Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   qvo6 problem (https://www.trojaner-board.de/134387-qvo6-problem.html)

bohm 02.05.2013 17:32
qvo6 problem
 
So problem ist ja nun bekannt! ^^

M-K-D-B 02.05.2013 17:34
Zitat:
Zitat von bohm (Beitrag 1055352)
So problem ist ja nun bekannt! ^^
Und wir dürfen annehmen, dass du es selber lösen kannst? :zunge:

ryder 02.05.2013 17:35
Bei mir haben Penicilin-Spritzen geholfen! :zzwhip:

bohm 02.05.2013 17:35
Nein! hatte Smeenk per PN angeschrieben und um Hilfe gebeten! ^^

ryder 02.05.2013 17:36
Seit wann ist Smeenk Arzt?!?

bohm 02.05.2013 17:37
no comment! Eigentlich ist mir auch egal wer mir bei dem qvo6 Sch... hilft! ABER BITTE HILF MIR JEMAND!!! :-/

M-K-D-B 02.05.2013 17:39
Zitat:
Zitat von bohm (Beitrag 1055356)
Nein! hatte Smeenk per PN angeschrieben und um Hilfe gebeten! ^^
So funktioniert das hier aber nicht.

Du hast ein Problem, schilderst aber nicht, um was es geht.
Ferner postest du keine Logdateien wie eigentlich gewünscht.

Es hilft für gewöhnlich derjenige Helfer, der zuerst antwortet... aber die anderen können sich jetzt um dich streiten. :applaus:
Mir ists vergangen.

smeenk 02.05.2013 17:40
die Jungs machen dir ein Scherz :D

Wer hilft?

bohm 02.05.2013 17:40
ja sorry! haben das Smeenk auch geschrieben das ich noch nicht so ein Plan habe mit den Logdateien usw.!

M-K-D-B 02.05.2013 17:41
Zitat:
Zitat von smeenk (Beitrag 1055366)
Wer hilft?
Ich nicht.

Streitet euch drum. :rofl:

ryder 02.05.2013 17:42
Ah der Doktor ist da ... Mr. Smeenk übernehmen Sie :)

smeenk 02.05.2013 17:45
Zitat:
Zitat von ryder (Beitrag 1055369)
Ah der Doktor ist da ... Mr. Smeenk übernehmen Sie :)
Kein Problem Herr Kollege :knuddel:


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    autoclean;
    shortcutfix;
    chromelook;
    filesrcm;
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

bohm 02.05.2013 18:16
Code:
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Alex on 02.05.2013 at 18:50:55,49.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results02.05.2013-1850.log        321 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eSafeSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\eSafeSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eSafeSvc deleted successfully

==== Deleting Files \ Folders ======================

"C:\Windows\tasks\PC Optimizer Pro64 startups.job" deleted
"C:\END" deleted
"C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\MACTrackBarLib.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.Logging.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\QuickShare.exe" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.Base.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.DefaultBrowser.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ShareManagerLocalPlugin.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.UserSettingsManager.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Program Files (x86)\Movie2KDownloader.com" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\337" deleted
"C:\Program Files (x86)\hdvidcodec.com" deleted
"C:\Program Files (x86)\Gophoto.it" deleted
"C:\Users\Alex\AppData\Roaming\DesktopIconForAmazon" deleted
"C:\Users\Alex\AppData\Roaming\GoforFiles" deleted
"C:\Users\Alex\AppData\Roaming\eIntaller" deleted
"C:\Users\Alex\AppData\Roaming\Babylon" deleted
"C:\ProgramData\APN" deleted
"C:\ProgramData\eSafe" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Alex\AppData\Local\Smartbar" deleted
"C:\Users\Alex\AppData\LocalLow\boost_interprocess" deleted
"C:\Users\Alex\AppData\LocalLow\Delta" deleted
"C:\Users\Alex\AppData\LocalLow\Smartbar" deleted
"C:\Windows\SysWow64\AI_RecycleBin" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application" deleted
"C:\Users\Alex\AppData\Local\Smartbar\Application\de" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Alex\AppData\Local\Temp ====
2013-05-02 07:37:13        3B32CAA07D672F8A2E0DF5CB3A873F45        22704        ----a-w-        C:\Users\Alex\AppData\Local\Temp\ESGScanner.sys
2013-05-02 07:35:25        2D3F145B357E282F01ED3B1DD0CD21E1        45937744        ----a-w-        C:\Users\Alex\AppData\Local\Temp\SHSetup.exe
2013-05-02 07:02:56        B22171908E066EE0445FCE6C8EA30633        42496        ----a-w-        C:\Users\Alex\AppData\Local\Temp\amazoninstallernircmdc.exe
2013-05-02 07:02:54        E0B80E6B894F6267A7E6FD88FBA18136        1258752        ----a-w-        C:\Users\Alex\AppData\Local\Temp\amazonicon.exe
2013-05-02 07:02:49        2ABCD4B961A059517A46322B2EC3FB6E        105040        ----a-w-        C:\Users\Alex\AppData\Local\Temp\qvo6.exe
2013-05-02 07:02:48        2F46A2E37FB05642A0E859545D6B09F7        854848        ----a-w-        C:\Users\Alex\AppData\Local\Temp\IminentSetup_1.0Hnjl76.10.exe
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-05-02 07:37:13        3B32CAA07D672F8A2E0DF5CB3A873F45        22704        ----a-w-        C:\Windows\Sysnative\drivers\EsgScanner.sys
2013-04-24 13:03:20        B98F8C6E31CD07B2E6F71F7F648E38C0        1656680        ----a-w-        C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-11 13:16:38        B4F53BCA4C688FF47F04FA90098F896E        194488        ----a-w-        C:\Windows\Sysnative\drivers\nvhda64v.sys
2013-04-11 13:16:38        4EE399576F76D38C04745DB739BBC8C7        11048736        ----a-w-        C:\Windows\Sysnative\drivers\nvlddmkm.sys
2013-04-10 09:27:44        8F6322049018354F45F05A2FD2D4E5E0        223752        ----a-w-        C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-02 15:52:52        --------        d-----w-        C:\Program Files\Microsoft Silverlight
2013-05-02 07:37:05        --------        d-----w-        C:\Program Files\Enigma Software Group
======= C:\Program Files (x86) =====
2013-05-02 15:52:52        --------        d-----w-        C:\Program Files (x86)\Microsoft Silverlight
2013-05-02 07:53:51        --------        d-----w-        C:\Program Files (x86)\a-squared Free
2013-04-20 09:44:00        --------        d-----w-        C:\Program Files (x86)\MyVideoConverter Pro
2013-04-08 17:18:29        --------        d-----w-        C:\Program Files (x86)\Ubisoft
2013-04-08 17:07:59        --------        d-----w-        C:\Program Files (x86)\Mozilla Thunderbird
2013-04-06 21:30:32        --------        d-----w-        C:\Program Files (x86)\Common Files\SWF Studio
======= C: =====
2013-05-02 07:37:33        D41D8CD98F00B204E9800998ECF8427E        0        ----a-w-        C:\autoexec.bat
====== C:\Users\Alex\AppData\Roaming ======
2013-05-02 07:50:57        --------        d-----w-        C:\users\Alex\AppData\Roaming\QuickScan
2013-05-02 07:03:33        --------        d-----w-        C:\users\Alex\AppData\Roaming\Meine Traffic
2013-05-02 07:02:58        --------        d-----w-        C:\users\Alex\AppData\Local\Temp3dcbaea4ece7ad8ad338c57ba886b7ef
2013-05-02 07:02:57        --------        d-----w-        C:\users\Alex\AppData\Local\Temp0454623b0fa3a2887e20b510bda83262
2013-04-30 17:50:31        --------        d-----w-        C:\users\Alex\AppData\Roaming\Sierra
2013-04-25 17:26:06        --------        d-----w-        C:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WOT MODEL VIEWER
2013-04-25 17:25:34        --------        d-----w-        C:\users\Alex\AppData\Local\Apps
2013-04-25 17:25:33        --------        d-----w-        C:\users\Alex\AppData\Local\Deployment
2013-04-20 15:17:56        --------        d-----w-        C:\users\Alex\AppData\Locallow\Sun
2013-04-20 12:32:59        --------        d-----w-        C:\users\Alex\AppData\Local\Bus Simulator 2012
2013-04-20 11:38:50        --------        d-----w-        C:\users\Alex\AppData\Local\European Bus Simulator 2012
2013-04-20 09:38:38        --------        d-----w-        C:\users\Alex\AppData\Roaming\Apowersoft
2013-04-14 12:05:43        --------        d-----w-        C:\users\Alex\AppData\Roaming\HdO Adventure
2013-04-14 10:27:59        --------        d-----w-        C:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
2013-04-14 09:35:16        --------        d-----w-        C:\users\Alex\AppData\Local\Rockstar Games
2013-04-09 13:45:44        --------        d-----w-        C:\users\Alex\AppData\Roaming\casualArts
2013-04-09 13:09:14        --------        d-----w-        C:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia
2013-04-08 17:36:51        --------        d-----w-        C:\users\Alex\AppData\Local\Ubisoft Game Launcher
====== C:\Users\Alex ======
2013-05-02 15:54:00        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2013-05-02 07:54:07        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free
2013-05-02 07:02:57        --------        d-----w-        C:\Users\Alex\ChromeExtensions
2013-04-30 17:50:06        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2013-04-20 11:34:43        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012
2013-04-14 15:56:15        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2013-04-14 11:58:21        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills
2013-04-14 09:30:40        --------        d-sh--w-        C:\ProgramData\SecuROM
2013-04-09 13:45:44        --------        d-----w-        C:\ProgramData\casualArts
2013-04-09 13:18:42        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2013-04-08 17:04:25        --------        d--h--w-        C:\Users\Alex\InstallAnywhere
2013-04-06 21:30:03        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\You don't know Jack 4
2013-04-06 21:02:13        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCF4 - Madame Fate

