Wie entferne ich Mystart / "Incredibar" Toolbar?

Jasmy · 12.07.2012, 13:08

Hallo!
Auch ich habe mir die Incredibar-Toolbar von softonic eingefangen werde sie nicht mehr los.
Ich habe sie in Firefox deaktiviert und via Systemsteuerung deinstalliert, aber alle Browser öffnen nach wie vor die Mystart-Seite. Ich weiß nun nicht mehr weiter und bin auch nicht sehr fit, was Computer betrifft.
Zuerst hatte ich den CCleaner runtergeladen und ausgefführt, hat nichts gefunden.
Habe mir dann Defogger runtergeladen und ausgeführt, hat aber scheinbar auch nicht funktioniert:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:42 on 12/07/2012 (Jasmin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL habe ich trotzdem laufen lassen (angehängte Dateien) und mit Malwarebytes einen Quickscan durchgeführt, wurde aber nichts gefunden:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

Schutz: Aktiviert

12.07.2012 13:37:28
mbam-log-2012-07-12 (13-37-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212754
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und:

2012/07/12 13:36:42 +0200 JASMIN-PC Jasmin MESSAGE Starting protection
2012/07/12 13:36:47 +0200 JASMIN-PC Jasmin MESSAGE Protection started successfully
2012/07/12 13:36:50 +0200 JASMIN-PC Jasmin MESSAGE Starting IP protection
2012/07/12 13:36:54 +0200 JASMIN-PC Jasmin MESSAGE IP Protection started successfully
2012/07/12 13:37:03 +0200 JASMIN-PC Jasmin MESSAGE Starting database refresh
2012/07/12 13:37:03 +0200 JASMIN-PC Jasmin MESSAGE Stopping IP protection
2012/07/12 13:39:08 +0200 JASMIN-PC Jasmin MESSAGE IP Protection stopped
2012/07/12 13:39:13 +0200 JASMIN-PC Jasmin MESSAGE Database refreshed successfully
2012/07/12 13:39:13 +0200 JASMIN-PC Jasmin MESSAGE Starting IP protection
2012/07/12 13:39:17 +0200 JASMIN-PC Jasmin MESSAGE IP Protection started successfully

Stört Avira da vielleicht? Ich hoffe, das sind die richtigen Logfiles.
Vielen Dank & Grüße,
Jasmin

cosinus · 14.07.2012, 16:32

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Jasmy · 15.07.2012, 19:15

Hallo Arne!
Hier die Log Dateien vom Scan mit malwarebytes, ich hoffe, das ist jetzt alles richtig so.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: JASMIN-PC [Administrator]

Schutz: Aktiviert

15.07.2012 13:23:04
mbam-log-2012-07-15 (13-23-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 570235
Laufzeit: 3 Stunde(n), 6 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jasmin\Downloads\Programme\SoftonicDownloader_fuer_serial-cloner.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und das Ergebnis von ESET

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=330248fca0ffed4693e348a80cf07328
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-15 05:53:54
# local_time=2012-07-15 07:53:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2355750 2355750 0 0
# compatibility_mode=5893 16776574 100 94 1785355 93993782 0 0
# compatibility_mode=8192 67108863 100 0 232 232 0 0
# scanned=366551
# found=0
# cleaned=0
# scan_time=10902

Vielen Dank & Grüße,
Jasmin

cosinus · 15.07.2012, 20:27

Code:

ATTFilter

C:\Users\Jasmin\Downloads\Programme\SoftonicDownloader_fuer_serial-cloner.exe

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Jasmy · 15.07.2012, 20:54

Ja, das mit softonic kommt nie wieder vor - hinterher ist man schlauer

Log vom AdwCleaner

Code:

ATTFilter

# AdwCleaner v1.702 - Logfile created 07/15/2012 at 21:49:57
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jasmin - JASMIN-PC
# Running from : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&loc=FF_NT");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341934695621");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "BDB59E1DED939494B2883B9F89F4E8D1");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "204c3cc0000000000000685d430a0fd8");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15526");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15526");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQCzxVE0g");
Found : user_pref("extensions.incredibar.upn2n", "92543179596892696");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "204c3cc0000000000000685d430a0fd8");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15526");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQCzxVE0g");
Found : user_pref("extensions.incredibar_i.upn2n", "92543179596892696");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:12");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCzxVE0g&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Found :          "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
Found :       "name": "MyStart Search",
Found :       "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQCzxVE0[...]
Found :    "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Found :       "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]

*************************

AdwCleaner[R1].txt - [10015 octets] - [15/07/2012 21:49:57]

########## EOF - C:\AdwCleaner[R1].txt - [10144 octets] ##########

Liebe Grüße,
Jasmin

cosinus · 16.07.2012, 10:23

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Jasmy · 16.07.2012, 15:38

Hallo Arne,
hier die Datei

Code:

ATTFilter

# AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:32:18
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jasmin - JASMIN-PC
# Running from : C:\Users\Jasmin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Program Files\Web Assistant

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\prefs.js

C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\k97kkewp.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&loc=FF_NT");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341934695621");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "BDB59E1DED939494B2883B9F89F4E8D1");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "204c3cc0000000000000685d430a0fd8");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15526");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15526");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQCzxVE0g");
Deleted : user_pref("extensions.incredibar.upn2n", "92543179596892696");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "204c3cc0000000000000685d430a0fd8");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15526");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCzxVE0g&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQCzxVE0g");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543179596892696");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:12");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCzxVE0g&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Deleted :          "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]
Deleted :       "name": "MyStart Search",
Deleted :       "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQCzxVE0[...]
Deleted :    "homepage": "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26",
Deleted :       "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6PQCzxVE0g&i=26" ]

*************************

AdwCleaner[R1].txt - [10106 octets] - [15/07/2012 21:49:57]
AdwCleaner[S1].txt - [9285 octets] - [16/07/2012 16:32:18]

########## EOF - C:\AdwCleaner[S1].txt - [9413 octets] ##########

Liebe Grüße,
Jasmin

cosinus · 16.07.2012, 16:41

Hätte da mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?

Jasmy · 16.07.2012, 16:46

Hallo Arne!
1.) Ja
2.) alles da
3.) Firefox und IE sind sauber, Chrome öffnet in neuen Tabs immer noch die Incredibar

Liebe Grüße,
Jasmin

cosinus · 16.07.2012, 16:57

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Jasmy · 16.07.2012, 22:27

Hallo Arne,
hier die neue OTL-Datei

Code:

