25:52.0437 2012 crcdisk - ok
18:25:52.0450 2012 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:25:52.0477 2012 Crusoe - ok
18:25:52.0554 2012 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:25:52.0604 2012 CryptSvc - ok
18:25:52.0701 2012 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:25:52.0802 2012 DcomLaunch - ok
18:25:52.0835 2012 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:25:52.0926 2012 DfsC - ok
18:25:53.0034 2012 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:25:53.0267 2012 DFSR - ok
18:25:53.0357 2012 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:25:53.0398 2012 Dhcp - ok
18:25:53.0427 2012 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:25:53.0442 2012 disk - ok
18:25:53.0466 2012 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:25:53.0541 2012 Dnscache - ok
18:25:53.0571 2012 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:25:53.0611 2012 dot3svc - ok
18:25:53.0648 2012 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:25:53.0679 2012 DPS - ok
18:25:53.0754 2012 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:25:53.0812 2012 drmkaud - ok
18:25:53.0862 2012 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:25:53.0891 2012 DXGKrnl - ok
18:25:53.0953 2012 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:25:54.0006 2012 E1G60 - ok
18:25:54.0069 2012 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:25:54.0118 2012 EapHost - ok
18:25:54.0205 2012 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:25:54.0220 2012 Ecache - ok
18:25:54.0298 2012 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:25:54.0334 2012 ehRecvr - ok
18:25:54.0351 2012 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:25:54.0418 2012 ehSched - ok
18:25:54.0431 2012 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:25:54.0465 2012 ehstart - ok
18:25:54.0486 2012 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:25:54.0506 2012 elxstor - ok
18:25:54.0565 2012 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:25:54.0709 2012 EMDMgmt - ok
18:25:54.0788 2012 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:25:54.0842 2012 ErrDev - ok
18:25:54.0910 2012 esgiguard - ok
18:25:54.0954 2012 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:25:55.0009 2012 EventSystem - ok
18:25:55.0054 2012 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:25:55.0120 2012 exfat - ok
18:25:55.0222 2012 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
18:25:55.0235 2012 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
18:25:55.0235 2012 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
18:25:55.0266 2012 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:25:55.0305 2012 fastfat - ok
18:25:55.0337 2012 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:25:55.0384 2012 fdc - ok
18:25:55.0415 2012 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:25:55.0449 2012 fdPHost - ok
18:25:55.0469 2012 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:25:55.0530 2012 FDResPub - ok
18:25:55.0558 2012 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:25:55.0571 2012 FileInfo - ok
18:25:55.0589 2012 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:25:55.0629 2012 Filetrace - ok
18:25:55.0658 2012 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:55.0708 2012 flpydisk - ok
18:25:55.0778 2012 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:25:55.0795 2012 FltMgr - ok
18:25:55.0886 2012 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:25:56.0034 2012 FontCache - ok
18:25:56.0062 2012 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:25:56.0075 2012 FontCache3.0.0.0 - ok
18:25:56.0096 2012 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
18:25:56.0130 2012 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:25:56.0130 2012 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:25:56.0161 2012 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:25:56.0226 2012 Fs_Rec - ok
18:25:56.0249 2012 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:25:56.0264 2012 gagp30kx - ok
18:25:56.0424 2012 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
18:25:56.0441 2012 GamesAppService - ok
18:25:56.0471 2012 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:25:56.0481 2012 GEARAspiWDM - ok
18:25:56.0585 2012 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:25:56.0708 2012 gpsvc - ok
18:25:56.0820 2012 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caa439edb2f560 C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:56.0835 2012 gupdate1caa439edb2f560 - ok
18:25:56.0842 2012 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:56.0855 2012 gupdatem - ok
18:25:56.0929 2012 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:25:56.0940 2012 hamachi - ok
18:25:57.0040 2012 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:25:57.0321 2012 Hamachi2Svc - ok
18:25:57.0427 2012 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:25:57.0510 2012 HDAudBus - ok