====== C: exe-files ==
2013-05-02 14:46:26        22D3D73B2FA74C01D8D1CBA813D574B8        190411        ----a-w-        C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla37.exe
2013-05-02 14:46:18        25D473D7805261C752DA738B13E35816        185271        ----a-w-        C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla31.exe
2013-05-02 09:22:32        7D3F0E5B2FD0A47D80A94F159F88D2D9        1273071        ----a-w-        C:\Users\Alex\AppData\Local\Temp\OCS\Downloads\705f49176579a643660bff5ff6ae3956\2626d97999d3735ba8ac24416416ca3e\tc6_install.exe
2013-05-02 09:21:58        3D5F99A49319F502E02ED4C650951F2A        613216        ----a-w-        C:\Users\Alex\Downloads\tc6_install.exe.exe
2013-05-02 09:09:37        EA895AC2B699F79FE594EC70DD4C3D5A        753664        ----a-w-        C:\Users\Alex\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\9c01e5d71e442bf564f271e62b1d5357\AmazonIconInstaller.exe
2013-05-02 09:09:37        9F9AC223B0D6F029DCBFC5584116E96F        3575096        ----a-w-        C:\Users\Alex\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\10806ff987a45c60eaa975e4aab3d1a1\pcspeedup.exe
2013-05-02 09:09:37        2B21AB11874AE169906FEE1DBDE6D3D0        883840        ----a-w-        C:\Users\Alex\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\b95706ead854d0c4800fb934759b1f23\Avira-DE-Cleaner.exe
2013-05-02 09:09:08        5B122B28A113E7CB9250E260EB23D173        339968        ----a-w-        C:\Users\Alex\AppData\Local\Temp\OCS\ocs_v7a.exe
2013-05-02 09:09:04        7C46F28F319F1E7407492ADC1D25286D        613952        ----a-w-        C:\Users\Alex\Downloads\Avira-DE-Cleaner-Downloader.exe
2013-05-02 07:53:55        AE7A5621F2266519DE90F5C441A54569        101000        ----a-w-        C:\Program Files (x86)\a-squared Free\a2upd.exe
2013-05-02 07:53:53        160270FB6706B45392B3C20753BEF1A9        1872320        ----a-w-        C:\Program Files (x86)\a-squared Free\a2service.exe
2013-05-02 07:53:52        D0D9ADFC8302CDB7A3FB19CC7BCF448D        1170304        ----a-w-        C:\Program Files (x86)\a-squared Free\a2free.exe
2013-05-02 07:53:51        F97A7C12E7E093918B77B18CD1923D1F        903312        ----a-w-        C:\Program Files (x86)\a-squared Free\a2cmd.exe
2013-05-02 07:53:51        168531B781D98EB33448008535D6F85E        991144        ----a-w-        C:\Program Files (x86)\a-squared Free\unins000.exe
2013-05-02 07:52:41        131195C019BA65272F06B4021BB20606        83704128        ----a-w-        C:\Users\Alex\Downloads\a2FreeSetup27.exe
2013-05-02 07:35:25        2D3F145B357E282F01ED3B1DD0CD21E1        45937744        ----a-w-        C:\Users\Alex\AppData\Local\Temp\SHSetup.exe
2013-05-02 07:03:19        679961DBF90452F472944013C3B2741B        1429584        ----a-w-        C:\Users\Alex\AppData\Local\Temp\Desk365\eInstall\eInstall.exe
2013-05-02 07:02:59        22BA8B50AF5F4FE3C4C8AAF5870B7137        331136        ----a-w-        C:\Users\Alex\Desktop\26.01.13\mt\Setup.exe
2013-05-02 07:02:56        E0B80E6B894F6267A7E6FD88FBA18136        1258752        ----a-w-        C:\Users\Alex\AppData\Local\Temp\dca5cecae03cf228814e2e7bb36ae1c6\amazonicon.exe
2013-05-02 07:02:56        B22171908E066EE0445FCE6C8EA30633        42496        ----a-w-        C:\Users\Alex\AppData\Local\Temp\amazoninstallernircmdc.exe
2013-05-02 07:02:55        2F46A2E37FB05642A0E859545D6B09F7        854848        ----a-w-        C:\Users\Alex\AppData\Local\Temp\383c717c3b02aa1e5df72219c11cac6d\IminentSetup_1.0Hnjl76.10.exe
2013-05-02 07:02:55        2ABCD4B961A059517A46322B2EC3FB6E        105040        ----a-w-        C:\Users\Alex\AppData\Local\Temp\615740aeb16670034e62aed0449c4dfd\qvo6.exe
2013-05-02 07:02:54        E0B80E6B894F6267A7E6FD88FBA18136        1258752        ----a-w-        C:\Users\Alex\AppData\Local\Temp\amazonicon.exe
2013-05-02 07:02:49        2ABCD4B961A059517A46322B2EC3FB6E        105040        ----a-w-        C:\Users\Alex\AppData\Local\Temp\qvo6.exe
2013-05-02 07:02:48        2F46A2E37FB05642A0E859545D6B09F7        854848        ----a-w-        C:\Users\Alex\AppData\Local\Temp\IminentSetup_1.0Hnjl76.10.exe
2013-05-02 07:01:48        558A71E091285DE63CCBB125B883AABE        1162496        ----a-w-        C:\Users\Alex\Downloads\Mein-Traffic-Setup.exe
2013-05-01 10:03:43        0D40E080353F33F469C1295719C22DEE        53135360        ----a-r-        C:\Users\Alex\Desktop\Neuer Ordner\FM2013 Crack\Manager13.exe
2013-04-30 19:36:43        8BE25E7B99FEF9792325090A050EF429        503079504        ----a-w-        C:\Users\Alex\Downloads\Leisure.Suit.Larrys.Greatest.Hits.and.Misses-GoodOldGames\setup_leisure_suit_larry_2.0.0.15.exe
2013-04-25 17:26:06        C811D9A69FC58DE2B01BD132EF8D54EB        765952        ------w-        C:\Users\Alex\AppData\Local\Apps\2.0\RXTHCG3V.QLE\DQADKTY2.YT3\mode..tion_4dc50946373bf705_0002.0000_4c92121947e52818\Model_Viewer.exe
=== C: other files ==
2013-05-02 08:56:30        0AC60EFE7A554E9114AD9598FA143EC2        2230623        ----a-w-        C:\Users\Alex\Downloads\WOT Mods\3903-shkurka-dlya-vk3601h-anime-skin-wot-manual.zip
2013-05-02 07:37:33        D41D8CD98F00B204E9800998ECF8427E        0        ----a-w-        C:\autoexec.bat
2013-05-02 07:37:13        3B32CAA07D672F8A2E0DF5CB3A873F45        22704        ----a-w-        C:\Windows\System32\drivers\EsgScanner.sys
2013-05-02 07:37:13        3B32CAA07D672F8A2E0DF5CB3A873F45        22704        ----a-w-        C:\Users\Alex\AppData\Local\Temp\ESGScanner.sys
2013-05-02 07:02:58        C191C3FA9BA5FBCBE85A4E3B83002A94        23713        ----a-w-        C:\Users\Alex\AppData\Local\Temp\scoped_dir_4056_18093\amazon.crx
2013-05-02 07:02:58        60DD7AD17780A514EBB8DC7FE2B30DC2        2591744        ----a-w-        C:\Users\Alex\AppData\Local\Temp\OptimizerPro_new.zip
2013-05-02 07:02:57        C191C3FA9BA5FBCBE85A4E3B83002A94        23713        ----a-w-        C:\Users\Alex\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
2013-05-02 07:02:57        C191C3FA9BA5FBCBE85A4E3B83002A94        23713        ----a-w-        C:\Users\Alex\AppData\Local\Temp\amazon.crx
2013-05-02 07:02:57        7E75DF97F3D99BFAECE7C19043AA9DAC        4299        ----a-w-        C:\Users\Alex\AppData\Local\Temp\amazon.xpi
2013-05-02 07:02:46        CC3CD783263F3B582F6DC509F4B3373B        815948        ----a-w-        C:\Users\Alex\AppData\Local\Temp\mt.zip
2013-04-30 10:33:21        9A23FA3EA70AC8EF67FE3A0815C968C6        1805805        ----a-w-        C:\Users\Alex\Downloads\WOT Mods\1274-anime-shkurka-dlya-is-8-wot-manual.zip
2013-04-30 10:32:27        ED6BB712190BB3EE14DAE597397AA89F        3796321        ----a-w-        C:\Users\Alex\Downloads\WOT Mods\1274-anime-shkurka-dlya-is-8-wot.zip

==== Firefox Extensions ======================

ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Amazon-Icon - %ProfilePath%\extensions\amazon-icon@winload.de

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blaofbhgbmeikidhlkmjhbkbfohpgekf - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]
mkcedibhemacmilmkpndpkoidlnmgngg - C:\Users\Alex\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx[02.05.2013 09:02]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07.02.2013 07:47]
pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
amfclgbdpgndipgoegfpkkgobahigbcl - C:\Users\Alex\AppData\Local\Smartbar/Application\1Extension.crx[]