ATTFilter

OTL logfile created on: 16.07.2012 22:51:17 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Jasmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,73% Memory free
7,79 Gb Paging File | 2,40 Gb Available in Paging File | 30,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 382,98 Gb Free Space | 59,14% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 17,58 Gb Free Space | 35,16% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.16 22:49:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.27 23:24:08 | 007,535,616 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files (x86)\PHotkey\GPMTray.exe
PRC - [2012.03.27 23:19:34 | 000,826,880 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2012.03.15 12:48:22 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.15 12:48:20 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.15 12:48:06 | 000,162,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.27 13:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.24 23:13:16 | 003,458,560 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe
PRC - [2012.02.22 04:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.02.22 04:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.02.22 04:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.02.22 04:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.02.02 08:55:04 | 000,255,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.14 00:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
PRC - [2011.04.14 00:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
PRC - [2011.03.30 23:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.13 02:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
PRC - [2009.12.19 00:38:18 | 000,345,608 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.29 16:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel(R)
SRV:64bit: - [2012.03.29 16:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012.03.29 16:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2012.03.29 16:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2012.02.03 07:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) Capability Licensing Service Interface) Intel(R)
SRV:64bit: - [2012.01.18 01:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2012.01.09 21:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.19 18:43:22 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.12 18:10:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.31 00:43:34 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012.03.15 12:48:22 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2012.03.15 12:48:20 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2012.03.15 12:48:06 | 000,162,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2012.02.22 04:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.02.22 04:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.02.22 04:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.01.31 11:24:02 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.30 05:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.10.13 23:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.04.14 00:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service)
SRV - [2011.04.14 00:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.12.19 00:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.27 04:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.12 23:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.29 02:59:50 | 000,034,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.02.29 02:59:50 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012.02.14 21:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.02.10 04:54:50 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.01.09 21:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.01.09 21:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.11.30 20:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.30 20:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.14 05:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 01:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\SearchScopes\{2BA89279-9AC6-4258-A5AC-5C19D94CC8CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 10:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 10:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.06.18 10:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Extensions
[2012.07.10 18:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmin\AppData\Roaming\mozilla\Firefox\Profiles\k97kkewp.default\extensions
[2012.06.18 10:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-45473227-2435620588-2586209462-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B46B66F-8E2A-45C3-A55C-3444AF55136F}: DhcpNameServer = 202.96.209.5 202.96.209.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2F0A73-FF8E-4567-A25A-EA56F828F1F8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 22:49:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.07.16 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Scanner & Cleaner
[2012.07.15 16:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.15 16:47:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 01:18:59 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\WebApp
[2012.07.14 01:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\CyberLink
[2012.07.14 01:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\CyberLink
[2012.07.14 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\OsX_SerialCloner2-1 Folder
[2012.07.12 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2012.07.12 13:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.12 13:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.12 13:34:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.12 13:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.12 13:34:17 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jasmin\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.12 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Google
[2012.07.10 17:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.05 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.07.05 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner
[2012.07.05 21:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serial Cloner
[2012.07.05 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serial Cloner
[2012.07.04 12:07:04 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop\Desktop
[2012.07.04 12:06:01 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop\Downloads
[2012.07.04 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Virologie.Data
[2012.07.04 12:03:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\bewerbungen
[2012.07.04 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\dokumente
[2012.07.04 12:03:34 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\briefe
[2012.07.04 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Word Vorlagen
[2012.07.04 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\Sims
[2012.07.04 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\RKI
[2012.06.24 15:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.24 15:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.06.18 22:59:40 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\EndNote
[2012.06.18 22:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Virologie.Data
[2012.06.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Adobe
[2012.06.18 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.06.18 16:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.06.18 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Winamp
[2012.06.18 16:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.06.18 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Desktop\MA Virologie
[2012.06.18 11:51:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Macromedia
[2012.06.18 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.06.18 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Thunderbird
[2012.06.18 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft Games
[2012.06.18 11:01:30 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\EndNote
[2012.06.18 11:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2012.06.18 11:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2012.06.18 11:00:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012.06.18 11:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012.06.18 10:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X5
[2012.06.18 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012.06.18 10:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.18 10:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.06.18 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.06.18 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.06.18 10:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.18 10:42:39 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft Help
[2012.06.18 10:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.06.18 10:42:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Avira
[2012.06.18 10:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.18 10:29:43 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.18 10:29:43 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.18 10:29:43 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.18 10:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.18 10:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.18 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Mozilla
[2012.06.18 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Mozilla
[2012.06.18 10:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.18 10:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.18 10:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.18 10:21:54 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Adobe
[2012.06.18 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Documents\Youcam
[2012.06.18 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\CyberLink
[2012.06.18 10:19:11 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Google
[2012.06.18 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Power2Go
[2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Searches
[2012.06.18 10:18:19 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.18 10:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Identities
[2012.06.18 10:18:04 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Contacts
[2012.06.18 10:18:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.18 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\VirtualStore
[2012.06.18 10:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Intel
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Vorlagen
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Verlauf
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Temporary Internet Files
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Startmenü
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\SendTo
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Recent
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Netzwerkumgebung
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Lokale Einstellungen
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Videos
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Musik
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Eigene Dateien
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Documents\Eigene Bilder
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Druckumgebung
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Cookies
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\AppData\Local\Anwendungsdaten
[2012.06.18 10:17:48 | 000,000,000 | -HSD | C] -- C:\Users\Jasmin\Anwendungsdaten
[2012.06.18 10:17:47 | 000,000,000 | --SD | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Videos
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Saved Games
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Pictures
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Music
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Links
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Favorites
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Downloads
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Documents
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\Desktop
[2012.06.18 10:17:47 | 000,000,000 | R--D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.18 10:17:47 | 000,000,000 | -H-D | C] -- C:\Users\Jasmin\AppData
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Temp
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\Roaming
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\Microsoft
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Macromedia
[2012.06.18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
[2012.06.18 10:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Rescue Disk 10
[2012.06.18 10:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012.06.18 10:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2012.06.18 10:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2012.06.18 10:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek
[2012.06.18 10:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2012.06.18 10:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT
[2012.06.18 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion_Services
[2012.06.18 10:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Aldi_Foto
[2012.06.18 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012.06.18 10:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
[2012.06.18 10:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-Bit)
[2012.06.18 10:11:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012.06.18 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012.06.18 10:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.06.18 10:11:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5
[2012.06.18 10:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.06.18 10:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012.06.18 10:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012.06.18 10:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.18 10:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.18 10:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.06.18 10:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\watchmi
[2012.06.18 10:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\watchmi
[2012.06.18 10:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal
[2012.06.18 10:07:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.18 10:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012.06.18 10:07:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[1 C:\Users\Jasmin\Desktop\*.tmp files -> C:\Users\Jasmin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 22:49:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.07.16 22:26:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 22:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.16 18:26:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 16:42:09 | 000,017,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:42:09 | 000,017,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 16:40:47 | 000,694,664 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.07.16 16:40:47 | 000,693,688 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.07.16 16:40:47 | 000,691,426 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.07.16 16:40:47 | 000,689,960 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012.07.16 16:40:47 | 000,689,342 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.07.16 16:40:47 | 000,679,576 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.07.16 16:40:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 16:40:47 | 000,632,414 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.07.16 16:40:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 16:40:47 | 000,610,436 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.07.16 16:40:47 | 000,552,004 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.07.16 16:40:47 | 000,148,544 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.07.16 16:40:47 | 000,137,296 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.07.16 16:40:47 | 000,135,074 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012.07.16 16:40:47 | 000,133,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.07.16 16:40:47 | 000,133,174 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.07.16 16:40:47 | 000,130,374 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.07.16 16:40:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 16:40:47 | 000,127,378 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.07.16 16:40:47 | 000,121,760 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.07.16 16:40:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 16:40:47 | 000,089,670 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.07.16 16:40:46 | 008,573,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 16:39:07 | 000,012,652 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\SerialClonerPrefs
[2012.07.16 16:34:06 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 16:34:01 | 3138,514,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 14:13:13 | 000,729,438 | ---- | M] () -- C:\Users\Jasmin\Documents\Virologie.enl
[2012.07.15 21:49:16 | 000,624,883 | ---- | M] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe
[2012.07.15 16:47:29 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jasmin\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 13:46:35 | 000,408,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 13:36:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 13:34:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jasmin\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.12 12:41:47 | 000,050,477 | ---- | M] () -- C:\Users\Jasmin\Desktop\Defogger.exe
[2012.07.11 22:21:49 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.10 18:04:24 | 000,140,690 | ---- | M] () -- C:\Users\Jasmin\Documents\cc_20120710_180410.reg
[2012.07.10 17:50:33 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.05 21:55:12 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.05 21:54:50 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Serial Cloner.lnk
[2012.07.04 12:21:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 19:05:10 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.06.18 19:05:10 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.06.18 16:09:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.18 10:50:42 | 000,002,723 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.18 10:46:27 | 000,002,703 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office Excel 2007.lnk
[2012.06.18 10:46:27 | 000,002,697 | ---- | M] () -- C:\Users\Jasmin\Desktop\Microsoft Office Word 2007.lnk
[2012.06.18 10:46:27 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.06.18 10:23:35 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.17 15:47:37 | 000,213,216 | ---- | M] () -- C:\Users\Jasmin\Desktop\Virologie.enl
[1 C:\Users\Jasmin\Desktop\*.tmp files -> C:\Users\Jasmin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.15 21:49:15 | 000,624,883 | ---- | C] () -- C:\Users\Jasmin\Desktop\adwcleaner.exe
[2012.07.12 13:34:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 12:41:45 | 000,050,477 | ---- | C] () -- C:\Users\Jasmin\Desktop\Defogger.exe
[2012.07.10 18:04:14 | 000,140,690 | ---- | C] () -- C:\Users\Jasmin\Documents\cc_20120710_180410.reg
[2012.07.10 17:50:33 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.05 22:05:48 | 000,012,652 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\SerialClonerPrefs
[2012.07.05 21:55:12 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.05 21:54:50 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Serial Cloner.lnk
[2012.07.04 12:21:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.04 12:03:53 | 000,213,216 | ---- | C] () -- C:\Users\Jasmin\Desktop\Virologie.enl
[2012.06.18 22:26:46 | 000,729,438 | ---- | C] () -- C:\Users\Jasmin\Documents\Virologie.enl
[2012.06.18 18:58:56 | 3138,514,944 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.18 16:09:32 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.18 11:50:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 10:50:42 | 000,002,723 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.18 10:46:27 | 000,002,703 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office Excel 2007.lnk
[2012.06.18 10:46:27 | 000,002,697 | ---- | C] () -- C:\Users\Jasmin\Desktop\Microsoft Office Word 2007.lnk
[2012.06.18 10:46:27 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.06.18 10:46:27 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.06.18 10:23:35 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.18 10:23:35 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.18 10:18:31 | 000,001,409 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.18 10:18:26 | 000,001,443 | ---- | C] () -- C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.18 10:12:02 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONmediathek.lnk
[2012.06.18 10:12:02 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONplay.lnk
[2012.06.18 10:09:55 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2012.06.18 10:09:45 | 000,002,678 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.18 10:09:37 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 10:09:36 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 10:09:22 | 000,002,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
[2012.04.11 09:57:27 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.11 09:57:25 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.11 09:57:23 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.11 09:57:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.04.11 09:57:20 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== LOP Check ==========
 