18:25:57.0623 2012 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:25:57.0732 2012 HidBth - ok
18:25:57.0810 2012 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:25:57.0898 2012 HidIr - ok
18:25:57.0932 2012 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:25:58.0068 2012 hidserv - ok
18:25:58.0103 2012 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:25:58.0210 2012 HidUsb - ok
18:25:58.0242 2012 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:25:58.0341 2012 hkmsvc - ok
18:25:58.0404 2012 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
18:25:58.0480 2012 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
18:25:58.0480 2012 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
18:25:58.0514 2012 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:25:58.0527 2012 HpCISSs - ok
18:25:58.0591 2012 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:25:58.0820 2012 HTTP - ok
18:25:58.0843 2012 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:25:58.0857 2012 i2omp - ok
18:25:58.0920 2012 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:25:58.0958 2012 i8042prt - ok
18:25:58.0980 2012 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:25:58.0997 2012 iaStorV - ok
18:25:59.0147 2012 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:25:59.0166 2012 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:25:59.0166 2012 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:25:59.0431 2012 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:25:59.0557 2012 idsvc - ok
18:25:59.0591 2012 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:25:59.0603 2012 iirsp - ok
18:25:59.0712 2012 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:25:59.0777 2012 IKEEXT - ok
18:26:00.0039 2012 [ 0E70E4485F0ED782248E26353A08D312 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:26:00.0257 2012 IntcAzAudAddService - ok
18:26:00.0282 2012 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:26:00.0295 2012 intelide - ok
18:26:00.0355 2012 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:26:00.0411 2012 intelppm - ok
18:26:00.0463 2012 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:26:00.0515 2012 IPBusEnum - ok
18:26:00.0538 2012 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:00.0591 2012 IpFilterDriver - ok
18:26:00.0642 2012 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:26:00.0731 2012 iphlpsvc - ok
18:26:00.0736 2012 IpInIp - ok
18:26:00.0751 2012 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:26:00.0800 2012 IPMIDRV - ok
18:26:00.0824 2012 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:26:00.0852 2012 IPNAT - ok
18:26:01.0213 2012 [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:26:01.0243 2012 iPod Service - ok
18:26:01.0277 2012 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:26:01.0304 2012 IRENUM - ok
18:26:01.0357 2012 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:26:01.0371 2012 isapnp - ok
18:26:01.0436 2012 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:26:01.0458 2012 iScsiPrt - ok
18:26:01.0484 2012 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:26:01.0496 2012 iteatapi - ok
18:26:01.0572 2012 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:26:01.0584 2012 iteraid - ok
18:26:01.0608 2012 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:26:01.0622 2012 kbdclass - ok
18:26:01.0676 2012 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:26:01.0727 2012 kbdhid - ok
18:26:01.0773 2012 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:26:01.0842 2012 KeyIso - ok
18:26:01.0906 2012 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
18:26:02.0027 2012 kl1 - ok
18:26:02.0136 2012 [ BE21AC70BB25B9BA0D79AA510D6BBFCB ] KLIF C:\Windows\system32\DRIVERS\klif.sys
18:26:02.0264 2012 KLIF - ok
18:26:02.0342 2012 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:26:02.0358 2012 KLIM6 - ok
18:26:02.0457 2012 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
18:26:02.0470 2012 klkbdflt - ok
18:26:02.0504 2012 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
18:26:02.0516 2012 klmouflt - ok
18:26:02.0554 2012 [ 8FD802F86D4AB3FB329B8E51517BFF2A ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
18:26:02.0571 2012 kltdi - ok
18:26:02.0605 2012 [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps C:\Windows\system32\DRIVERS\kneps.sys
18:26:02.0623 2012 kneps - ok
18:26:02.0651 2012 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:26:02.0680 2012 KSecDD - ok
18:26:02.0815 2012 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:26:02.0970 2012 KtmRm - ok
18:26:03.0006 2012 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:26:03.0074 2012 LanmanServer - ok
18:26:03.0114 2012 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:26:03.0209 2012 LanmanWorkstation - ok
18:26:03.0245 2012 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:26:03.0272 2012 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:26:03.0272 2012 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:26:03.0311 2012 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:26:03.0358 2012 lltdio - ok