Last updated at time on date - Alex - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
RealDownloader - Alex - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Alex - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Bitdefender QuickScan - Alex - Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
Where is my water? - Alex - Default\Extensions\plgellfihbddhjgclldmelbgepdlpapc

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
"Search Page"="hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=9f8764bd-c76e-4e3f-9646-4be97ea20f6f&searchtype=ds&q={searchTerms}&installDate=03/04/2013"
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187"
"Search Bar"="hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=9f8764bd-c76e-4e3f-9646-4be97ea20f6f&searchtype=ds&q={searchTerms}&installDate=03/04/2013"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187"
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187"
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=9f8764bd-c76e-4e3f-9646-4be97ea20f6f&searchtype=ds&q={searchTerms}&installDate=03/04/2013"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=9f8764bd-c76e-4e3f-9646-4be97ea20f6f&searchtype=ds&q={searchTerms}&installDate=03/04/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=9f8764bd-c76e-4e3f-9646-4be97ea20f6f&searchtype=ds&q={searchTerms}&installDate=03/04/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=9f8764bd-c76e-4e3f-9646-4be97ea20f6f&searchtype=ds&q={searchTerms}&installDate=03/04/2013"
"SearchAssistant"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=4587570"
"CustomizeSearch"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=4587570"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.de/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Alex\Desktop\Spiele\Driver San Francisco - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\European Bus Simulator Basic 2012.lnk - D:\Spiele\astragon\European Bus Simulator 2012\Bin32\BusSimulator2012.exe
C:\Users\Alex\Desktop\Spiele\LaunchEFLC - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\LaunchGTAIV - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\Lost Horizon.lnk - D:\Spiele\Deep Silver\Lost Horizon\AutoStarter.exe
C:\Users\Alex\Desktop\Spiele\Rockstar Games Social Club.lnk - D:\Spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
C:\Users\Alex\Desktop\Spiele\SIERW5 - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\You don't know Jack 4.lnk - D:\Spiele\You don't know Jack 4\YDKJ 4.exe
C:\Users\Alex\Desktop\Spiele\Wimmelbild\FBI - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\Wimmelbild\Frankenstein - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\Wimmelbild\MCF4 - Madame Fate.lnk - D:\Spiele\MCF4 - Madame Fate\MadameFate.exe
C:\Users\Alex\Desktop\Spiele\Wimmelbild\Mystery Murders - Jack the Ripper 2.lnk - D:\Spiele\Rondomedia\Mystery Murders - Jack the Ripper 2\jackTheRipper2.exe
C:\Users\Alex\Desktop\Spiele\Wimmelbild\Nemo - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\Wimmelbild\Profiler - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\Wimmelbild\TimeMachine - Verknüpfung.lnk - 
C:\Users\Alex\Desktop\Spiele\Wimmelbild\Vatican - Verknüpfung.lnk - 
C:\Users\UpdatusUser\Desktop\MyVideoConverter Pro.lnk - C:\Program Files (x86)\MyVideoConverter Pro\MyVideoConverter_pro.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187

==== shortcuts in Users Start Menu ======================

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Command line documentation.lnk - C:\Users\Alex\AppData\Local\New Technology Studio\Apps\OpenIV\command line.txt
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk - 
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Run OpenIV.lnk - C:\Users\Alex\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Uninstall OpenIV.lnk - C:\Users\Alex\AppData\Local\New Technology Studio\Apps\OpenIV\uninstall.exe -uninstall
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia\Mystery Murders - Jack the Ripper 2\Mystery Murders - Jack the Ripper 2 Uninstaller.lnk - D:\Spiele\Rondomedia\Mystery Murders - Jack the Ripper 2\Uninstall.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia\Mystery Murders - Jack the Ripper 2\Mystery Murders - Jack the Ripper 2.lnk - D:\Spiele\Rondomedia\Mystery Murders - Jack the Ripper 2\jackTheRipper2.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\SIGNINOPTIONS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free\a-squared Free.lnk - C:\Program Files (x86)\a-squared Free\a2free.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free\a-squared Homepage.lnk - C:\Program Files (x86)\a-squared Free\a-squared homepage.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free\Deinstallieren.lnk - C:\Program Files (x86)\a-squared Free\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free\Scan Berichte.lnk - C:\Users\Alex\Documents\a-squared Free\Reports
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free\Scansets.lnk - C:\Users\Alex\Documents\a-squared Free\Scansets
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver\Lost Horizon\Lost Horizon deinstallieren.lnk - C:\Program Files (x86)\InstallShield Installation Information\{850FD908-5381-4D6D-BE6E-8E489B366FFF}\setup.exe -runfromtemp -l0x0407
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver\Lost Horizon\Lost Horizon Liesmich-Datei anzeigen.lnk - D:\Spiele\Deep Silver\Lost Horizon\Autostarter\LiesMich.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver\Lost Horizon\Lost Horizon starten.lnk - D:\Spiele\Deep Silver\Lost Horizon\Autostarter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver\Lost Horizon\Spieleinstellungen anzeigen.lnk - D:\Spiele\Deep Silver\Lost Horizon\ConfigTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Codec-Einstellungen.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=decoder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Technische Unterstützung.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Nach Updates suchen.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Registrieren.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Deinstallieren.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware Wächter.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft HiJackFree.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2HiJackFree.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Homepage.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\Emsisoft.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Hilfe.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\de-de.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Scan Berichte.lnk - C:\Users\Alex\Documents\Anti-Malware\Reports
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Scansets.lnk - C:\Users\Alex\Documents\Anti-Malware\Scansets
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012\Manual.lnk - D:\Spiele\astragon\European Bus Simulator 2012\Manual_EuropeanBusSimulator2012_UK.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012\Play European Bus Simulator 2012 Basic.lnk - D:\Spiele\astragon\European Bus Simulator 2012\Bin32\BusSimulator2012.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012\Play European Bus Simulator 2012 High.lnk - D:\Spiele\astragon\European Bus Simulator 2012\Bin64\BusSimulator2012.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012\Read Me v1.3.1 Update.lnk - D:\Spiele\astragon\European Bus Simulator 2012\Readme_v1_3_1.TXT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\European Bus Simulator 2012\Uninstall European Bus Simulator 2012.lnk - D:\Spiele\astragon\European Bus Simulator 2012\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Driver San Francisco.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto Episodes from Liberty City.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto IV.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Lost Horizon.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCF4 - Madame Fate\MCF4 - Madame Fate.lnk - D:\Spiele\MCF4 - Madame Fate\MadameFate.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\20.000 Meilen unter dem Meer\20.000 Meilen unter dem Meer deinstallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {6692A6CC-6EDA-40C3-8F57-1E8ECD5AE2E0}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\20.000 Meilen unter dem Meer\20.000 Meilen unter dem Meer.lnk - D:\Spiele\Purplehills\20.000 Meilen unter dem Meer\Nemo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\FBI\Deinstallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {41E21FBD-DE0F-46D9-8B6C-534DD13DBBB6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\FBI\FBI.lnk - C:\Windows\Installer\{41E21FBD-DE0F-46D9-8B6C-534DD13DBBB6}\FBI.exe_F902CE676106409181B4C13DA8BF9AC7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Frankenstein\Frankenstein deinstallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {610B773E-3183-43D5-B01D-862EFF276B81}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Frankenstein\Frankenstein.lnk - D:\Spiele\Purplehills\Frankenstein\Frankenstein.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Profiler\Profiler deinstallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {164B5A9F-D9BD-4EC3-880E-61A4E6935EEB}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Profiler\Profiler.lnk - D:\Spiele\Purplehills\Profiler\Profiler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Secrets of Vatican\Secrets of Vatican deintallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {66B76A83-4B3A-4218-82A4-862E26B745CA}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Secrets of Vatican\Secrets of Vatican.lnk - D:\Spiele\Purplehills\Secrets of Vatican\Vatican.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Time Machine\Time Machine deinstallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {9F9D845C-A5F0-423B-9820-240771C7645D}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PurpleHills\Time Machine\Time Machine.lnk - D:\Spiele\Purplehills\Time Machine\TimeMachine.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Social Club.lnk - D:\Spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV.lnk - D:\Spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe -safemode
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Lizenz widerrufen.lnk - D:\Spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe  /revoke
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Leisure Suit Larry 7\Leisure Suit Larry 7.lnk - D:\Spiele\Sierra\Leisure Suit Larry 7\SIERW5.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\You don't know Jack 4\You don't know Jack 4 entfernen.lnk - D:\Spiele\You don't know Jack 4\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\You don't know Jack 4\You don't know Jack 4.lnk - D:\Spiele\You don't know Jack 4\YDKJ 4.exe

==== shortcuts in Quick Launch ======================

C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\a-squared Free.lnk - C:\Program Files (x86)\a-squared Free\a2free.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Alex\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

smeenk 02.05.2013 18:35
Prima :daumenhoc
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    C:\Users\Alex\ChromeExtensions;fs
    mkcedibhemacmilmkpndpkoidlnmgngg;chr
    startupall;
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen.
  • Poste mir das Log File zoek-results.log


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

bohm 02.05.2013 18:47
wenn ich nochmal zoek machen soll, kommt diese Meldung:

C:\Users\Alex\AppData\Local\Temp\PEVZ.EXE ist keine zulässige Win32-Anwendung

Code:
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Alex on 02.05.2013 at 19:44:44,29.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Possible Rootkit Infection ======================

C:\Windows\system32\services.exe Possible Infected!

