Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mystart Incredibar - Ein Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2012, 12:30   #1
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Hallo liebe Community,

in meinem Firefox meldet sich seit neustem bei einer Tab-Öffnung eine Mystart - Seite, und wie mir Doktor Google schon verraten hat, ist das wohl kein einfaches Startseite-löschen-Problem, sondern etwas, dass sich "festgefressen" hat.
Wie es auf den PC kam ist mir nicht bekannt, es ist mir auch nicht bekannt durch welche Downloads es auf PCs kommen kann.

Ich habe die Anleitung zu Verschlüsselungstrojanern durchgelesen und habe einen vollständigen Malware-Scan durchgeführt:

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MaPa :: MAPA-COMPI [Administrator]

Schutz: Aktiviert

04.07.2012 10:58:07
mbam-log-2012-07-04 (10-58-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 556413
Laufzeit: 1 Stunde(n), 7 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Kann es trotzdem ein solcher Verschlüsselungstrojaner sein?

Ich hoffe ihr könnt mir helfen, wenn ihr weitere Infos braucht bitte posten

Grüsse Silenttom

Alt 05.07.2012, 15:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 05.07.2012, 16:57   #3
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



nein ich habe in der Vergangenheit keine Scans durchgeführt.
Kann es daran liegen, das es eine Testversion ist und deshalb nichts findet ?

Gruss
Silenttom
__________________

Alt 05.07.2012, 17:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Zitat:
Kann es daran liegen, das es eine Testversion ist und deshalb nichts findet ?
Nein

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.07.2012, 13:01   #5
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f5c28c6006f7ab4c839ef333757fe9ad
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 10:56:39
# local_time=2012-07-06 12:56:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 80 1617840 92229623 0 0
# compatibility_mode=5893 16776574 100 94 43073491 93196977 0 0
# compatibility_mode=8192 67108863 100 0 83 83 0 0
# scanned=334953
# found=0
# cleaned=0
# scan_time=5073



so dass ist der inhalt der log-datei.


Alt 06.07.2012, 14:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Mystart Incredibar - Ein Virus?

Alt 06.07.2012, 16:41   #7
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/6/2012 4:26:32 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\MaPa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.96 Gb Total Physical Memory | 4.52 Gb Available Physical Memory | 75.89% Memory free
11.92 Gb Paging File | 9.53 Gb Available in Paging File | 79.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.70 Gb Total Space | 773.25 Gb Free Space | 84.26% Space Free | Partition Type: NTFS
Drive D: | 13.72 Gb Total Space | 1.69 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
 
Computer Name: MAPA-COMPI | User Name: MaPa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/06 16:22:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MaPa\Downloads\OTL.exe
PRC - [2012/06/06 09:16:00 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/03/04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/01 06:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 06:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/06/06 09:16:00 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/02/04 07:59:36 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/10/24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2009/10/30 15:27:44 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/06/28 12:39:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 19:37:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 07:18:07 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/23 13:49:52 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011/04/24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/01/23 16:43:56 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/30 15:33:44 | 001,353,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 15:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/10/01 06:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 06:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/05/21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/04/18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 00:25:41 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/09/07 10:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/11 18:21:45 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/21 03:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 05:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/16 03:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/09/16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/19 06:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/06/14 20:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120705.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/05/31 05:14:15 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 05:14:15 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 06:42:33 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120705.018\ex64.sys -- (NAVEX15)
DRV - [2012/05/16 06:42:32 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120705.018\eng64.sys -- (NAVENG)
DRV - [2009/10/14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FC7695D8-015F-40B1-A8E1-78B69E3B36E2}
IE:64bit: - HKLM\..\SearchScopes\{3EC13BF2-9C02-4A93-A6C7-2DE08368ED4F}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{554FD618-E83F-4197-82BF-D0B36163CEAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{FC7695D8-015F-40B1-A8E1-78B69E3B36E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {FC7695D8-015F-40B1-A8E1-78B69E3B36E2}
IE - HKLM\..\SearchScopes\{3EC13BF2-9C02-4A93-A6C7-2DE08368ED4F}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{554FD618-E83F-4197-82BF-D0B36163CEAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{FC7695D8-015F-40B1-A8E1-78B69E3B36E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\..\SearchScopes,DefaultScope = {FC7695D8-015F-40B1-A8E1-78B69E3B36E2}
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\..\SearchScopes\{3EC13BF2-9C02-4A93-A6C7-2DE08368ED4F}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\..\SearchScopes\{554FD618-E83F-4197-82BF-D0B36163CEAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\..\SearchScopes\{FC7695D8-015F-40B1-A8E1-78B69E3B36E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyG1Kd8zU&&i=26&search="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/25 16:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/11 07:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_9_4 [2012/07/06 11:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/25 16:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 19:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 18:32:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 19:37:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 18:32:25 | 000,000,000 | ---D | M]
 