[2012.06.18 23:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\EndNote
[2012.07.05 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner
[2012.06.18 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.07.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WebApp
[2009.07.14 07:08:49 | 000,022,712 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.18 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Adobe
[2012.06.18 10:35:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Avira
[2012.07.14 01:18:09 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\CyberLink
[2012.06.18 23:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\EndNote
[2012.07.12 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Google
[2012.06.18 10:18:06 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Identities
[2012.06.18 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Intel
[2012.03.14 23:50:39 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Macromedia
[2012.07.12 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Malwarebytes
[2011.04.12 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Media Center Programs
[2012.07.04 15:11:05 | 000,000,000 | --SD | M] -- C:\Users\Jasmin\AppData\Roaming\Microsoft
[2012.06.18 10:23:50 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Mozilla
[2012.07.05 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\SerialCloner
[2012.06.18 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Thunderbird
[2012.07.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\WebApp
[2012.07.16 16:50:53 | 000,000,000 | ---D | M] -- C:\Users\Jasmin\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2012.03.14 23:50:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jasmin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.03.13 08:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.11.30 04:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Liebe Grüße,
Jasmin

cosinus · 17.07.2012, 13:33

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
[2012.07.05 21:55:12 | 000,000,447 | ---- | C] () -- C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Jasmy · 17.07.2012, 13:54

Hallo Arne!
Hier die Datei

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins folder moved successfully.
C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\user.js moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jasmin
->Temp folder emptied: 4876730 bytes
->Temporary Internet Files folder emptied: 7196455 bytes
->FireFox cache emptied: 117533406 bytes
->Google Chrome cache emptied: 7015808 bytes
->Flash cache emptied: 58330 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 465438 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 107260766 bytes
 
Total Files Cleaned = 233,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jasmin
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_144753

Files\Folders moved on Reboot...
C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.17 14:49:50 | 000,000,081 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Liebe Grüße,
Jasmin

cosinus · 18.07.2012, 13:49

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Jasmy · 18.07.2012, 14:07

Hallo Arne,
hier das Log

Code:

ATTFilter

15:02:16.0674 4272	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:02:16.0924 4272	============================================================
15:02:16.0934 4272	Current date / time: 2012/07/18 15:02:16.0924
15:02:16.0934 4272	SystemInfo:
15:02:16.0934 4272	
15:02:16.0934 4272	OS Version: 6.1.7601 ServicePack: 1.0
15:02:16.0934 4272	Product type: Workstation
15:02:16.0934 4272	ComputerName: JASMIN-PC
15:02:16.0934 4272	UserName: Jasmin
15:02:16.0934 4272	Windows directory: C:\Windows
15:02:16.0934 4272	System windows directory: C:\Windows
15:02:16.0934 4272	Running under WOW64
15:02:16.0934 4272	Processor architecture: Intel x64
15:02:16.0934 4272	Number of processors: 4
15:02:16.0934 4272	Page size: 0x1000
15:02:16.0934 4272	Boot type: Normal boot
15:02:16.0934 4272	============================================================
15:02:19.0904 4272	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:19.0904 4272	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:19.0914 4272	============================================================
15:02:19.0914 4272	\Device\Harddisk0\DR0:
15:02:19.0914 4272	MBR partitions:
15:02:19.0914 4272	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:02:19.0914 4272	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x50F13000
15:02:19.0914 4272	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50F45800, BlocksNum 0x6400000
15:02:19.0914 4272	\Device\Harddisk1\DR1:
15:02:19.0914 4272	MBR partitions:
15:02:19.0914 4272	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:02:19.0914 4272	============================================================
15:02:19.0944 4272	C: <-> \Device\Harddisk0\DR0\Partition1
15:02:19.0984 4272	D: <-> \Device\Harddisk0\DR0\Partition2
15:02:20.0024 4272	F: <-> \Device\Harddisk1\DR1\Partition0
15:02:20.0024 4272	============================================================
15:02:20.0024 4272	Initialize success
15:02:20.0024 4272	============================================================
15:03:49.0704 7808	============================================================
15:03:49.0704 7808	Scan started
15:03:49.0704 7808	Mode: Manual; SigCheck; TDLFS; 
15:03:49.0704 7808	============================================================
15:03:51.0174 7808	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:03:51.0334 7808	1394ohci - ok
15:03:51.0414 7808	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:03:51.0454 7808	ACPI - ok
15:03:51.0494 7808	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:03:51.0574 7808	AcpiPmi - ok
15:03:51.0654 7808	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:51.0674 7808	AdobeARMservice - ok
15:03:51.0814 7808	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:51.0844 7808	AdobeFlashPlayerUpdateSvc - ok
15:03:51.0934 7808	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:03:51.0984 7808	adp94xx - ok
15:03:52.0064 7808	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:03:52.0104 7808	adpahci - ok
15:03:52.0134 7808	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:03:52.0164 7808	adpu320 - ok
15:03:52.0194 7808	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:52.0374 7808	AeLookupSvc - ok
15:03:52.0444 7808	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:03:52.0524 7808	AFD - ok
15:03:52.0584 7808	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:03:52.0614 7808	agp440 - ok
15:03:52.0644 7808	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:52.0714 7808	ALG - ok
15:03:52.0754 7808	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:03:52.0784 7808	aliide - ok
15:03:52.0794 7808	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:03:52.0824 7808	amdide - ok
15:03:52.0864 7808	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:03:52.0904 7808	AmdK8 - ok
15:03:52.0924 7808	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:03:52.0964 7808	AmdPPM - ok
15:03:53.0004 7808	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:03:53.0034 7808	amdsata - ok
15:03:53.0084 7808	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:03:53.0124 7808	amdsbs - ok
15:03:53.0124 7808	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:03:53.0154 7808	amdxata - ok
15:03:53.0214 7808	AMPPAL          (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\AMPPAL.sys
15:03:53.0264 7808	AMPPAL - ok
15:03:53.0274 7808	AMPPALP         (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\amppal.sys
15:03:53.0304 7808	AMPPALP - ok
15:03:53.0434 7808	AMPPALR3        (fb70f8c1283c8cc6bfaa6f9971107e68) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:03:53.0494 7808	AMPPALR3 - ok
15:03:53.0684 7808	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:03:53.0724 7808	AntiVirSchedulerService - ok
15:03:53.0774 7808	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:03:53.0804 7808	AntiVirService - ok
15:03:53.0874 7808	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:03:54.0044 7808	AppID - ok
15:03:54.0084 7808	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:54.0194 7808	AppIDSvc - ok
15:03:54.0214 7808	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:03:54.0314 7808	Appinfo - ok
15:03:54.0354 7808	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:03:54.0384 7808	arc - ok
15:03:54.0404 7808	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:03:54.0434 7808	arcsas - ok
15:03:54.0484 7808	ASLDRService    (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
15:03:54.0504 7808	ASLDRService - ok
15:03:54.0544 7808	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:54.0644 7808	AsyncMac - ok
15:03:54.0674 7808	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:03:54.0704 7808	atapi - ok
15:03:54.0794 7808	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:54.0914 7808	AudioEndpointBuilder - ok
15:03:54.0934 7808	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:55.0044 7808	AudioSrv - ok
15:03:55.0094 7808	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:03:55.0114 7808	avgntflt - ok
15:03:55.0164 7808	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:03:55.0194 7808	avipbb - ok
15:03:55.0224 7808	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:03:55.0244 7808	avkmgr - ok
15:03:55.0294 7808	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:03:55.0384 7808	AxInstSV - ok
15:03:55.0474 7808	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:03:55.0544 7808	b06bdrv - ok
15:03:55.0624 7808	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:55.0674 7808	b57nd60a - ok
15:03:55.0724 7808	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:55.0774 7808	BDESVC - ok
15:03:55.0794 7808	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:55.0914 7808	Beep - ok
15:03:56.0004 7808	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:03:56.0134 7808	BFE - ok
15:03:56.0244 7808	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:03:56.0414 7808	BITS - ok
15:03:56.0484 7808	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:03:56.0534 7808	blbdrive - ok
15:03:56.0674 7808	Bluetooth Device Monitor (a52ea1d8c2900055323c93ddb252a3da) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:03:56.0744 7808	Bluetooth Device Monitor - ok
15:03:56.0854 7808	Bluetooth Media Service (091210450ca7ced08f360d9d7fec5d11) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:03:56.0934 7808	Bluetooth Media Service - ok
15:03:57.0054 7808	Bluetooth OBEX Service (392450754e17ff778cbc5b9d20583ad1) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:03:57.0124 7808	Bluetooth OBEX Service - ok
15:03:57.0274 7808	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:03:57.0314 7808	bowser - ok
15:03:57.0354 7808	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:03:57.0404 7808	BrFiltLo - ok
15:03:57.0424 7808	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:03:57.0474 7808	BrFiltUp - ok
15:03:57.0504 7808	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:03:57.0614 7808	Browser - ok
15:03:57.0674 7808	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:57.0734 7808	Brserid - ok
15:03:57.0764 7808	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:57.0804 7808	BrSerWdm - ok
15:03:57.0824 7808	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:57.0874 7808	BrUsbMdm - ok
15:03:57.0894 7808	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:57.0934 7808	BrUsbSer - ok
15:03:57.0974 7808	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:03:58.0084 7808	BthEnum - ok
15:03:58.0134 7808	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:03:58.0184 7808	BTHMODEM - ok
15:03:58.0224 7808	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:03:58.0284 7808	BthPan - ok
15:03:58.0364 7808	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:03:58.0414 7808	BTHPORT - ok
15:03:58.0464 7808	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:58.0554 7808	bthserv - ok
15:03:58.0634 7808	BTHSSecurityMgr (fa2d081709a764f6bee16b7ffe03e36c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:03:58.0654 7808	BTHSSecurityMgr - ok
15:03:58.0684 7808	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:03:58.0734 7808	BTHUSB - ok
15:03:58.0784 7808	btmaux          (988cc6cc49303665d3b2435c51505c3f) C:\Windows\system32\DRIVERS\btmaux.sys
15:03:58.0884 7808	btmaux - ok
15:03:58.0964 7808	btmhsf          (2b4b508afac2a563931af1fe875a5b16) C:\Windows\system32\DRIVERS\btmhsf.sys
15:03:59.0034 7808	btmhsf - ok
15:03:59.0074 7808	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:59.0184 7808	cdfs - ok
15:03:59.0244 7808	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:59.0274 7808	cdrom - ok
15:03:59.0334 7808	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:59.0444 7808	CertPropSvc - ok
15:03:59.0504 7808	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:03:59.0544 7808	circlass - ok
15:03:59.0604 7808	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:59.0644 7808	CLFS - ok
15:03:59.0694 7808	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:59.0724 7808	clr_optimization_v2.0.50727_32 - ok
15:03:59.0804 7808	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:59.0824 7808	clr_optimization_v2.0.50727_64 - ok
15:03:59.0894 7808	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:59.0924 7808	clr_optimization_v4.0.30319_32 - ok
15:03:59.0954 7808	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:59.0984 7808	clr_optimization_v4.0.30319_64 - ok