==== Deleting Files \ Folders ======================


==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Browser Infrastructure Helper"="C:\Users\Alex\AppData\Local\Smartbar\Application\QuickShare.exe startup"
"MsgCenterExe"="C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe  -osboot"

[HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe  -osboot"
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d=60"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Browser Infrastructure Helper"="C:\Users\Alex\AppData\Local\Smartbar\Application\QuickShare.exe startup"
"MsgCenterExe"="C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe  -osboot"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"CmPCIaudio"="C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd"
"IntelliType Pro"="C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"IntelliPoint"="C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"TkBellExe"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\update\\realsched.exe\"  -osboot"
"UVS11 Preload"="C:\\Program Files (x86)\\Ulead Systems\\Ulead VideoStudio 11\\uvPL.exe"
"DivXUpdate"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"


==== Task Scheduler Jobs ======================
Code:
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Alex on 02.05.2013 at 19:49:30,47.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Possible Rootkit Infection ======================

C:\Windows\system32\services.exe Possible Infected!

==== Deleting Files \ Folders ======================


==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Browser Infrastructure Helper"="C:\Users\Alex\AppData\Local\Smartbar\Application\QuickShare.exe startup"
"MsgCenterExe"="C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe  -osboot"

[HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe  -osboot"
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d=60"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Browser Infrastructure Helper"="C:\Users\Alex\AppData\Local\Smartbar\Application\QuickShare.exe startup"
"MsgCenterExe"="C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe  -osboot"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"CmPCIaudio"="C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd"
"IntelliType Pro"="C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"IntelliPoint"="C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"TkBellExe"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\update\\realsched.exe\"  -osboot"
"UVS11 Preload"="C:\\Program Files (x86)\\Ulead Systems\\Ulead VideoStudio 11\\uvPL.exe"
"DivXUpdate"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"


==== Task Scheduler Jobs ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]
mkcedibhemacmilmkpndpkoidlnmgngg - C:\Users\Alex\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx[02.05.2013 09:02]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07.02.2013 07:47]

==== Chrome Fix ======================

C:\Users\Alex\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully
HKEY_USERS\S-1-5-21-3833738761-3407712013-1824015166-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg deleted successfully
und einmal Adwcleaner

Code:
# AdwCleaner v2.300 - Datei am 02/05/2013 um 19:53:58 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Alex - PEACHY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\pc optimizer pro
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\d0dad1b538ea17
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU600309203092&ts=1367478187 --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [15349 octets] - [02/05/2013 19:53:58]

########## EOF - C:\AdwCleaner[S1].txt - [15410 octets] ##########

smeenk 02.05.2013 19:30
Vielleicht ist da noch etwas mehr los :confused:

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

bohm 02.05.2013 19:44
Mach mir keine Angst!