[2011/01/04 20:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaPa\AppData\Roaming\mozilla\Extensions
[2012/07/04 05:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaPa\AppData\Roaming\mozilla\Firefox\Profiles\kl0bo0mk.default\extensions
[2012/05/19 10:55:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\MaPa\AppData\Roaming\mozilla\Firefox\Profiles\kl0bo0mk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/15 17:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/30 18:59:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/06 11:27:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_9_4
[2012/06/17 19:37:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/02 18:37:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/06 17:17:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/06 17:17:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/06 17:17:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/06 17:17:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/06 17:17:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/06 17:17:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\MaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MaPa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MaPa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58276B01-4059-4E90-89E9-49264F340665}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{937DF6A8-BE05-48DD-BABD-BEECB0EE77FF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/04 08:21:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4e566610-326b-11e1-80b9-a7cdc643bb09}\Shell - "" = AutoRun
O33 - MountPoints2\{4e566610-326b-11e1-80b9-a7cdc643bb09}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e566619-326b-11e1-80b9-a7cdc643bb09}\Shell - "" = AutoRun
O33 - MountPoints2\{4e566619-326b-11e1-80b9-a7cdc643bb09}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {646FC2B3-AC1D-DAE0-69F4-58E5D812C03D} - Browser Customizations
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {72268E3D-4F15-9BCE-6D3F-FAA96F5A4BEB} - Themes Setup
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C155CAEC-EA34-3D59-7B2D-A45C5E451927} - DirectX
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {EA17B936-03C5-92CB-7107-4AC2C699A44C} - Themes Setup
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: {FF5DDD14-FD81-AE47-F465-3770868EDF21} - Java (Sun)
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/06 11:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/04 11:00:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MaPa\Desktop\OTL.exe
[2012/07/04 10:52:49 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Roaming\Malwarebytes
[2012/07/04 10:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 10:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/04 10:52:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/04 10:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/02 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Local\NPE
[2012/06/28 15:09:35 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Local\Macromedia
[2012/06/25 16:54:42 | 000,000,000 | R--D | C] -- C:\Users\MaPa\Desktop\Mutti
[2012/06/25 16:37:01 | 000,000,000 | R--D | C] -- C:\Users\MaPa\Documents\HP Photo Creations
[2012/06/25 16:37:01 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Roaming\Visan
[2012/06/25 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/06/25 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/06/25 16:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2012/06/25 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/25 16:14:59 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CK Gruß- und Einladungskarten Designer
[2012/06/25 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CK Software
[2012/06/23 17:53:27 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/23 17:50:22 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Local\Samsung
[2012/06/23 17:50:19 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Roaming\Samsung
[2012/06/23 17:50:18 | 000,000,000 | ---D | C] -- C:\Users\MaPa\Documents\samsung
[2012/06/23 17:49:29 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012/06/23 17:49:28 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012/06/23 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/06/23 17:47:39 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/06/23 17:47:25 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/06/23 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/06/23 17:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/06/23 17:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/06/23 17:41:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/23 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Local\Downloaded Installations