15:04:00.0024 7808	clwvd           (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
15:04:00.0044 7808	clwvd - ok
15:04:00.0074 7808	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:04:00.0114 7808	CmBatt - ok
15:04:00.0144 7808	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:04:00.0174 7808	cmdide - ok
15:04:00.0254 7808	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:04:00.0334 7808	CNG - ok
15:04:00.0374 7808	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:04:00.0404 7808	Compbatt - ok
15:04:00.0444 7808	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:04:00.0504 7808	CompositeBus - ok
15:04:00.0514 7808	COMSysApp - ok
15:04:00.0634 7808	cphs            (236172c3a418b9a0f26b416a72f5a556) C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:04:00.0674 7808	cphs - ok
15:04:00.0704 7808	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:04:00.0734 7808	crcdisk - ok
15:04:00.0804 7808	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:04:00.0864 7808	CryptSvc - ok
15:04:00.0944 7808	CyberLink PowerDVD 10 MS Monitor Service (7f5cd87ca5bdb4d83f992d8c77201483) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
15:04:00.0964 7808	CyberLink PowerDVD 10 MS Monitor Service - ok
15:04:01.0024 7808	CyberLink PowerDVD 10 MS Service (9faf58e876a3b1db3030a0a5805f2d86) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
15:04:01.0054 7808	CyberLink PowerDVD 10 MS Service - ok
15:04:01.0144 7808	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:04:01.0274 7808	DcomLaunch - ok
15:04:01.0324 7808	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:04:01.0434 7808	defragsvc - ok
15:04:01.0494 7808	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:04:01.0584 7808	DfsC - ok
15:04:01.0654 7808	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:04:01.0774 7808	Dhcp - ok
15:04:01.0794 7808	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:04:01.0904 7808	discache - ok
15:04:01.0954 7808	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:04:01.0984 7808	Disk - ok
15:04:02.0014 7808	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:04:02.0074 7808	Dnscache - ok
15:04:02.0124 7808	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:04:02.0234 7808	dot3svc - ok
15:04:02.0254 7808	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:04:02.0354 7808	DPS - ok
15:04:02.0394 7808	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:04:02.0434 7808	drmkaud - ok
15:04:02.0534 7808	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:04:02.0604 7808	DXGKrnl - ok
15:04:02.0654 7808	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:04:02.0764 7808	EapHost - ok
15:04:03.0004 7808	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:04:03.0174 7808	ebdrv - ok
15:04:03.0274 7808	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:04:03.0334 7808	EFS - ok
15:04:03.0424 7808	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:04:03.0514 7808	ehRecvr - ok
15:04:03.0534 7808	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:04:03.0614 7808	ehSched - ok
15:04:03.0804 7808	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:04:03.0854 7808	elxstor - ok
15:04:03.0884 7808	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:04:03.0904 7808	ErrDev - ok
15:04:03.0974 7808	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:04:04.0094 7808	EventSystem - ok
15:04:04.0244 7808	EvtEng          (52ae29a233832e0c704fd7fc534af9fb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:04:04.0294 7808	EvtEng - ok
15:04:04.0344 7808	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:04:04.0444 7808	exfat - ok
15:04:04.0484 7808	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:04:04.0594 7808	fastfat - ok
15:04:04.0684 7808	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:04:04.0784 7808	Fax - ok
15:04:04.0814 7808	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:04:04.0864 7808	fdc - ok
15:04:04.0904 7808	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:04:05.0004 7808	fdPHost - ok
15:04:05.0024 7808	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:04:05.0124 7808	FDResPub - ok
15:04:05.0164 7808	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:04:05.0194 7808	FileInfo - ok
15:04:05.0204 7808	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:04:05.0294 7808	Filetrace - ok
15:04:05.0324 7808	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:04:05.0364 7808	flpydisk - ok
15:04:05.0384 7808	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:04:05.0424 7808	FltMgr - ok
15:04:05.0534 7808	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:04:05.0624 7808	FontCache - ok
15:04:05.0694 7808	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:05.0714 7808	FontCache3.0.0.0 - ok
15:04:05.0774 7808	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:04:05.0804 7808	FsDepends - ok
15:04:05.0824 7808	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:04:05.0854 7808	Fs_Rec - ok
15:04:05.0884 7808	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:04:05.0934 7808	fvevol - ok
15:04:05.0964 7808	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:04:05.0994 7808	gagp30kx - ok
15:04:06.0044 7808	GFNEXSrv        (4e1d0a246e10cfddbf856432418de404) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
15:04:06.0064 7808	GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
15:04:06.0064 7808	GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
15:04:06.0134 7808	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:04:06.0254 7808	gpsvc - ok
15:04:06.0314 7808	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:06.0344 7808	gupdate - ok
15:04:06.0364 7808	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:06.0394 7808	gupdatem - ok
15:04:06.0434 7808	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:04:06.0464 7808	gusvc - ok
15:04:06.0514 7808	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:04:06.0584 7808	hcw85cir - ok
15:04:06.0654 7808	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:04:06.0704 7808	HdAudAddService - ok
15:04:06.0754 7808	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:04:06.0804 7808	HDAudBus - ok
15:04:06.0834 7808	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:04:06.0874 7808	HidBatt - ok
15:04:06.0924 7808	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:04:06.0974 7808	HidBth - ok
15:04:07.0014 7808	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:04:07.0054 7808	HidIr - ok
15:04:07.0074 7808	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:04:07.0174 7808	hidserv - ok
15:04:07.0224 7808	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:04:07.0244 7808	HidUsb - ok
15:04:07.0294 7808	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:04:07.0394 7808	hkmsvc - ok
15:04:07.0424 7808	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:04:07.0504 7808	HomeGroupListener - ok
15:04:07.0544 7808	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:04:07.0604 7808	HomeGroupProvider - ok
15:04:07.0644 7808	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:04:07.0674 7808	HpSAMD - ok
15:04:07.0774 7808	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:04:07.0894 7808	HTTP - ok
15:04:07.0904 7808	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:04:07.0924 7808	hwpolicy - ok
15:04:07.0974 7808	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:04:08.0004 7808	i8042prt - ok
15:04:08.0084 7808	iaStor          (c224331a54571c8c9162f7714400bbbd) C:\Windows\system32\drivers\iaStor.sys
15:04:08.0134 7808	iaStor - ok
15:04:08.0204 7808	IAStorDataMgrSvc (7d4b9a48430ed57aca6373b71d5904ca) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:04:08.0224 7808	IAStorDataMgrSvc - ok
15:04:08.0304 7808	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:04:08.0344 7808	iaStorV - ok
15:04:08.0364 7808	ibtfltcoex      (60cc7ae9aedb4d1e7923bd053b176d97) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:04:08.0404 7808	ibtfltcoex - ok
15:04:08.0594 7808	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:08.0664 7808	idsvc - ok
15:04:09.0624 7808	igfx            (3fb253e8059a1aac3a8b83a31d094cc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:04:10.0284 7808	igfx - ok
15:04:10.0414 7808	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:04:10.0444 7808	iirsp - ok
15:04:10.0524 7808	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:04:10.0654 7808	IKEEXT - ok
15:04:10.0704 7808	intaud_WaveExtensible (a387d6de360c3b2284b23000b212910a) C:\Windows\system32\drivers\intelaud.sys
15:04:10.0724 7808	intaud_WaveExtensible - ok
15:04:11.0084 7808	IntcAzAudAddService (059dddedbe5701dc3b779d32798108ac) C:\Windows\system32\drivers\RTKVHD64.sys
15:04:11.0324 7808	IntcAzAudAddService - ok
15:04:11.0494 7808	IntcDAud        (6c9fffeca9fed31347d211c5d1ffbd2d) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:04:11.0554 7808	IntcDAud - ok
15:04:11.0674 7808	Intel(R) Capability Licensing Service Interface (832ce330dd987227b7dea8c03f22aefa) C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:04:11.0724 7808	Intel(R) Capability Licensing Service Interface - ok
15:04:11.0744 7808	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:04:11.0774 7808	intelide - ok
15:04:11.0824 7808	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:04:11.0854 7808	intelppm - ok
15:04:11.0894 7808	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:04:12.0004 7808	IPBusEnum - ok
15:04:12.0044 7808	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:12.0144 7808	IpFilterDriver - ok
15:04:12.0224 7808	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:04:12.0344 7808	iphlpsvc - ok
15:04:12.0384 7808	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:04:12.0434 7808	IPMIDRV - ok
15:04:12.0474 7808	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:04:12.0574 7808	IPNAT - ok
15:04:12.0594 7808	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:04:12.0654 7808	IRENUM - ok
15:04:12.0694 7808	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:04:12.0714 7808	isapnp - ok
15:04:12.0764 7808	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:04:12.0804 7808	iScsiPrt - ok
15:04:12.0844 7808	iusb3hcs        (846354992ebb373f452eb9182d501b08) C:\Windows\system32\drivers\iusb3hcs.sys
15:04:12.0864 7808	iusb3hcs - ok