Code:
20:41:23.0650 5536  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:41:24.0238 5536  ============================================================
20:41:24.0238 5536  Current date / time: 2013/05/02 20:41:24.0238
20:41:24.0238 5536  SystemInfo:
20:41:24.0238 5536 
20:41:24.0238 5536  OS Version: 6.1.7601 ServicePack: 1.0
20:41:24.0238 5536  Product type: Workstation
20:41:24.0239 5536  ComputerName: PEACHY
20:41:24.0239 5536  UserName: Alex
20:41:24.0239 5536  Windows directory: C:\Windows
20:41:24.0239 5536  System windows directory: C:\Windows
20:41:24.0239 5536  Running under WOW64
20:41:24.0239 5536  Processor architecture: Intel x64
20:41:24.0239 5536  Number of processors: 4
20:41:24.0239 5536  Page size: 0x1000
20:41:24.0239 5536  Boot type: Normal boot
20:41:24.0239 5536  ============================================================
20:41:31.0483 5536  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:31.0602 5536  ============================================================
20:41:31.0602 5536  \Device\Harddisk0\DR0:
20:41:31.0624 5536  MBR partitions:
20:41:31.0624 5536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x124F6000
20:41:31.0640 5536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F6C71, BlocksNum 0x27E8A10F
20:41:31.0640 5536  ============================================================
20:41:32.0153 5536  C: <-> \Device\Harddisk0\DR0\Partition1
20:41:32.0513 5536  D: <-> \Device\Harddisk0\DR0\Partition2
20:41:32.0513 5536  ============================================================
20:41:32.0514 5536  Initialize success
20:41:32.0514 5536  ============================================================
20:42:05.0674 1236  ============================================================
20:42:05.0674 1236  Scan started
20:42:05.0674 1236  Mode: Manual; SigCheck; TDLFS;
20:42:05.0674 1236  ============================================================
20:42:06.0139 1236  ================ Scan system memory ========================
20:42:06.0139 1236  System memory - ok
20:42:06.0140 1236  ================ Scan services =============================
20:42:06.0294 1236  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:42:06.0378 1236  1394ohci - ok
20:42:06.0468 1236  [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc          C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
20:42:06.0509 1236  a2acc - ok
20:42:06.0567 1236  [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware  C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
20:42:06.0618 1236  a2AntiMalware - ok
20:42:06.0630 1236  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA          C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
20:42:06.0638 1236  A2DDA - ok
20:42:06.0735 1236  [ 160270FB6706B45392B3C20753BEF1A9 ] a2free          C:\Program Files (x86)\a-squared Free\a2service.exe
20:42:06.0780 1236  a2free - ok
20:42:06.0791 1236  [ 3D55CE53128C81E06CD6B024C3B9FAC3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
20:42:06.0800 1236  a2injectiondriver - ok
20:42:06.0809 1236  [ 0932B29AA1B9372FFE6D3AF8BA2ABA3A ] a2util          C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
20:42:06.0816 1236  a2util - ok
20:42:06.0885 1236  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
20:42:07.0798 1236  acedrv11 - ok
20:42:07.0821 1236  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:42:07.0834 1236  ACPI - ok
20:42:07.0856 1236  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
20:42:07.0941 1236  AcpiPmi - ok
20:42:08.0005 1236  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:42:08.0032 1236  AdobeARMservice - ok
20:42:08.0130 1236  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:42:08.0161 1236  AdobeFlashPlayerUpdateSvc - ok
20:42:08.0188 1236  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
20:42:08.0208 1236  adp94xx - ok
20:42:08.0244 1236  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
20:42:08.0257 1236  adpahci - ok
20:42:08.0272 1236  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
20:42:08.0283 1236  adpu320 - ok
20:42:08.0311 1236  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:42:08.0447 1236  AeLookupSvc - ok
20:42:08.0481 1236  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
20:42:08.0538 1236  AFD - ok
20:42:08.0568 1236  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:42:08.0583 1236  agp440 - ok
20:42:08.0602 1236  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
20:42:08.0642 1236  ALG - ok
20:42:08.0667 1236  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:42:08.0682 1236  aliide - ok
20:42:08.0707 1236  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:42:08.0715 1236  amdide - ok
20:42:08.0738 1236  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
20:42:08.0775 1236  AmdK8 - ok
20:42:08.0800 1236  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:42:08.0815 1236  AmdPPM - ok
20:42:08.0843 1236  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
20:42:08.0853 1236  amdsata - ok
20:42:08.0864 1236  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:42:08.0876 1236  amdsbs - ok
20:42:08.0893 1236  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
20:42:08.0901 1236  amdxata - ok
20:42:08.0923 1236  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
20:42:09.0054 1236  AppID - ok
20:42:09.0077 1236  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:42:09.0137 1236  AppIDSvc - ok
20:42:09.0148 1236  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
20:42:09.0188 1236  Appinfo - ok
20:42:09.0228 1236  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
20:42:09.0263 1236  AppMgmt - ok
20:42:09.0279 1236  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
20:42:09.0288 1236  arc - ok
20:42:09.0308 1236  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:42:09.0318 1236  arcsas - ok
20:42:09.0365 1236  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
20:42:09.0388 1236  AsIO - ok
20:42:09.0496 1236  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:42:09.0525 1236  aspnet_state - ok
20:42:09.0553 1236  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:09.0623 1236  AsyncMac - ok
20:42:09.0663 1236  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
20:42:09.0690 1236  atapi - ok
20:42:09.0723 1236  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
20:42:09.0733 1236  AtiPcie - ok
20:42:09.0764 1236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:42:09.0837 1236  AudioEndpointBuilder - ok
20:42:09.0855 1236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:42:09.0884 1236  AudioSrv - ok
20:42:09.0898 1236  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:42:09.0988 1236  AxInstSV - ok
20:42:10.0024 1236  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
20:42:10.0068 1236  b06bdrv - ok
20:42:10.0097 1236  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:42:10.0126 1236  b57nd60a - ok
20:42:10.0162 1236  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:42:10.0201 1236  BDESVC - ok
20:42:10.0216 1236  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:42:10.0263 1236  Beep - ok
20:42:10.0295 1236  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
20:42:10.0337 1236  BFE - ok
20:42:10.0373 1236  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:42:10.0422 1236  BITS - ok
20:42:10.0450 1236  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:42:10.0469 1236  blbdrive - ok
20:42:10.0492 1236  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:42:10.0518 1236  bowser - ok
20:42:10.0534 1236  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:42:10.0555 1236  BrFiltLo - ok
20:42:10.0571 1236  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:42:10.0582 1236  BrFiltUp - ok
20:42:10.0599 1236  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
20:42:10.0616 1236  Browser - ok
20:42:10.0634 1236  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
20:42:10.0686 1236  Brserid - ok
20:42:10.0716 1236  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:42:10.0764 1236  BrSerWdm - ok
20:42:10.0781 1236  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:42:10.0805 1236  BrUsbMdm - ok
20:42:10.0820 1236  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:42:10.0843 1236  BrUsbSer - ok
20:42:10.0856 1236  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:42:10.0885 1236  BTHMODEM - ok
20:42:10.0907 1236  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
20:42:10.0949 1236  bthserv - ok
20:42:11.0000 1236  [ 1778EBA872274C1226D869CD9486847E ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
20:42:11.0032 1236  Capture Device Service - ok
20:42:11.0058 1236  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:42:11.0107 1236  cdfs - ok
20:42:11.0134 1236  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
20:42:11.0165 1236  cdrom - ok
20:42:11.0200 1236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
20:42:11.0291 1236  CertPropSvc - ok
20:42:11.0308 1236  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:42:11.0337 1236  circlass - ok
20:42:11.0352 1236  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:42:11.0368 1236  CLFS - ok
20:42:11.0431 1236  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:11.0459 1236  clr_optimization_v2.0.50727_32 - ok
20:42:11.0497 1236  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:11.0511 1236  clr_optimization_v2.0.50727_64 - ok
20:42:11.0579 1236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:11.0607 1236  clr_optimization_v4.0.30319_32 - ok
20:42:11.0619 1236  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:42:11.0629 1236  clr_optimization_v4.0.30319_64 - ok
20:42:11.0664 1236  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:42:11.0699 1236  CmBatt - ok
20:42:11.0727 1236  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:42:11.0741 1236  cmdide - ok
20:42:11.0777 1236  [ 2835BF2A864CDE9184C80CF4E6A485F9 ] cmuda3          C:\Windows\system32\drivers\cmudax3.sys
20:42:11.0854 1236  cmuda3 - ok
20:42:11.0878 1236  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
20:42:11.0908 1236  CNG - ok
20:42:11.0919 1236  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:42:11.0928 1236  Compbatt - ok
20:42:11.0953 1236  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:42:11.0974 1236  CompositeBus - ok
20:42:11.0988 1236  COMSysApp - ok
20:42:11.0999 1236  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
20:42:12.0008 1236  crcdisk - ok
20:42:12.0029 1236  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:42:12.0077 1236  CryptSvc - ok
20:42:12.0108 1236  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\Windows\system32\drivers\csc.sys
20:42:12.0141 1236  CSC - ok
20:42:12.0160 1236  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:42:12.0193 1236  CscService - ok
20:42:12.0233 1236  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:42:12.0249 1236  dc3d - ok
20:42:12.0283 1236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:42:12.0352 1236  DcomLaunch - ok
20:42:12.0372 1236  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
20:42:12.0410 1236  defragsvc - ok
20:42:12.0422 1236  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:42:12.0460 1236  DfsC - ok
20:42:12.0482 1236  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:42:12.0512 1236  Dhcp - ok
20:42:12.0535 1236  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:42:12.0573 1236  discache - ok
20:42:12.0594 1236  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:42:12.0603 1236  Disk - ok
20:42:12.0662 1236  [ D9B7D76727B1A18BD7E75463974CC5A4 ] Disk Cleaner Service C:\Program Files (x86)\Disk Cleaner\DiskCleanerService.exe
20:42:12.0848 1236  Disk Cleaner Service - ok
20:42:12.0884 1236  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc          C:\Windows\system32\drivers\dmvsc.sys
20:42:12.0922 1236  dmvsc - ok
20:42:12.0947 1236  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:42:13.0003 1236  Dnscache - ok
20:42:13.0037 1236  [ FA122BC1451B1B35B7814FBE1ACF1924 ] Dokan          C:\Windows\system32\drivers\dokan.sys
20:42:13.0069 1236  Dokan - ok
20:42:13.0114 1236  [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
20:42:13.0146 1236  DokanMounter ( UnsignedFile.Multi.Generic ) - warning
20:42:13.0146 1236  DokanMounter - detected UnsignedFile.Multi.Generic (1)
20:42:13.0175 1236  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
20:42:13.0233 1236  dot3svc - ok
20:42:13.0237 1236  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
20:42:13.0267 1236  DPS - ok
20:42:13.0295 1236  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:42:13.0306 1236  drmkaud - ok
20:42:13.0338 1236  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:42:13.0349 1236  dtsoftbus01 - ok
20:42:13.0380 1236  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:42:13.0399 1236  DXGKrnl - ok
20:42:13.0411 1236  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
20:42:13.0447 1236  EapHost - ok
20:42:13.0495 1236  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
20:42:13.0596 1236  ebdrv - ok
20:42:13.0619 1236  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
20:42:13.0659 1236  EFS - ok
20:42:13.0734 1236  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
20:42:13.0796 1236  ehRecvr - ok
20:42:13.0808 1236  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
20:42:13.0824 1236  ehSched - ok
20:42:13.0858 1236  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
20:42:13.0884 1236  elxstor - ok
20:42:13.0895 1236  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:42:13.0911 1236  ErrDev - ok
20:42:13.0956 1236  [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
20:42:13.0992 1236  EsgScanner - ok
20:42:14.0023 1236  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
20:42:14.0077 1236  EventSystem - ok
20:42:14.0094 1236  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
20:42:14.0122 1236  exfat - ok
20:42:14.0139 1236  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:42:14.0177 1236  fastfat - ok
20:42:14.0207 1236  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
20:42:14.0241 1236  Fax - ok
20:42:14.0253 1236  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
20:42:14.0272 1236  fdc - ok
20:42:14.0280 1236  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
20:42:14.0307 1236  fdPHost - ok
20:42:14.0312 1236  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:42:14.0358 1236  FDResPub - ok
20:42:14.0416 1236  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:42:14.0447 1236  FileInfo - ok
20:42:14.0462 1236  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:42:14.0513 1236  Filetrace - ok
20:42:14.0527 1236  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:42:14.0536 1236  flpydisk - ok
20:42:14.0558 1236  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:42:14.0570 1236  FltMgr - ok
20:42:14.0612 1236  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\Windows\system32\FntCache.dll
20:42:14.0678 1236  FontCache - ok
20:42:14.0728 1236  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:42:14.0753 1236  FontCache3.0.0.0 - ok
20:42:14.0766 1236  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
20:42:14.0781 1236  FsDepends - ok
20:42:14.0798 1236  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:42:14.0811 1236  Fs_Rec - ok
20:42:14.0851 1236  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:42:14.0873 1236  fvevol - ok
20:42:14.0891 1236  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:42:14.0900 1236  gagp30kx - ok
20:42:14.0932 1236  [ CB121F1009623E83EBCC2C4DCEF6D3FE ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:14.0938 1236  GEARAspiWDM - ok
20:42:14.0966 1236  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
20:42:15.0000 1236  gpsvc - ok
20:42:15.0077 1236  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:15.0104 1236  gupdate - ok
20:42:15.0119 1236  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:15.0131 1236  gupdatem - ok
20:42:15.0144 1236  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:42:15.0169 1236  hcw85cir - ok
20:42:15.0202 1236  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:42:15.0231 1236  HdAudAddService - ok
20:42:15.0259 1236  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:15.0300 1236  HDAudBus - ok
20:42:15.0311 1236  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
20:42:15.0338 1236  HidBatt - ok
20:42:15.0348 1236  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:42:15.0376 1236  HidBth - ok
20:42:15.0389 1236  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
20:42:15.0406 1236  HidIr - ok
20:42:15.0440 1236  [ 46BBE8EA221461A65F18A078528F4B2C ] hidkmdf        C:\Windows\system32\DRIVERS\hidkmdf.sys
20:42:15.0447 1236  hidkmdf - ok
20:42:15.0467 1236  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
20:42:15.0494 1236  hidserv - ok