18:26:03.0410 2012 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:26:03.0442 2012 lltdsvc - ok
18:26:03.0497 2012 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:26:03.0567 2012 lmhosts - ok
18:26:03.0591 2012 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:26:03.0607 2012 LSI_FC - ok
18:26:03.0626 2012 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:26:03.0642 2012 LSI_SAS - ok
18:26:03.0667 2012 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:26:03.0683 2012 LSI_SCSI - ok
18:26:03.0697 2012 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:26:03.0781 2012 luafv - ok
18:26:03.0786 2012 MBAMSwissArmy - ok
18:26:03.0814 2012 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:26:03.0911 2012 Mcx2Svc - ok
18:26:03.0961 2012 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:26:03.0976 2012 megasas - ok
18:26:04.0007 2012 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:26:04.0116 2012 MegaSR - ok
18:26:04.0309 2012 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:26:04.0324 2012 Microsoft Office Groove Audit Service - ok
18:26:04.0360 2012 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:26:04.0452 2012 MMCSS - ok
18:26:04.0466 2012 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:26:04.0521 2012 Modem - ok
18:26:04.0580 2012 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:26:04.0608 2012 monitor - ok
18:26:04.0623 2012 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:26:04.0669 2012 mouclass - ok
18:26:04.0723 2012 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:26:04.0781 2012 mouhid - ok
18:26:04.0798 2012 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:26:04.0813 2012 MountMgr - ok
18:26:04.0856 2012 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:26:04.0873 2012 mpio - ok
18:26:04.0909 2012 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:26:04.0953 2012 mpsdrv - ok
18:26:04.0988 2012 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:26:05.0106 2012 MpsSvc - ok
18:26:05.0135 2012 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:26:05.0181 2012 Mraid35x - ok
18:26:05.0203 2012 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:26:05.0267 2012 MRxDAV - ok
18:26:05.0295 2012 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:05.0365 2012 mrxsmb - ok
18:26:05.0380 2012 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:05.0432 2012 mrxsmb10 - ok
18:26:05.0437 2012 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:05.0463 2012 mrxsmb20 - ok
18:26:05.0491 2012 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:26:05.0505 2012 msahci - ok
18:26:05.0517 2012 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:26:05.0534 2012 msdsm - ok
18:26:05.0550 2012 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:26:05.0581 2012 MSDTC - ok
18:26:05.0601 2012 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:26:05.0651 2012 Msfs - ok
18:26:05.0672 2012 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:26:05.0688 2012 msisadrv - ok
18:26:05.0732 2012 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:26:05.0787 2012 MSiSCSI - ok
18:26:05.0793 2012 msiserver - ok
18:26:05.0840 2012 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:26:05.0972 2012 MSKSSRV - ok
18:26:05.0999 2012 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:06.0051 2012 MSPCLOCK - ok
18:26:06.0079 2012 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:26:06.0110 2012 MSPQM - ok
18:26:06.0138 2012 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:26:06.0157 2012 MsRPC - ok
18:26:06.0167 2012 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:26:06.0184 2012 mssmbios - ok
18:26:06.0211 2012 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:26:06.0270 2012 MSTEE - ok
18:26:06.0291 2012 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:26:06.0345 2012 Mup - ok
18:26:06.0381 2012 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:26:06.0489 2012 napagent - ok
18:26:06.0541 2012 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:26:06.0561 2012 NativeWifiP - ok
18:26:06.0608 2012 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:26:06.0672 2012 NDIS - ok
18:26:06.0733 2012 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:06.0814 2012 NdisTapi - ok
18:26:06.0842 2012 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:06.0881 2012 Ndisuio - ok
18:26:06.0933 2012 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:06.0978 2012 NdisWan - ok
18:26:07.0003 2012 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:26:07.0055 2012 NDProxy - ok
18:26:07.0109 2012 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:26:07.0139 2012 NetBIOS - ok
18:26:07.0210 2012 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:26:07.0290 2012 netbt - ok
18:26:07.0295 2012 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:26:07.0308 2012 Netlogon - ok
18:26:07.0350 2012 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:26:07.0430 2012 Netman - ok