15:04:12.0934 7808	iusb3hub        (1d88a23853387d34d52cc8f9ddbfc56c) C:\Windows\system32\drivers\iusb3hub.sys
15:04:12.0964 7808	iusb3hub - ok
15:04:13.0054 7808	iusb3xhc        (fc5efd7c797df19dfb999f0605a7924e) C:\Windows\system32\drivers\iusb3xhc.sys
15:04:13.0104 7808	iusb3xhc - ok
15:04:13.0154 7808	iwdbus          (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
15:04:13.0184 7808	iwdbus - ok
15:04:13.0254 7808	jhi_service     (13e838ea8652f8451f29301d3b56b17b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:04:13.0284 7808	jhi_service - ok
15:04:13.0334 7808	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:04:13.0354 7808	kbdclass - ok
15:04:13.0404 7808	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:04:13.0444 7808	kbdhid - ok
15:04:13.0484 7808	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:13.0514 7808	KeyIso - ok
15:04:13.0594 7808	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:04:13.0634 7808	KSecDD - ok
15:04:13.0674 7808	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:04:13.0714 7808	KSecPkg - ok
15:04:13.0754 7808	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:04:13.0854 7808	ksthunk - ok
15:04:13.0924 7808	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:04:14.0034 7808	KtmRm - ok
15:04:14.0094 7808	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:04:14.0204 7808	LanmanServer - ok
15:04:14.0234 7808	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:04:14.0334 7808	LanmanWorkstation - ok
15:04:14.0394 7808	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:04:14.0484 7808	lltdio - ok
15:04:14.0544 7808	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:04:14.0654 7808	lltdsvc - ok
15:04:14.0684 7808	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:04:14.0774 7808	lmhosts - ok
15:04:14.0874 7808	LMS             (bd9457699ac9c1a0fe43398043617279) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:04:14.0904 7808	LMS - ok
15:04:14.0954 7808	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:04:14.0984 7808	LSI_FC - ok
15:04:15.0014 7808	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:04:15.0044 7808	LSI_SAS - ok
15:04:15.0074 7808	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:04:15.0104 7808	LSI_SAS2 - ok
15:04:15.0154 7808	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:04:15.0184 7808	LSI_SCSI - ok
15:04:15.0234 7808	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:04:15.0334 7808	luafv - ok
15:04:15.0384 7808	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:04:15.0404 7808	MBAMProtector - ok
15:04:15.0604 7808	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:04:15.0664 7808	MBAMService - ok
15:04:15.0694 7808	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:04:15.0744 7808	Mcx2Svc - ok
15:04:15.0774 7808	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:04:15.0804 7808	megasas - ok
15:04:15.0874 7808	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:04:15.0914 7808	MegaSR - ok
15:04:15.0964 7808	MEIx64          (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\drivers\HECIx64.sys
15:04:15.0984 7808	MEIx64 - ok
15:04:16.0024 7808	MemeoBackgroundService (8a43d23ace2e8c95a2d87b6e9599deda) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
15:04:16.0044 7808	MemeoBackgroundService - ok
15:04:16.0074 7808	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:16.0184 7808	MMCSS - ok
15:04:16.0234 7808	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:04:16.0324 7808	Modem - ok
15:04:16.0354 7808	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:04:16.0384 7808	monitor - ok
15:04:16.0434 7808	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:04:16.0464 7808	mouclass - ok
15:04:16.0514 7808	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:04:16.0554 7808	mouhid - ok
15:04:16.0614 7808	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:04:16.0634 7808	mountmgr - ok
15:04:16.0694 7808	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:04:16.0724 7808	MozillaMaintenance - ok
15:04:16.0754 7808	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:04:16.0794 7808	mpio - ok
15:04:16.0834 7808	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:04:16.0934 7808	mpsdrv - ok
15:04:17.0024 7808	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:04:17.0154 7808	MpsSvc - ok
15:04:17.0184 7808	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:04:17.0234 7808	MRxDAV - ok
15:04:17.0264 7808	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:17.0324 7808	mrxsmb - ok
15:04:17.0374 7808	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:17.0414 7808	mrxsmb10 - ok
15:04:17.0434 7808	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:17.0474 7808	mrxsmb20 - ok
15:04:17.0504 7808	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:04:17.0534 7808	msahci - ok
15:04:17.0574 7808	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:04:17.0604 7808	msdsm - ok
15:04:17.0644 7808	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:04:17.0684 7808	MSDTC - ok
15:04:17.0724 7808	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:04:17.0804 7808	Msfs - ok
15:04:17.0844 7808	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:04:17.0944 7808	mshidkmdf - ok
15:04:17.0974 7808	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:04:17.0994 7808	msisadrv - ok
15:04:18.0034 7808	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:04:18.0144 7808	MSiSCSI - ok
15:04:18.0144 7808	msiserver - ok
15:04:18.0184 7808	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:04:18.0294 7808	MSKSSRV - ok
15:04:18.0304 7808	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:18.0404 7808	MSPCLOCK - ok
15:04:18.0434 7808	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:04:18.0524 7808	MSPQM - ok
15:04:18.0584 7808	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:04:18.0624 7808	MsRPC - ok
15:04:18.0654 7808	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:04:18.0684 7808	mssmbios - ok
15:04:18.0704 7808	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:04:18.0824 7808	MSTEE - ok
15:04:18.0854 7808	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:04:18.0894 7808	MTConfig - ok
15:04:18.0914 7808	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:04:18.0944 7808	Mup - ok
15:04:19.0074 7808	MyWiFiDHCPDNS   (4d02a9a4aae43280d8631f232aad79bc) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:04:19.0104 7808	MyWiFiDHCPDNS - ok
15:04:19.0174 7808	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:04:19.0284 7808	napagent - ok
15:04:19.0354 7808	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:04:19.0424 7808	NativeWifiP - ok
15:04:19.0534 7808	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:04:19.0594 7808	NDIS - ok
15:04:19.0644 7808	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:19.0744 7808	NdisCap - ok
15:04:19.0784 7808	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:19.0874 7808	NdisTapi - ok
15:04:19.0894 7808	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:19.0994 7808	Ndisuio - ok
15:04:20.0024 7808	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:20.0134 7808	NdisWan - ok
15:04:20.0154 7808	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:04:20.0254 7808	NDProxy - ok
15:04:20.0294 7808	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:04:20.0394 7808	NetBIOS - ok
15:04:20.0434 7808	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:04:20.0544 7808	NetBT - ok
15:04:20.0584 7808	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:20.0614 7808	Netlogon - ok
15:04:20.0664 7808	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:04:20.0794 7808	Netman - ok
15:04:20.0834 7808	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:04:20.0954 7808	netprofm - ok
15:04:21.0054 7808	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:21.0084 7808	NetTcpPortSharing - ok
15:04:21.0824 7808	NETwNs64        (262225f08b891fd7f16b3b93a3177c1f) C:\Windows\system32\DRIVERS\Netwsw00.sys
15:04:22.0364 7808	NETwNs64 - ok
15:04:22.0514 7808	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:04:22.0544 7808	nfrd960 - ok
15:04:22.0604 7808	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:04:22.0714 7808	NlaSvc - ok
15:04:22.0754 7808	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:04:22.0844 7808	Npfs - ok
15:04:22.0854 7808	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:04:22.0964 7808	nsi - ok
15:04:22.0974 7808	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:04:23.0064 7808	nsiproxy - ok
15:04:23.0214 7808	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:04:23.0314 7808	Ntfs - ok
15:04:23.0414 7808	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:04:23.0514 7808	Null - ok
15:04:23.0684 7808	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:04:23.0724 7808	NVENETFD - ok
15:04:24.0494 7808	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:04:25.0074 7808	nvlddmkm - ok
15:04:25.0244 7808	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:04:25.0274 7808	nvraid - ok
15:04:25.0324 7808	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:04:25.0354 7808	nvstor - ok
15:04:25.0404 7808	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:04:25.0444 7808	nv_agp - ok
15:04:25.0564 7808	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:25.0594 7808	odserv - ok
15:04:25.0644 7808	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:04:25.0684 7808	ohci1394 - ok
15:04:25.0734 7808	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:25.0764 7808	ose - ok
15:04:25.0814 7808	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:25.0874 7808	p2pimsvc - ok
15:04:25.0924 7808	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:04:25.0984 7808	p2psvc - ok
15:04:26.0024 7808	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:04:26.0064 7808	Parport - ok
15:04:26.0094 7808	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:04:26.0124 7808	partmgr - ok
15:04:26.0174 7808	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:04:26.0234 7808	PcaSvc - ok
15:04:26.0274 7808	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:04:26.0304 7808	pci - ok
15:04:26.0324 7808	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:04:26.0354 7808	pciide - ok
15:04:26.0384 7808	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:04:26.0424 7808	pcmcia - ok