20:42:15.0522 1236  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:42:15.0531 1236  HidUsb - ok
20:42:15.0541 1236  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:42:15.0621 1236  hkmsvc - ok
20:42:15.0650 1236  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:42:15.0699 1236  HomeGroupListener - ok
20:42:15.0726 1236  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:42:15.0749 1236  HomeGroupProvider - ok
20:42:15.0780 1236  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:42:15.0795 1236  HpSAMD - ok
20:42:15.0824 1236  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:42:15.0887 1236  HTTP - ok
20:42:15.0904 1236  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:42:15.0912 1236  hwpolicy - ok
20:42:15.0928 1236  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:42:15.0938 1236  i8042prt - ok
20:42:15.0964 1236  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
20:42:15.0978 1236  iaStorV - ok
20:42:16.0020 1236  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:42:16.0040 1236  idsvc - ok
20:42:16.0051 1236  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
20:42:16.0060 1236  iirsp - ok
20:42:16.0090 1236  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:42:16.0133 1236  IKEEXT - ok
20:42:16.0235 1236  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:42:16.0290 1236  IntcAzAudAddService - ok
20:42:16.0301 1236  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:42:16.0309 1236  intelide - ok
20:42:16.0330 1236  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:42:16.0351 1236  intelppm - ok
20:42:16.0365 1236  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
20:42:16.0405 1236  IPBusEnum - ok
20:42:16.0418 1236  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:16.0444 1236  IpFilterDriver - ok
20:42:16.0466 1236  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:42:16.0495 1236  iphlpsvc - ok
20:42:16.0509 1236  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
20:42:16.0519 1236  IPMIDRV - ok
20:42:16.0532 1236  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
20:42:16.0574 1236  IPNAT - ok
20:42:16.0585 1236  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:42:16.0615 1236  IRENUM - ok
20:42:16.0627 1236  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:42:16.0636 1236  isapnp - ok
20:42:16.0653 1236  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:42:16.0666 1236  iScsiPrt - ok
20:42:16.0681 1236  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:16.0690 1236  kbdclass - ok
20:42:16.0714 1236  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:16.0754 1236  kbdhid - ok
20:42:16.0777 1236  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:42:16.0802 1236  KeyIso - ok
20:42:16.0830 1236  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:42:16.0845 1236  KSecDD - ok
20:42:16.0860 1236  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
20:42:16.0876 1236  KSecPkg - ok
20:42:16.0888 1236  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
20:42:16.0933 1236  ksthunk - ok
20:42:16.0955 1236  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:42:16.0993 1236  KtmRm - ok
20:42:17.0025 1236  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:42:17.0068 1236  LanmanServer - ok
20:42:17.0087 1236  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:42:17.0123 1236  LanmanWorkstation - ok
20:42:17.0144 1236  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:42:17.0207 1236  lltdio - ok
20:42:17.0227 1236  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:42:17.0273 1236  lltdsvc - ok
20:42:17.0286 1236  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:42:17.0355 1236  lmhosts - ok
20:42:17.0391 1236  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:42:17.0404 1236  LSI_FC - ok
20:42:17.0411 1236  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
20:42:17.0424 1236  LSI_SAS - ok
20:42:17.0447 1236  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:42:17.0456 1236  LSI_SAS2 - ok
20:42:17.0469 1236  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:42:17.0479 1236  LSI_SCSI - ok
20:42:17.0496 1236  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
20:42:17.0529 1236  luafv - ok
20:42:17.0547 1236  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
20:42:17.0558 1236  Mcx2Svc - ok
20:42:17.0565 1236  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
20:42:17.0574 1236  megasas - ok
20:42:17.0592 1236  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:42:17.0604 1236  MegaSR - ok
20:42:17.0635 1236  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
20:42:17.0712 1236  MMCSS - ok
20:42:17.0723 1236  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
20:42:17.0756 1236  Modem - ok
20:42:17.0796 1236  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
20:42:17.0848 1236  monitor - ok
20:42:17.0898 1236  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:42:17.0912 1236  mouclass - ok
20:42:17.0934 1236  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:42:17.0958 1236  mouhid - ok
20:42:17.0971 1236  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:42:17.0985 1236  mountmgr - ok
20:42:18.0030 1236  [ 9CE4C8A46B585EB5103EFE5FDEF3703F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:42:18.0060 1236  MozillaMaintenance - ok
20:42:18.0095 1236  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:42:18.0116 1236  MpFilter - ok
20:42:18.0127 1236  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:42:18.0138 1236  mpio - ok
20:42:18.0151 1236  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:42:18.0178 1236  mpsdrv - ok
20:42:18.0205 1236  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:42:18.0240 1236  MpsSvc - ok
20:42:18.0254 1236  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:42:18.0277 1236  MRxDAV - ok
20:42:18.0295 1236  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:18.0320 1236  mrxsmb - ok
20:42:18.0334 1236  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:18.0346 1236  mrxsmb10 - ok
20:42:18.0354 1236  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:18.0364 1236  mrxsmb20 - ok
20:42:18.0376 1236  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:42:18.0385 1236  msahci - ok
20:42:18.0400 1236  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
20:42:18.0411 1236  msdsm - ok
20:42:18.0418 1236  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
20:42:18.0441 1236  MSDTC - ok
20:42:18.0456 1236  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:42:18.0497 1236  Msfs - ok
20:42:18.0507 1236  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
20:42:18.0548 1236  mshidkmdf - ok
20:42:18.0563 1236  MSICDSetup - ok
20:42:18.0571 1236  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:42:18.0579 1236  msisadrv - ok
20:42:18.0627 1236  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:42:18.0702 1236  MSiSCSI - ok
20:42:18.0706 1236  msiserver - ok
20:42:18.0732 1236  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:42:18.0785 1236  MSKSSRV - ok
20:42:18.0882 1236  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:42:18.0914 1236  MsMpSvc - ok
20:42:18.0952 1236  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:18.0997 1236  MSPCLOCK - ok
20:42:19.0000 1236  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:42:19.0033 1236  MSPQM - ok
20:42:19.0046 1236  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:42:19.0060 1236  MsRPC - ok
20:42:19.0075 1236  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:19.0083 1236  mssmbios - ok
20:42:19.0086 1236  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:42:19.0123 1236  MSTEE - ok
20:42:19.0133 1236  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:42:19.0142 1236  MTConfig - ok
20:42:19.0168 1236  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:42:19.0175 1236  MTsensor - ok
20:42:19.0182 1236  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
20:42:19.0190 1236  Mup - ok
20:42:19.0215 1236  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:42:19.0252 1236  napagent - ok
20:42:19.0281 1236  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:42:19.0311 1236  NativeWifiP - ok
20:42:19.0342 1236  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:42:19.0364 1236  NDIS - ok
20:42:19.0382 1236  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
20:42:19.0409 1236  NdisCap - ok
20:42:19.0432 1236  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:19.0458 1236  NdisTapi - ok
20:42:19.0481 1236  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:19.0506 1236  Ndisuio - ok
20:42:19.0513 1236  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:19.0552 1236  NdisWan - ok
20:42:19.0567 1236  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:42:19.0602 1236  NDProxy - ok
20:42:19.0613 1236  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:42:19.0651 1236  NetBIOS - ok
20:42:19.0674 1236  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
20:42:19.0702 1236  NetBT - ok
20:42:19.0710 1236  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:42:19.0719 1236  Netlogon - ok
20:42:19.0752 1236  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:42:19.0793 1236  Netman - ok
20:42:19.0815 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:42:19.0825 1236  NetMsmqActivator - ok
20:42:19.0828 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:42:19.0836 1236  NetPipeActivator - ok
20:42:19.0857 1236  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:42:19.0892 1236  netprofm - ok
20:42:19.0921 1236  [ 118E9136B5B48DD5B2CC81F78431A69E ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
20:42:19.0959 1236  netr7364 - ok
20:42:19.0963 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:42:19.0971 1236  NetTcpActivator - ok
20:42:19.0974 1236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:42:19.0983 1236  NetTcpPortSharing - ok
20:42:20.0015 1236  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
20:42:20.0024 1236  nfrd960 - ok
20:42:20.0060 1236  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:42:20.0070 1236  NisDrv - ok
20:42:20.0093 1236  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
20:42:20.0108 1236  NisSrv - ok
20:42:20.0146 1236  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:42:20.0167 1236  NlaSvc - ok
20:42:20.0177 1236  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:42:20.0204 1236  Npfs - ok
20:42:20.0221 1236  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
20:42:20.0254 1236  nsi - ok
20:42:20.0263 1236  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:42:20.0295 1236  nsiproxy - ok
20:42:20.0330 1236  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:42:20.0375 1236  Ntfs - ok
20:42:20.0389 1236  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:42:20.0430 1236  Null - ok
20:42:20.0447 1236  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
20:42:20.0474 1236  nusb3hub - ok
20:42:20.0504 1236  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
20:42:20.0548 1236  nusb3xhc - ok
20:42:20.0583 1236  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
20:42:20.0614 1236  NVHDA - ok
20:42:20.0799 1236  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:42:20.0982 1236  nvlddmkm - ok
20:42:21.0018 1236  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:42:21.0028 1236  nvraid - ok
20:42:21.0032 1236  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:42:21.0043 1236  nvstor - ok
20:42:21.0076 1236  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc          C:\Windows\system32\nvvsvc.exe
20:42:21.0097 1236  nvsvc - ok
20:42:21.0173 1236  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:42:21.0209 1236  nvUpdatusService - ok
20:42:21.0224 1236  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:42:21.0234 1236  nv_agp - ok
20:42:21.0247 1236  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:42:21.0282 1236  ohci1394 - ok
20:42:21.0311 1236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:42:21.0354 1236  p2pimsvc - ok
20:42:21.0373 1236  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:42:21.0394 1236  p2psvc - ok
20:42:21.0422 1236  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
20:42:21.0441 1236  Parport - ok
20:42:21.0459 1236  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:42:21.0468 1236  partmgr - ok
20:42:21.0484 1236  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:42:21.0509 1236  PcaSvc - ok
20:42:21.0519 1236  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
20:42:21.0530 1236  pci - ok
20:42:21.0536 1236  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:42:21.0544 1236  pciide - ok
20:42:21.0557 1236  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:42:21.0569 1236  pcmcia - ok
20:42:21.0586 1236  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
20:42:21.0595 1236  pcw - ok
20:42:21.0607 1236  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:42:21.0654 1236  PEAUTH - ok
20:42:21.0701 1236  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
20:42:21.0801 1236  PeerDistSvc - ok
20:42:21.0878 1236  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:42:21.0904 1236  PerfHost - ok
20:42:21.0944 1236  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
20:42:22.0019 1236  pla - ok
20:42:22.0077 1236  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:42:22.0134 1236  PlugPlay - ok
20:42:22.0151 1236  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
20:42:22.0179 1236  PNRPAutoReg - ok
20:42:22.0191 1236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
20:42:22.0209 1236  PNRPsvc - ok
20:42:22.0236 1236  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64        C:\Windows\system32\DRIVERS\point64.sys
20:42:22.0248 1236  Point64 - ok
20:42:22.0271 1236  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:42:22.0324 1236  PolicyAgent - ok
20:42:22.0347 1236  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
20:42:22.0387 1236  Power - ok
20:42:22.0422 1236  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:42:22.0460 1236  PptpMiniport - ok
20:42:22.0468 1236  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
20:42:22.0491 1236  Processor - ok
20:42:22.0522 1236  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
20:42:22.0554 1236  ProfSvc - ok
20:42:22.0568 1236  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:42:22.0577 1236  ProtectedStorage - ok
20:42:22.0585 1236  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:42:22.0617 1236  Psched - ok
20:42:22.0666 1236  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:42:22.0761 1236  ql2300 - ok
20:42:22.0776 1236  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:42:22.0786 1236  ql40xx - ok
20:42:22.0811 1236  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
20:42:22.0827 1236  QWAVE - ok
20:42:22.0834 1236  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:42:22.0858 1236  QWAVEdrv - ok
20:42:22.0872 1236  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:42:22.0898 1236  RasAcd - ok
20:42:22.0927 1236  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
20:42:22.0955 1236  RasAgileVpn - ok
20:42:22.0985 1236  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
20:42:23.0040 1236  RasAuto - ok
20:42:23.0075 1236  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:23.0153 1236  Rasl2tp - ok
20:42:23.0175 1236  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:42:23.0206 1236  RasMan - ok
20:42:23.0219 1236  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:23.0263 1236  RasPppoe - ok
20:42:23.0287 1236  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
20:42:23.0321 1236  RasSstp - ok
20:42:23.0334 1236  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:42:23.0377 1236  rdbss - ok
20:42:23.0392 1236  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:42:23.0403 1236  rdpbus - ok
20:42:23.0412 1236  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:23.0438 1236  RDPCDD - ok
20:42:23.0463 1236  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
20:42:23.0479 1236  RDPDR - ok
20:42:23.0492 1236  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:42:23.0529 1236  RDPENCDD - ok
20:42:23.0539 1236  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:42:23.0564 1236  RDPREFMP - ok
20:42:23.0584 1236  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
20:42:23.0615 1236  RDPWD - ok
20:42:23.0637 1236  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:42:23.0648 1236  rdyboost - ok
20:42:23.0689 1236  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:42:23.0696 1236  RealNetworks Downloader Resolver Service - ok
20:42:23.0721 1236  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:42:23.0783 1236  RemoteAccess - ok
20:42:23.0802 1236  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:42:23.0835 1236  RemoteRegistry - ok
20:42:23.0858 1236  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:42:23.0896 1236  RpcEptMapper - ok