18:26:07.0473 2012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0501 2012 NetMsmqActivator - ok
18:26:07.0511 2012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0524 2012 NetPipeActivator - ok
18:26:07.0552 2012 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:26:07.0585 2012 netprofm - ok
18:26:07.0591 2012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0605 2012 NetTcpActivator - ok
18:26:07.0611 2012 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:26:07.0624 2012 NetTcpPortSharing - ok
18:26:07.0665 2012 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:26:07.0718 2012 nfrd960 - ok
18:26:07.0750 2012 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:26:07.0801 2012 NlaSvc - ok
18:26:07.0850 2012 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:26:07.0895 2012 Npfs - ok
18:26:07.0915 2012 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:26:07.0962 2012 nsi - ok
18:26:08.0014 2012 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:26:08.0089 2012 nsiproxy - ok
18:26:08.0158 2012 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:26:08.0413 2012 Ntfs - ok
18:26:08.0449 2012 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:26:08.0502 2012 ntrigdigi - ok
18:26:08.0516 2012 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:26:08.0544 2012 Null - ok
18:26:08.0630 2012 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:26:08.0692 2012 NVENETFD - ok
18:26:10.0025 2012 [ 87522F44E3291B059A220ACC8AB0B54E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:26:11.0524 2012 nvlddmkm - ok
18:26:11.0557 2012 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:26:11.0578 2012 nvraid - ok
18:26:11.0598 2012 [ 085E88101D0D4B321ABF9C7E2B6EE99D ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys
18:26:11.0613 2012 nvrd32 - ok
18:26:11.0636 2012 [ 62754E376185EACBB73D06FEA0FFC54A ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
18:26:11.0758 2012 nvsmu - ok
18:26:11.0772 2012 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:26:11.0786 2012 nvstor - ok
18:26:11.0805 2012 [ 17E55BACBE90B0E97A2219B4B67A6011 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
18:26:11.0822 2012 nvstor32 - ok
18:26:11.0868 2012 [ 9D7033C20C209EF90C8DF24FFBA854EF ] nvsvc C:\Windows\system32\nvvsvc.exe
18:26:12.0082 2012 nvsvc - ok
18:26:12.0295 2012 [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:26:12.0391 2012 nvUpdatusService - ok
18:26:12.0421 2012 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:26:12.0438 2012 nv_agp - ok
18:26:12.0442 2012 NwlnkFlt - ok
18:26:12.0449 2012 NwlnkFwd - ok
18:26:12.0576 2012 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:26:12.0601 2012 odserv - ok
18:26:12.0677 2012 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:26:12.0723 2012 ohci1394 - ok
18:26:12.0760 2012 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:12.0774 2012 ose - ok
18:26:12.0816 2012 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:26:12.0982 2012 p2pimsvc - ok
18:26:13.0006 2012 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:26:13.0086 2012 p2psvc - ok
18:26:13.0122 2012 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:26:13.0220 2012 Parport - ok
18:26:13.0255 2012 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:26:13.0272 2012 partmgr - ok
18:26:13.0289 2012 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:26:13.0358 2012 Parvdm - ok
18:26:13.0402 2012 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:26:13.0450 2012 PcaSvc - ok
18:26:13.0493 2012 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:26:13.0541 2012 pccsmcfd - ok
18:26:13.0571 2012 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:26:13.0592 2012 pci - ok
18:26:13.0605 2012 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:26:13.0652 2012 pciide - ok
18:26:13.0711 2012 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:26:13.0814 2012 pcmcia - ok
18:26:13.0893 2012 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:26:13.0974 2012 PEAUTH - ok
18:26:14.0071 2012 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:26:14.0284 2012 pla - ok
18:26:14.0372 2012 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:26:14.0454 2012 PlugPlay - ok
18:26:14.0487 2012 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
18:26:14.0502 2012 PnkBstrA - ok
18:26:14.0523 2012 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:26:14.0550 2012 PNRPAutoReg - ok
18:26:14.0610 2012 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:26:14.0691 2012 PNRPsvc - ok
18:26:14.0784 2012 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:26:14.0871 2012 PolicyAgent - ok
18:26:14.0908 2012 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:26:15.0020 2012 PptpMiniport - ok
18:26:15.0049 2012 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:26:15.0084 2012 Processor - ok
18:26:15.0102 2012 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:26:15.0126 2012 ProfSvc - ok