15:04:26.0444 7808	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:04:26.0474 7808	pcw - ok
15:04:26.0524 7808	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:04:26.0634 7808	PEAUTH - ok
15:04:26.0684 7808	PEGAGFN         (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys
15:04:26.0704 7808	PEGAGFN - ok
15:04:26.0784 7808	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:04:26.0814 7808	PerfHost - ok
15:04:26.0984 7808	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:04:27.0134 7808	pla - ok
15:04:27.0184 7808	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:04:27.0254 7808	PlugPlay - ok
15:04:27.0284 7808	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:04:27.0314 7808	PNRPAutoReg - ok
15:04:27.0354 7808	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:27.0384 7808	PNRPsvc - ok
15:04:27.0454 7808	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:04:27.0574 7808	PolicyAgent - ok
15:04:27.0634 7808	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:04:27.0754 7808	Power - ok
15:04:27.0856 7808	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:04:27.0966 7808	PptpMiniport - ok
15:04:28.0006 7808	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:04:28.0046 7808	Processor - ok
15:04:28.0096 7808	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:04:28.0156 7808	ProfSvc - ok
15:04:28.0176 7808	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:28.0196 7808	ProtectedStorage - ok
15:04:28.0236 7808	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:04:28.0316 7808	Psched - ok
15:04:28.0396 7808	PSI_SVC_2       (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:04:28.0416 7808	PSI_SVC_2 - ok
15:04:28.0606 7808	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:04:28.0696 7808	ql2300 - ok
15:04:28.0846 7808	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:04:28.0876 7808	ql40xx - ok
15:04:28.0926 7808	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:04:28.0976 7808	QWAVE - ok
15:04:28.0996 7808	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:04:29.0046 7808	QWAVEdrv - ok
15:04:29.0066 7808	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:04:29.0156 7808	RasAcd - ok
15:04:29.0186 7808	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:29.0296 7808	RasAgileVpn - ok
15:04:29.0326 7808	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:04:29.0436 7808	RasAuto - ok
15:04:29.0486 7808	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:29.0586 7808	Rasl2tp - ok
15:04:29.0636 7808	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:04:29.0756 7808	RasMan - ok
15:04:29.0796 7808	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:29.0896 7808	RasPppoe - ok
15:04:29.0926 7808	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:04:30.0036 7808	RasSstp - ok
15:04:30.0066 7808	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:04:30.0166 7808	rdbss - ok
15:04:30.0196 7808	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:04:30.0236 7808	rdpbus - ok
15:04:30.0266 7808	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:30.0366 7808	RDPCDD - ok
15:04:30.0376 7808	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:04:30.0476 7808	RDPENCDD - ok
15:04:30.0496 7808	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:04:30.0606 7808	RDPREFMP - ok
15:04:30.0656 7808	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:04:30.0716 7808	RDPWD - ok
15:04:30.0776 7808	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:04:30.0806 7808	rdyboost - ok
15:04:30.0896 7808	RegSrvc         (c480d028012881e0136962a49379688d) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:04:30.0916 7808	RegSrvc - ok
15:04:30.0946 7808	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:04:31.0056 7808	RemoteAccess - ok
15:04:31.0096 7808	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:04:31.0196 7808	RemoteRegistry - ok
15:04:31.0226 7808	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:04:31.0266 7808	RFCOMM - ok
15:04:31.0366 7808	RichVideo64     (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
15:04:31.0396 7808	RichVideo64 - ok
15:04:31.0426 7808	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:04:31.0526 7808	RpcEptMapper - ok
15:04:31.0556 7808	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:04:31.0596 7808	RpcLocator - ok
15:04:31.0676 7808	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:04:31.0776 7808	RpcSs - ok
15:04:31.0826 7808	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:04:31.0936 7808	rspndr - ok
15:04:31.0996 7808	RSUSBSTOR       (135a64530d7699ad48f29d73a658dd11) C:\Windows\System32\Drivers\RtsUStor.sys
15:04:32.0026 7808	RSUSBSTOR - ok
15:04:32.0116 7808	RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:04:32.0166 7808	RTL8167 - ok
15:04:32.0276 7808	RTL8192su       (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
15:04:32.0326 7808	RTL8192su - ok
15:04:32.0346 7808	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:32.0386 7808	SamSs - ok
15:04:32.0416 7808	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:04:32.0446 7808	sbp2port - ok
15:04:32.0486 7808	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:04:32.0586 7808	SCardSvr - ok
15:04:32.0606 7808	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:04:32.0696 7808	scfilter - ok
15:04:32.0836 7808	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:04:32.0976 7808	Schedule - ok
15:04:33.0016 7808	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:04:33.0096 7808	SCPolicySvc - ok
15:04:33.0136 7808	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:04:33.0206 7808	SDRSVC - ok
15:04:33.0266 7808	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:04:33.0366 7808	secdrv - ok
15:04:33.0386 7808	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:04:33.0486 7808	seclogon - ok
15:04:33.0496 7808	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:04:33.0606 7808	SENS - ok
15:04:33.0616 7808	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:04:33.0676 7808	SensrSvc - ok
15:04:33.0706 7808	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:04:33.0756 7808	Serenum - ok
15:04:33.0796 7808	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:04:33.0846 7808	Serial - ok
15:04:33.0886 7808	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:04:33.0926 7808	sermouse - ok
15:04:33.0976 7808	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:04:34.0076 7808	SessionEnv - ok
15:04:34.0106 7808	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:04:34.0146 7808	sffdisk - ok
15:04:34.0156 7808	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:04:34.0196 7808	sffp_mmc - ok
15:04:34.0206 7808	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:04:34.0246 7808	sffp_sd - ok
15:04:34.0276 7808	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:04:34.0316 7808	sfloppy - ok
15:04:34.0376 7808	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:04:34.0496 7808	SharedAccess - ok
15:04:34.0556 7808	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:04:34.0666 7808	ShellHWDetection - ok
15:04:34.0696 7808	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:04:34.0726 7808	SiSRaid2 - ok
15:04:34.0756 7808	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:04:34.0786 7808	SiSRaid4 - ok
15:04:34.0846 7808	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:04:34.0946 7808	Smb - ok
15:04:34.0996 7808	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:04:35.0036 7808	SNMPTRAP - ok
15:04:35.0076 7808	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:04:35.0096 7808	spldr - ok
15:04:35.0156 7808	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:04:35.0266 7808	Spooler - ok
15:04:35.0516 7808	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:04:35.0736 7808	sppsvc - ok
15:04:35.0926 7808	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:04:36.0016 7808	sppuinotify - ok
15:04:36.0106 7808	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:04:36.0176 7808	srv - ok
15:04:36.0236 7808	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:04:36.0286 7808	srv2 - ok
15:04:36.0316 7808	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:04:36.0366 7808	srvnet - ok
15:04:36.0406 7808	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:04:36.0526 7808	SSDPSRV - ok
15:04:36.0546 7808	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:04:36.0646 7808	SstpSvc - ok
15:04:36.0666 7808	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:04:36.0696 7808	stexstor - ok
15:04:36.0776 7808	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:04:36.0846 7808	stisvc - ok
15:04:36.0886 7808	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:04:36.0906 7808	swenum - ok
15:04:36.0966 7808	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:04:37.0126 7808	swprv - ok
15:04:37.0196 7808	SynTP           (bd4f51aef67ab7d57698bc4aad983d1f) C:\Windows\system32\drivers\SynTP.sys
15:04:37.0256 7808	SynTP - ok
15:04:37.0396 7808	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:04:37.0538 7808	SysMain - ok
15:04:37.0660 7808	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:04:37.0710 7808	TabletInputService - ok
15:04:37.0740 7808	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:04:37.0870 7808	TapiSrv - ok
15:04:37.0890 7808	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:04:37.0980 7808	TBS - ok
15:04:38.0210 7808	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:04:38.0320 7808	Tcpip - ok
15:04:38.0640 7808	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:04:38.0750 7808	TCPIP6 - ok
15:04:38.0880 7808	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:04:38.0980 7808	tcpipreg - ok
15:04:39.0000 7808	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:04:39.0040 7808	TDPIPE - ok
15:04:39.0070 7808	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:04:39.0100 7808	TDTCP - ok
15:04:39.0140 7808	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:04:39.0260 7808	tdx - ok
15:04:39.0290 7808	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:04:39.0320 7808	TermDD - ok
15:04:39.0400 7808	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:04:39.0530 7808	TermService - ok
15:04:39.0550 7808	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:04:39.0610 7808	Themes - ok
15:04:39.0640 7808	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:39.0800 7808	THREADORDER - ok