20:42:23.0919 1236  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:42:23.0952 1236  RpcLocator - ok
20:42:23.0974 1236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
20:42:24.0012 1236  RpcSs - ok
20:42:24.0047 1236  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:42:24.0073 1236  rspndr - ok
20:42:24.0112 1236  [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
20:42:24.0126 1236  RTL8167 - ok
20:42:24.0147 1236  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
20:42:24.0167 1236  s3cap - ok
20:42:24.0177 1236  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
20:42:24.0206 1236  SamSs - ok
20:42:24.0217 1236  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:42:24.0229 1236  sbp2port - ok
20:42:24.0243 1236  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:42:24.0276 1236  SCardSvr - ok
20:42:24.0291 1236  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:42:24.0326 1236  scfilter - ok
20:42:24.0352 1236  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:42:24.0406 1236  Schedule - ok
20:42:24.0424 1236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:42:24.0448 1236  SCPolicySvc - ok
20:42:24.0463 1236  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:42:24.0499 1236  SDRSVC - ok
20:42:24.0539 1236  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:42:24.0613 1236  secdrv - ok
20:42:24.0624 1236  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:42:24.0656 1236  seclogon - ok
20:42:24.0672 1236  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:42:24.0700 1236  SENS - ok
20:42:24.0703 1236  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:42:24.0733 1236  SensrSvc - ok
20:42:24.0750 1236  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
20:42:24.0765 1236  Serenum - ok
20:42:24.0774 1236  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:42:24.0796 1236  Serial - ok
20:42:24.0805 1236  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:42:24.0820 1236  sermouse - ok
20:42:24.0835 1236  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:42:24.0874 1236  SessionEnv - ok
20:42:24.0885 1236  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
20:42:24.0895 1236  sffdisk - ok
20:42:24.0907 1236  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:42:24.0918 1236  sffp_mmc - ok
20:42:24.0922 1236  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
20:42:24.0937 1236  sffp_sd - ok
20:42:24.0947 1236  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
20:42:24.0967 1236  sfloppy - ok
20:42:24.0986 1236  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:42:25.0028 1236  SharedAccess - ok
20:42:25.0059 1236  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:42:25.0100 1236  ShellHWDetection - ok
20:42:25.0127 1236  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:42:25.0136 1236  SiSRaid2 - ok
20:42:25.0152 1236  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:42:25.0162 1236  SiSRaid4 - ok
20:42:25.0178 1236  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
20:42:25.0213 1236  Smb - ok
20:42:25.0235 1236  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:42:25.0258 1236  SNMPTRAP - ok
20:42:25.0269 1236  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
20:42:25.0277 1236  spldr - ok
20:42:25.0310 1236  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
20:42:25.0333 1236  Spooler - ok
20:42:25.0410 1236  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:42:25.0475 1236  sppsvc - ok
20:42:25.0488 1236  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
20:42:25.0515 1236  sppuinotify - ok
20:42:25.0540 1236  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
20:42:25.0574 1236  srv - ok
20:42:25.0589 1236  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:42:25.0616 1236  srv2 - ok
20:42:25.0631 1236  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:42:25.0641 1236  srvnet - ok
20:42:25.0681 1236  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
20:42:25.0740 1236  SSDPSRV - ok
20:42:25.0753 1236  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
20:42:25.0780 1236  SstpSvc - ok
20:42:25.0802 1236  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus        C:\Windows\system32\DRIVERS\ss_bbus.sys
20:42:25.0811 1236  ss_bbus - ok
20:42:25.0831 1236  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:42:25.0838 1236  ss_bmdfl - ok
20:42:25.0866 1236  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm        C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:42:25.0875 1236  ss_bmdm - ok
20:42:25.0907 1236  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:42:25.0920 1236  Stereo Service - ok
20:42:25.0933 1236  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:42:25.0942 1236  stexstor - ok
20:42:25.0968 1236  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:42:25.0985 1236  stisvc - ok
20:42:26.0005 1236  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
20:42:26.0013 1236  storflt - ok
20:42:26.0031 1236  [ C40841817EF57D491F22EB103DA587CC ] StorSvc        C:\Windows\system32\storsvc.dll
20:42:26.0058 1236  StorSvc - ok
20:42:26.0067 1236  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
20:42:26.0076 1236  storvsc - ok
20:42:26.0084 1236  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:42:26.0092 1236  swenum - ok
20:42:26.0108 1236  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
20:42:26.0149 1236  swprv - ok
20:42:26.0180 1236  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
20:42:26.0216 1236  SysMain - ok
20:42:26.0232 1236  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:42:26.0247 1236  TabletInputService - ok
20:42:26.0252 1236  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
20:42:26.0282 1236  TapiSrv - ok
20:42:26.0288 1236  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
20:42:26.0322 1236  TBS - ok
20:42:26.0367 1236  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
20:42:26.0415 1236  Tcpip - ok
20:42:26.0456 1236  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:42:26.0485 1236  TCPIP6 - ok
20:42:26.0508 1236  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:42:26.0517 1236  tcpipreg - ok
20:42:26.0543 1236  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:42:26.0562 1236  TDPIPE - ok
20:42:26.0582 1236  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
20:42:26.0590 1236  TDTCP - ok
20:42:26.0614 1236  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
20:42:26.0644 1236  tdx - ok
20:42:26.0760 1236  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
20:42:26.0811 1236  TeamViewer8 - ok
20:42:26.0820 1236  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:42:26.0829 1236  TermDD - ok
20:42:26.0866 1236  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
20:42:26.0909 1236  TermService - ok
20:42:26.0921 1236  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:42:26.0934 1236  Themes - ok
20:42:26.0952 1236  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
20:42:26.0978 1236  THREADORDER - ok
20:42:26.0994 1236  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:42:27.0034 1236  TrkWks - ok
20:42:27.0090 1236  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:42:27.0140 1236  TrustedInstaller - ok
20:42:27.0163 1236  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:42:27.0225 1236  tssecsrv - ok
20:42:27.0249 1236  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:42:27.0266 1236  TsUsbFlt - ok
20:42:27.0276 1236  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
20:42:27.0286 1236  TsUsbGD - ok
20:42:27.0314 1236  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:42:27.0351 1236  tunnel - ok
20:42:27.0360 1236  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:42:27.0370 1236  uagp35 - ok
20:42:27.0386 1236  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:42:27.0430 1236  udfs - ok
20:42:27.0456 1236  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
20:42:27.0491 1236  UI0Detect - ok
20:42:27.0505 1236  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:42:27.0521 1236  uliagpkx - ok
20:42:27.0540 1236  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
20:42:27.0567 1236  umbus - ok
20:42:27.0571 1236  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:42:27.0592 1236  UmPass - ok
20:42:27.0622 1236  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:42:27.0634 1236  UmRdpService - ok
20:42:27.0656 1236  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:42:27.0695 1236  upnphost - ok
20:42:27.0711 1236  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
20:42:27.0734 1236  usbccgp - ok
20:42:27.0758 1236  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:42:27.0770 1236  usbcir - ok
20:42:27.0781 1236  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
20:42:27.0796 1236  usbehci - ok
20:42:27.0821 1236  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:42:27.0850 1236  usbhub - ok
20:42:27.0861 1236  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
20:42:27.0881 1236  usbohci - ok
20:42:27.0897 1236  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:42:27.0922 1236  usbprint - ok
20:42:27.0944 1236  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
20:42:27.0955 1236  usbscan - ok
20:42:27.0969 1236  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:42:28.0006 1236  USBSTOR - ok
20:42:28.0027 1236  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
20:42:28.0048 1236  usbuhci - ok
20:42:28.0065 1236  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
20:42:28.0116 1236  UxSms - ok
20:42:28.0127 1236  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:42:28.0135 1236  VaultSvc - ok
20:42:28.0148 1236  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:42:28.0156 1236  vdrvroot - ok
20:42:28.0172 1236  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
20:42:28.0217 1236  vds - ok
20:42:28.0227 1236  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
20:42:28.0237 1236  vga - ok
20:42:28.0253 1236  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
20:42:28.0287 1236  VgaSave - ok
20:42:28.0296 1236  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
20:42:28.0307 1236  vhdmp - ok
20:42:28.0319 1236  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:42:28.0327 1236  viaide - ok
20:42:28.0347 1236  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\Windows\system32\drivers\vmbus.sys
20:42:28.0358 1236  vmbus - ok
20:42:28.0371 1236  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:42:28.0385 1236  VMBusHID - ok
20:42:28.0395 1236  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:42:28.0404 1236  volmgr - ok
20:42:28.0417 1236  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
20:42:28.0430 1236  volmgrx - ok
20:42:28.0443 1236  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
20:42:28.0455 1236  volsnap - ok
20:42:28.0479 1236  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
20:42:28.0489 1236  vsmraid - ok
20:42:28.0537 1236  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
20:42:28.0610 1236  VSS - ok
20:42:28.0625 1236  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:42:28.0650 1236  vwifibus - ok
20:42:28.0657 1236  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
20:42:28.0688 1236  W32Time - ok
20:42:28.0715 1236  [ FDA15A0510F84FA46452B74529147A15 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
20:42:28.0723 1236  WacHidRouter - ok
20:42:28.0736 1236  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:42:28.0752 1236  WacomPen - ok
20:42:28.0762 1236  [ EABFDBDC9BEDD325F260A3A9FEE5B3F9 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
20:42:28.0769 1236  wacomrouterfilter - ok
20:42:28.0795 1236  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:42:28.0875 1236  WANARP - ok
20:42:28.0879 1236  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:42:28.0907 1236  Wanarpv6 - ok
20:42:28.0931 1236  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:42:28.0978 1236  wbengine - ok
20:42:28.0991 1236  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:42:29.0007 1236  WbioSrvc - ok
20:42:29.0013 1236  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
20:42:29.0042 1236  wcncsvc - ok
20:42:29.0056 1236  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:42:29.0082 1236  WcsPlugInService - ok
20:42:29.0099 1236  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:42:29.0108 1236  Wd - ok
20:42:29.0132 1236  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:42:29.0154 1236  Wdf01000 - ok
20:42:29.0163 1236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:42:29.0222 1236  WdiServiceHost - ok
20:42:29.0225 1236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
20:42:29.0238 1236  WdiSystemHost - ok
20:42:29.0254 1236  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
20:42:29.0283 1236  WebClient - ok
20:42:29.0294 1236  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:42:29.0331 1236  Wecsvc - ok
20:42:29.0341 1236  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
20:42:29.0368 1236  wercplsupport - ok
20:42:29.0380 1236  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:42:29.0407 1236  WerSvc - ok
20:42:29.0440 1236  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:42:29.0465 1236  WfpLwf - ok
20:42:29.0478 1236  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:42:29.0487 1236  WIMMount - ok
20:42:29.0504 1236  WinDefend - ok
20:42:29.0517 1236  WinHttpAutoProxySvc - ok
20:42:29.0552 1236  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
20:42:29.0580 1236  Winmgmt - ok
20:42:29.0654 1236  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
20:42:29.0701 1236  WinRing0_1_2_0 - ok
20:42:29.0759 1236  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
20:42:29.0833 1236  WinRM - ok
20:42:29.0873 1236  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:42:29.0907 1236  WinUsb - ok
20:42:29.0940 1236  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
20:42:29.0993 1236  Wlansvc - ok
20:42:30.0138 1236  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:42:30.0183 1236  wlidsvc - ok
20:42:30.0206 1236  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
20:42:30.0229 1236  WmiAcpi - ok
20:42:30.0256 1236  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:42:30.0298 1236  wmiApSrv - ok
20:42:30.0302 1236  WMPNetworkSvc - ok
20:42:30.0324 1236  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:42:30.0345 1236  WPCSvc - ok
20:42:30.0360 1236  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:42:30.0378 1236  WPDBusEnum - ok
20:42:30.0389 1236  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
20:42:30.0415 1236  ws2ifsl - ok
20:42:30.0423 1236  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:42:30.0446 1236  wscsvc - ok
20:42:30.0449 1236  WSearch - ok
20:42:30.0495 1236  [ FF3F745A22B0C9C2EF1600762E8858A1 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
20:42:30.0584 1236  WTabletServiceCon - ok
20:42:30.0658 1236  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:42:30.0700 1236  wuauserv - ok
20:42:30.0717 1236  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:42:30.0749 1236  WudfPf - ok
20:42:30.0782 1236  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:30.0826 1236  WUDFRd - ok
20:42:30.0852 1236  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
20:42:30.0884 1236  wudfsvc - ok
20:42:30.0904 1236  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
20:42:30.0929 1236  WwanSvc - ok
20:42:30.0958 1236  ================ Scan global ===============================
20:42:30.0976 1236  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:42:30.0998 1236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:42:31.0008 1236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:42:31.0036 1236  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:42:31.0065 1236  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:42:31.0069 1236  [Global] - ok
20:42:31.0070 1236  ================ Scan MBR ==================================
20:42:31.0079 1236  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:42:31.0416 1236  \Device\Harddisk0\DR0 - ok
20:42:31.0417 1236  ================ Scan VBR ==================================
20:42:31.0422 1236  [ 889CA786A6916A2AF10C1CB8479933C4 ] \Device\Harddisk0\DR0\Partition1
20:42:31.0425 1236  \Device\Harddisk0\DR0\Partition1 - ok
20:42:31.0431 1236  [ 7147AA7C54E62EC6DC586F5FCA759D2C ] \Device\Harddisk0\DR0\Partition2
20:42:31.0434 1236  \Device\Harddisk0\DR0\Partition2 - ok
20:42:31.0435 1236  ============================================================
20:42:31.0435 1236  Scan finished
20:42:31.0435 1236  ============================================================
20:42:31.0447 8232  Detected object count: 1
20:42:31.0447 8232  Actual detected object count: 1
20:42:55.0449 8232  DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:55.0449 8232  DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip

smeenk 02.05.2013 19:53
Zitat:
Zitat von bohm (Beitrag 1055463)
Mach mir keine Angst!
Keine Angst, es sieht OK aus :daumenhoc

Wir machen weiter:

Schritt 1

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Der Scan kann sehr lange (einige Stunden) dauern! :kaffee:

bohm 03.05.2013 10:01
so, nach 3,5 Stunden fertig! :stirn:

Code:
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5IRKCY2\firstload_com[1].htm        HTML/ScrInject.B.Gen virus
C:\Users\Alex\Downloads\amazinglan_RVCfQOst.apk        a variant of Android/Adware.AirPush.G application
C:\Users\Alex\Downloads\vlc-2.0.5-win64.exe        Win32/StartPage.OPH trojan

smeenk 03.05.2013 13:28
Wir räumen jetzt die Funde auf:
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5IRKCY2;fs
    C:\Users\Alex\Downloads\amazinglan_RVCfQOst.apk;f
    C:\Users\Alex\Downloads\vlc-2.0.5-win64.exe;f
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen.
  • Poste mir das Log File zoek-results.log


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

bohm 03.05.2013 15:09
zoek:

Code:
Zoek.exe Version 4.0.0.2 Updated 30-04-2013
Tool run by Alex on 03/05/2013 at 16:04:20,39.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Possible Rootkit Infection ======================

C:\Windows\system32\services.exe Possible Infected!

==== Deleting Files \ Folders ======================


==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} deleted successfully

==== Deleting CLSID Registry Values ======================
SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.62 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Emsisoft Anti-Malware         
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Disk Cleaner   
 Adobe Flash Player 11.6.602.180 
 Adobe Reader XI 
 Mozilla Thunderbird (17.0.5)
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Emsisoft Anti-Malware a2service.exe 
 Emsisoft Anti-Malware a2guard.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

smeenk 03.05.2013 15:45
Alle Probleme jetzt gelöst? :)

bohm 03.05.2013 15:55
wenn du das so siehst!? qco6 hat sich auf jeden fall nicht nochmal gemeldet und auch sonst kam nüx!! Ich danke dir auf jeden Fall!!!! :daumenhoc

smeenk 03.05.2013 16:13
Meine meinung nach waren wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.


Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  2. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  3. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Grüße
Smeenk


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131