18:26:15.0142 2012 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:26:15.0176 2012 ProtectedStorage - ok
18:26:15.0221 2012 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:26:15.0265 2012 PSched - ok
18:26:15.0346 2012 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:26:15.0554 2012 ql2300 - ok
18:26:15.0573 2012 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:26:15.0587 2012 ql40xx - ok
18:26:15.0650 2012 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:26:15.0672 2012 QWAVE - ok
18:26:15.0677 2012 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:26:15.0692 2012 QWAVEdrv - ok
18:26:15.0705 2012 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:26:15.0792 2012 RasAcd - ok
18:26:15.0832 2012 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:26:15.0882 2012 RasAuto - ok
18:26:15.0908 2012 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:15.0960 2012 Rasl2tp - ok
18:26:16.0032 2012 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:26:16.0112 2012 RasMan - ok
18:26:16.0139 2012 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:16.0217 2012 RasPppoe - ok
18:26:16.0262 2012 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:26:16.0310 2012 RasSstp - ok
18:26:16.0365 2012 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:26:16.0391 2012 rdbss - ok
18:26:16.0420 2012 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:26:16.0505 2012 RDPCDD - ok
18:26:16.0541 2012 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:26:16.0600 2012 rdpdr - ok
18:26:16.0606 2012 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:26:16.0634 2012 RDPENCDD - ok
18:26:16.0677 2012 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:26:16.0755 2012 RDPWD - ok
18:26:16.0803 2012 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:26:16.0855 2012 RemoteAccess - ok
18:26:16.0894 2012 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:26:16.0966 2012 RemoteRegistry - ok
18:26:16.0991 2012 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:26:17.0043 2012 RpcLocator - ok
18:26:17.0071 2012 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:26:17.0160 2012 RpcSs - ok
18:26:17.0234 2012 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:26:17.0328 2012 rspndr - ok
18:26:17.0349 2012 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:26:17.0367 2012 SamSs - ok
18:26:17.0377 2012 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:26:17.0393 2012 sbp2port - ok
18:26:17.0429 2012 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:26:17.0453 2012 SCardSvr - ok
18:26:17.0548 2012 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:26:17.0707 2012 Schedule - ok
18:26:17.0724 2012 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:26:17.0745 2012 SCPolicySvc - ok
18:26:17.0772 2012 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:26:17.0880 2012 SDRSVC - ok
18:26:17.0895 2012 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:26:17.0970 2012 secdrv - ok
18:26:17.0995 2012 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:26:18.0028 2012 seclogon - ok
18:26:18.0061 2012 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:26:18.0152 2012 SENS - ok
18:26:18.0180 2012 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:26:18.0255 2012 Serenum - ok
18:26:18.0278 2012 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:26:18.0379 2012 Serial - ok
18:26:18.0424 2012 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:26:18.0455 2012 sermouse - ok
18:26:18.0588 2012 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:26:18.0662 2012 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:26:18.0662 2012 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:26:18.0701 2012 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:26:18.0764 2012 SessionEnv - ok
18:26:18.0792 2012 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:26:18.0812 2012 sffdisk - ok
18:26:18.0826 2012 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:26:18.0875 2012 sffp_mmc - ok
18:26:18.0898 2012 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:26:19.0012 2012 sffp_sd - ok
18:26:19.0032 2012 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:26:19.0099 2012 sfloppy - ok
18:26:19.0133 2012 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:26:19.0191 2012 SharedAccess - ok
18:26:19.0278 2012 [ 179AF7B52C59EED5635F69870D9E75E0 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:26:19.0380 2012 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
18:26:19.0380 2012 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
18:26:19.0404 2012 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:26:19.0423 2012 sisagp - ok
18:26:19.0439 2012 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:26:19.0454 2012 SiSRaid2 - ok
18:26:19.0495 2012 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:26:19.0567 2012 SiSRaid4 - ok
18:26:19.0675 2012 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:26:19.0690 2012 SkypeUpdate - ok
18:26:19.0808 2012 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:26:20.0205 2012 slsvc - ok