15:04:39.0833 7808	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:04:39.0956 7808	TrkWks - ok
15:04:40.0016 7808	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:04:40.0136 7808	TrustedInstaller - ok
15:04:40.0176 7808	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:40.0266 7808	tssecsrv - ok
15:04:40.0306 7808	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:04:40.0346 7808	TsUsbFlt - ok
15:04:40.0376 7808	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:04:40.0406 7808	TsUsbGD - ok
15:04:40.0456 7808	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:04:40.0546 7808	tunnel - ok
15:04:40.0576 7808	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:04:40.0606 7808	uagp35 - ok
15:04:40.0656 7808	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:04:40.0766 7808	udfs - ok
15:04:40.0806 7808	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:04:40.0846 7808	UI0Detect - ok
15:04:40.0896 7808	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:04:40.0926 7808	uliagpkx - ok
15:04:40.0966 7808	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:04:40.0996 7808	umbus - ok
15:04:41.0016 7808	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:04:41.0056 7808	UmPass - ok
15:04:41.0166 7808	UNS             (f76057596ef65049869098677ab72c30) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:04:41.0206 7808	UNS - ok
15:04:41.0266 7808	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:04:41.0376 7808	upnphost - ok
15:04:41.0426 7808	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:41.0496 7808	usbccgp - ok
15:04:41.0536 7808	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:04:41.0596 7808	usbcir - ok
15:04:41.0626 7808	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:04:41.0676 7808	usbehci - ok
15:04:41.0746 7808	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
15:04:41.0776 7808	usbhub - ok
15:04:41.0806 7808	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:04:41.0836 7808	usbohci - ok
15:04:41.0876 7808	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:04:41.0906 7808	usbprint - ok
15:04:41.0956 7808	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:04:42.0006 7808	usbscan - ok
15:04:42.0046 7808	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:42.0096 7808	USBSTOR - ok
15:04:42.0136 7808	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:04:42.0176 7808	usbuhci - ok
15:04:42.0226 7808	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:04:42.0266 7808	usbvideo - ok
15:04:42.0286 7808	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:04:42.0386 7808	UxSms - ok
15:04:42.0406 7808	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:04:42.0436 7808	VaultSvc - ok
15:04:42.0466 7808	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:04:42.0496 7808	vdrvroot - ok
15:04:42.0576 7808	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:04:42.0706 7808	vds - ok
15:04:42.0746 7808	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:42.0786 7808	vga - ok
15:04:42.0806 7808	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:04:42.0896 7808	VgaSave - ok
15:04:42.0936 7808	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:04:42.0976 7808	vhdmp - ok
15:04:42.0996 7808	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:04:43.0026 7808	viaide - ok
15:04:43.0056 7808	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:04:43.0086 7808	volmgr - ok
15:04:43.0136 7808	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:04:43.0176 7808	volmgrx - ok
15:04:43.0226 7808	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:04:43.0266 7808	volsnap - ok
15:04:43.0346 7808	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:04:43.0376 7808	vsmraid - ok
15:04:43.0596 7808	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:04:43.0766 7808	VSS - ok
15:04:43.0936 7808	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:04:43.0986 7808	vwifibus - ok
15:04:43.0996 7808	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:44.0046 7808	vwififlt - ok
15:04:44.0086 7808	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:04:44.0126 7808	vwifimp - ok
15:04:44.0206 7808	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:04:44.0306 7808	W32Time - ok
15:04:44.0346 7808	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:04:44.0386 7808	WacomPen - ok
15:04:44.0436 7808	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:44.0546 7808	WANARP - ok
15:04:44.0566 7808	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:44.0676 7808	Wanarpv6 - ok
15:04:44.0746 7808	watchmi         (63d7250ed2c2e3cd9b11139a608d6c39) C:\Program Files (x86)\watchmi\TvdService.exe
15:04:44.0776 7808	watchmi ( UnsignedFile.Multi.Generic ) - warning
15:04:44.0776 7808	watchmi - detected UnsignedFile.Multi.Generic (1)
15:04:44.0906 7808	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:04:45.0043 7808	wbengine - ok
15:04:45.0155 7808	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:04:45.0205 7808	WbioSrvc - ok
15:04:45.0235 7808	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:04:45.0305 7808	wcncsvc - ok
15:04:45.0305 7808	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:04:45.0355 7808	WcsPlugInService - ok
15:04:45.0405 7808	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:04:45.0435 7808	Wd - ok
15:04:45.0510 7808	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:04:45.0555 7808	Wdf01000 - ok
15:04:45.0585 7808	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:45.0675 7808	WdiServiceHost - ok
15:04:45.0685 7808	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:45.0735 7808	WdiSystemHost - ok
15:04:45.0774 7808	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:04:45.0824 7808	WebClient - ok
15:04:45.0864 7808	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:04:45.0944 7808	Wecsvc - ok
15:04:45.0954 7808	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:04:46.0024 7808	wercplsupport - ok
15:04:46.0064 7808	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:04:46.0124 7808	WerSvc - ok
15:04:46.0184 7808	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:46.0274 7808	WfpLwf - ok
15:04:46.0304 7808	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:04:46.0324 7808	WIMMount - ok
15:04:46.0364 7808	WinDefend - ok
15:04:46.0384 7808	WinHttpAutoProxySvc - ok
15:04:46.0444 7808	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:04:46.0554 7808	Winmgmt - ok
15:04:46.0704 7808	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:04:46.0864 7808	WinRM - ok
15:04:47.0014 7808	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:04:47.0054 7808	WinUsb - ok
15:04:47.0124 7808	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:04:47.0214 7808	Wlansvc - ok
15:04:47.0284 7808	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:04:47.0304 7808	wlcrasvc - ok
15:04:47.0484 7808	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:04:47.0604 7808	wlidsvc - ok
15:04:47.0724 7808	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:04:47.0764 7808	WmiAcpi - ok
15:04:47.0834 7808	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:04:47.0884 7808	wmiApSrv - ok
15:04:47.0914 7808	WMPNetworkSvc - ok
15:04:47.0944 7808	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:04:47.0984 7808	WPCSvc - ok
15:04:48.0014 7808	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:04:48.0054 7808	WPDBusEnum - ok
15:04:48.0074 7808	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:04:48.0174 7808	ws2ifsl - ok
15:04:48.0204 7808	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:04:48.0274 7808	wscsvc - ok
15:04:48.0274 7808	WSearch - ok
15:04:48.0334 7808	wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
15:04:48.0354 7808	wsvd - ok
15:04:48.0624 7808	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:04:48.0764 7808	wuauserv - ok
15:04:48.0904 7808	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:04:49.0014 7808	WudfPf - ok
15:04:49.0054 7808	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:49.0154 7808	WUDFRd - ok
15:04:49.0184 7808	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:04:49.0274 7808	wudfsvc - ok
15:04:49.0304 7808	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:04:49.0384 7808	WwanSvc - ok
15:04:49.0674 7808	ZeroConfigService (118c018df1c53b94f8c06d2cabbbda52) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
15:04:49.0844 7808	ZeroConfigService - ok
15:04:49.0914 7808	MBR (0x1B8)     (9fe16ff95180a12a49cd2e9879c991e6) \Device\Harddisk0\DR0
15:04:55.0354 7808	\Device\Harddisk0\DR0 - ok
15:04:57.0494 7808	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:04:57.0614 7808	\Device\Harddisk1\DR1 - ok
15:04:57.0624 7808	Boot (0x1200)   (a20827dc65e27968f5154f84148e33d6) \Device\Harddisk0\DR0\Partition0
15:04:57.0624 7808	\Device\Harddisk0\DR0\Partition0 - ok
15:04:57.0644 7808	Boot (0x1200)   (98754daf62f60b2d0baf682649a90f83) \Device\Harddisk0\DR0\Partition1
15:04:57.0644 7808	\Device\Harddisk0\DR0\Partition1 - ok
15:04:57.0674 7808	Boot (0x1200)   (1f00d2b2a965d9948bbc52103eb4b231) \Device\Harddisk0\DR0\Partition2
15:04:57.0674 7808	\Device\Harddisk0\DR0\Partition2 - ok
15:04:57.0674 7808	Boot (0x1200)   (4fe6dbae3da6ae0dafb3d9f8c238d086) \Device\Harddisk1\DR1\Partition0
15:04:57.0684 7808	\Device\Harddisk1\DR1\Partition0 - ok
15:04:57.0684 7808	============================================================
15:04:57.0684 7808	Scan finished
15:04:57.0684 7808	============================================================
15:04:57.0704 1716	Detected object count: 2
15:04:57.0704 1716	Actual detected object count: 2
15:05:26.0606 1716	GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:26.0606 1716	GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:26.0606 1716	watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:26.0606 1716	watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip

Liebe Grüße,
Jasmin

16.07.2012, 16:41	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wie entferne ich Mystart / "Incredibar" Toolbar? Hätte da mal drei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Toolbar bzw. Weiterleitung nun weg? __________________ Logfiles bitte immer in CODE-Tags posten

Wie entferne ich Mystart / "Incredibar" Toolbar?

Plagegeister aller Art und deren Bekämpfung: Wie entferne ich Mystart / "Incredibar" Toolbar?