18:26:20.0309 2012 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:26:20.0373 2012 SLUINotify - ok
18:26:20.0405 2012 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:26:20.0431 2012 Smb - ok
18:26:20.0472 2012 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:26:20.0506 2012 SNMPTRAP - ok
18:26:20.0664 2012 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
18:26:20.0679 2012 Sony PC Companion - ok
18:26:20.0711 2012 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:26:20.0731 2012 spldr - ok
18:26:20.0755 2012 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:26:20.0818 2012 Spooler - ok
18:26:20.0866 2012 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:26:20.0926 2012 srv - ok
18:26:20.0958 2012 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:26:21.0045 2012 srv2 - ok
18:26:21.0075 2012 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:26:21.0110 2012 srvnet - ok
18:26:21.0159 2012 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:26:21.0256 2012 SSDPSRV - ok
18:26:21.0280 2012 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:26:21.0360 2012 SstpSvc - ok
18:26:21.0391 2012 [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
18:26:21.0404 2012 ss_bbus - ok
18:26:21.0440 2012 [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:26:21.0451 2012 ss_bmdfl - ok
18:26:21.0483 2012 [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:26:21.0498 2012 ss_bmdm - ok
18:26:21.0552 2012 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:26:21.0668 2012 StillCam - ok
18:26:21.0723 2012 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:26:21.0797 2012 stisvc - ok
18:26:21.0857 2012 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:26:21.0936 2012 swenum - ok
18:26:21.0994 2012 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:26:22.0023 2012 swprv - ok
18:26:22.0039 2012 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:26:22.0053 2012 Symc8xx - ok
18:26:22.0066 2012 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:26:22.0081 2012 Sym_hi - ok
18:26:22.0098 2012 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:26:22.0113 2012 Sym_u3 - ok
18:26:22.0171 2012 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:26:22.0260 2012 SysMain - ok
18:26:22.0301 2012 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:26:22.0351 2012 TabletInputService - ok
18:26:22.0420 2012 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:26:22.0504 2012 TapiSrv - ok
18:26:22.0524 2012 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:26:22.0573 2012 TBS - ok
18:26:22.0657 2012 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:26:22.0813 2012 Tcpip - ok
18:26:22.0920 2012 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:26:22.0954 2012 Tcpip6 - ok
18:26:23.0013 2012 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:26:23.0084 2012 tcpipreg - ok
18:26:23.0106 2012 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:26:23.0134 2012 TDPIPE - ok
18:26:23.0151 2012 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:26:23.0201 2012 TDTCP - ok
18:26:23.0224 2012 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:26:23.0272 2012 tdx - ok
18:26:23.0296 2012 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:26:23.0375 2012 TermDD - ok
18:26:23.0410 2012 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:26:23.0466 2012 TermService - ok
18:26:23.0551 2012 [ 179AF7B52C59EED5635F69870D9E75E0 ] Themes C:\Windows\system32\shsvcs.dll
18:26:23.0561 2012 Themes ( UnsignedFile.Multi.Generic ) - warning
18:26:23.0561 2012 Themes - detected UnsignedFile.Multi.Generic (1)
18:26:23.0584 2012 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:26:23.0614 2012 THREADORDER - ok
18:26:23.0673 2012 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:26:23.0721 2012 TrkWks - ok
18:26:23.0846 2012 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:26:23.0883 2012 TrustedInstaller - ok
18:26:23.0920 2012 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:23.0951 2012 tssecsrv - ok
18:26:23.0964 2012 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:26:24.0011 2012 tunmp - ok
18:26:24.0032 2012 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:26:24.0133 2012 tunnel - ok
18:26:24.0160 2012 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:26:24.0232 2012 uagp35 - ok
18:26:24.0302 2012 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:26:24.0340 2012 udfs - ok
18:26:24.0403 2012 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:26:24.0489 2012 UI0Detect - ok
18:26:24.0531 2012 [ CA90D2C55EB3BB90687677BEA3DB0B59 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:26:24.0537 2012 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:26:24.0537 2012 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:26:24.0549 2012 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:26:24.0566 2012 uliagpkx - ok
18:26:24.0592 2012 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:26:24.0665 2012 uliahci - ok
18:26:24.0684 2012 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:26:24.0699 2012 UlSata - ok
18:26:24.0713 2012 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:26:24.0733 2012 ulsata2 - ok
18:26:24.0765 2012 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:26:24.0792 2012 umbus - ok
18:26:24.0824 2012 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:26:24.0898 2012 upnphost - ok
18:26:24.0948 2012 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:26:24.0986 2012 usbaudio - ok
18:26:25.0045 2012 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:25.0074 2012 usbccgp - ok
18:26:25.0110 2012 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:26:25.0190 2012 usbcir - ok
18:26:25.0211 2012 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:26:25.0256 2012 usbehci - ok
18:26:25.0288 2012 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:26:25.0345 2012 usbhub - ok
18:26:25.0382 2012 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:26:25.0421 2012 usbohci - ok
18:26:25.0441 2012 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:26:25.0485 2012 usbprint - ok
18:26:25.0530 2012 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:26:25.0605 2012 usbscan - ok
18:26:25.0627 2012 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:25.0651 2012 USBSTOR - ok
18:26:25.0666 2012 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:26:25.0688 2012 usbuhci - ok
18:26:25.0702 2012 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:26:25.0748 2012 UxSms - ok
18:26:25.0803 2012 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:26:25.0878 2012 vds - ok
18:26:25.0912 2012 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:25.0974 2012 vga - ok
18:26:26.0001 2012 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:26:26.0028 2012 VgaSave - ok
18:26:26.0041 2012 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:26:26.0056 2012 viaagp - ok
18:26:26.0072 2012 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:26:26.0101 2012 ViaC7 - ok
18:26:26.0117 2012 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:26:26.0136 2012 viaide - ok
18:26:26.0179 2012 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:26:26.0233 2012 volmgr - ok
18:26:26.0251 2012 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:26:26.0275 2012 volmgrx - ok
18:26:26.0310 2012 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:26:26.0383 2012 volsnap - ok
18:26:26.0402 2012 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:26:26.0476 2012 vsmraid - ok
18:26:26.0509 2012 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:26:26.0590 2012 VSS - ok
18:26:26.0638 2012 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:26:26.0716 2012 W32Time - ok
18:26:26.0742 2012 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:26:26.0790 2012 WacomPen - ok
18:26:26.0813 2012 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:26:26.0877 2012 Wanarp - ok
18:26:26.0881 2012 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:26:26.0904 2012 Wanarpv6 - ok
18:26:26.0964 2012 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:26:27.0040 2012 wcncsvc - ok
18:26:27.0082 2012 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:26:27.0124 2012 WcsPlugInService - ok
18:26:27.0151 2012 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:26:27.0223 2012 Wd - ok
18:26:27.0255 2012 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:26:27.0386 2012 Wdf01000 - ok
18:26:27.0442 2012 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:26:27.0557 2012 WdiServiceHost - ok
18:26:27.0561 2012 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:26:27.0590 2012 WdiSystemHost - ok
18:26:27.0628 2012 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:26:27.0651 2012 WebClient - ok
18:26:27.0693 2012 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:26:27.0765 2012 Wecsvc - ok
18:26:27.0779 2012 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:26:27.0823 2012 wercplsupport - ok
18:26:27.0857 2012 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:26:27.0883 2012 WerSvc - ok
18:26:27.0970 2012 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:26:27.0991 2012 WinDefend - ok
18:26:28.0057 2012 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
18:26:28.0177 2012 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
18:26:28.0177 2012 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
18:26:28.0181 2012 WinHttpAutoProxySvc - ok
18:26:28.0263 2012 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:26:28.0286 2012 Winmgmt - ok
18:26:28.0331 2012 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:26:28.0532 2012 WinRM - ok
18:26:28.0582 2012 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:26:28.0702 2012 Wlansvc - ok
18:26:28.0823 2012 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:26:28.0929 2012 wlidsvc - ok
18:26:28.0981 2012 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:26:29.0091 2012 WmiAcpi - ok
18:26:29.0123 2012 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:26:29.0166 2012 wmiApSrv - ok
18:26:29.0317 2012 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:26:29.0596 2012 WMPNetworkSvc - ok
18:26:29.0621 2012 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:26:29.0695 2012 WPCSvc - ok
18:26:29.0722 2012 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:26:29.0782 2012 WPDBusEnum - ok
18:26:29.0838 2012 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:26:29.0883 2012 WpdUsb - ok
18:26:29.0990 2012 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:26:30.0034 2012 WPFFontCache_v0400 - ok
18:26:30.0069 2012 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:26:30.0116 2012 ws2ifsl - ok
18:26:30.0164 2012 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:26:30.0196 2012 wscsvc - ok
18:26:30.0200 2012 WSearch - ok
18:26:30.0286 2012 [ 640D75DC77F6D0CFE654F7EA5BFE1421 ] WsysSvc C:\ProgramData\eSafe\eGdpSvc.exe
18:26:30.0423 2012 WsysSvc - ok
18:26:30.0523 2012 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:26:30.0785 2012 wuauserv - ok
18:26:30.0836 2012 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:26:30.0865 2012 WudfPf - ok
18:26:30.0956 2012 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:31.0055 2012 WUDFRd - ok
18:26:31.0088 2012 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:26:31.0105 2012 wudfsvc - ok
18:26:31.0172 2012 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:26:31.0185 2012 xusb21 - ok
18:26:31.0217 2012 ================ Scan global ===============================
18:26:31.0245 2012 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:26:31.0285 2012 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:26:31.0304 2012 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:26:31.0345 2012 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:26:31.0415 2012 [Global] - ok
18:26:31.0416 2012 ================ Scan MBR ==================================
18:26:31.0427 2012 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
18:26:31.0971 2012 \Device\Harddisk0\DR0 - ok
18:26:31.0971 2012 ================ Scan VBR ==================================
18:26:31.0974 2012 [ D7B3D8C6E635394AA5CF6A891109C6C9 ] \Device\Harddisk0\DR0\Partition1
18:26:31.0976 2012 \Device\Harddisk0\DR0\Partition1 - ok
18:26:31.0980 2012 [ 900265109F1213C58F9AB5896A75CAAA ] \Device\Harddisk0\DR0\Partition2
18:26:31.0982 2012 \Device\Harddisk0\DR0\Partition2 - ok
18:26:31.0982 2012 ============================================================
18:26:31.0982 2012 Scan finished
18:26:31.0982 2012 ============================================================
18:26:31.0996 5464 Detected object count: 10
18:26:31.0996 5464 Actual detected object count: 10
18:26:57.0336 5464 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0336 5464 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0336 5464 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0337 5464 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0338 5464 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0338 5464 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0341 5464 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0341 5464 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0342 5464 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0342 5464 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0344 5464 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0344 5464 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0346 5464 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0346 5464 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0347 5464 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0347 5464 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0350 5464 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0350 5464 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:57.0352 5464 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:57.0352 5464 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:03.0217 0208 Deinitialize success
|
|
08.07.2013, 17:37
| #6 |
| /// Malware-holic | Qv06 Virus geht nicht weg. Hi, Scan mit Combofix
__________________ --> Qv06 Virus geht nicht weg. |
|
08.07.2013, 18:23
| #7 |
| | Qv06 Virus geht nicht weg. Combofix funktioniert leider nicht. Er sucht länger als eine halbe Stunde und findet nichts. |
|
08.07.2013, 18:25
| #8 |
| /// Malware-holic | Qv06 Virus geht nicht weg. i, Hwas heißt, findet nichts. laufen die Stufen weiter, wo hängt er? die angegebene Zeit im Combofix fenster ist natürlich nur ein Richtwert, solange die Stufen weiter fertiggestellt werden ists ok
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Qv06 Virus geht nicht weg. |
| browser, browser hijacker, ebenfalls, einstellungen, entferne, entfernen, geblockt, geht nicht weg, hartnäckig, heute, hijacker, kis, link, malwarebytes, paypal, programme, programmen, qv06 virus, rechtsklick, schonmal, seite, startseite, virus, virus entfernen, vitus, webbrowser, website, woche, wochen, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