[2012/06/18 22:01:38 | 000,000,000 | ---D | C] -- C:\Users\MaPa\AppData\Local\Chromium
[2012/06/18 22:01:36 | 000,000,000 | ---D | C] -- C:\Users\MaPa\Documents\Rockstar Games
[2012/06/18 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/06/18 18:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012/06/18 18:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/06/09 16:21:31 | 000,000,000 | ---D | C] -- C:\Users\MaPa\Desktop\Musik Kerstin
[2012/06/09 11:36:59 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/06 16:17:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 11:34:39 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 11:34:39 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 11:26:49 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 11:00:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MaPa\Desktop\OTL.exe
[2012/07/04 11:00:16 | 000,050,477 | ---- | M] () -- C:\Users\MaPa\Desktop\Defogger.exe
[2012/07/04 10:52:37 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/02 07:12:19 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/29 10:03:11 | 000,001,110 | ---- | M] () -- C:\Users\MaPa\Documents\cc_20120629_100309.reg
[2012/06/28 23:34:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 20:22:58 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/28 20:22:58 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/06/28 20:22:58 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/28 20:22:58 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/06/28 20:22:58 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/26 09:00:31 | 000,001,564 | ---- | M] () -- C:\Users\MaPa\Documents\cc_20120626_090029.reg
[2012/06/25 16:43:45 | 000,331,632 | ---- | M] () -- C:\Users\MaPa\Desktop\IMG_0002.jpg
[2012/06/25 16:43:18 | 000,350,928 | ---- | M] () -- C:\Users\MaPa\Desktop\IMG_0001.jpg
[2012/06/25 16:42:34 | 000,526,923 | ---- | M] () -- C:\Users\MaPa\Desktop\IMG.jpg
[2012/06/25 16:36:55 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/06/25 16:16:18 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/06/24 07:49:28 | 000,011,636 | ---- | M] () -- C:\Users\MaPa\Documents\cc_20120624_074925.reg
[2012/06/23 17:50:17 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/06/23 17:49:40 | 002,063,782 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012/06/19 15:02:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 15:02:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 06:09:09 | 000,002,022 | ---- | M] () -- C:\Users\MaPa\Documents\cc_20120619_060904.reg
[2012/06/09 11:37:00 | 000,001,364 | ---- | M] () -- C:\Users\MaPa\Desktop\Free YouTube to MP3 Converter.lnk
[2012/06/08 04:45:40 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2012/07/04 11:00:16 | 000,050,477 | ---- | C] () -- C:\Users\MaPa\Desktop\Defogger.exe
[2012/07/04 10:52:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/29 10:03:10 | 000,001,110 | ---- | C] () -- C:\Users\MaPa\Documents\cc_20120629_100309.reg
[2012/06/26 09:00:30 | 000,001,564 | ---- | C] () -- C:\Users\MaPa\Documents\cc_20120626_090029.reg
[2012/06/25 16:43:54 | 000,331,632 | ---- | C] () -- C:\Users\MaPa\Desktop\IMG_0002.jpg
[2012/06/25 16:43:22 | 000,350,928 | ---- | C] () -- C:\Users\MaPa\Desktop\IMG_0001.jpg
[2012/06/25 16:42:40 | 000,526,923 | ---- | C] () -- C:\Users\MaPa\Desktop\IMG.jpg
[2012/06/25 16:35:37 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/06/25 16:35:37 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/25 16:16:17 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/06/24 07:49:27 | 000,011,636 | ---- | C] () -- C:\Users\MaPa\Documents\cc_20120624_074925.reg
[2012/06/23 17:50:17 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/06/19 06:09:06 | 000,002,022 | ---- | C] () -- C:\Users\MaPa\Documents\cc_20120619_060904.reg
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/04 17:08:02 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012/01/16 13:39:36 | 000,127,588 | ---- | C] () -- C:\Users\MaPa\ESt2011_Kneese_Thomas_und_Kneese_Kerstin.elfo
[2011/09/19 10:40:38 | 035,587,084 | ---- | C] () -- C:\Users\MaPa\fotobuch.cpr
[2011/06/26 13:11:25 | 000,143,676 | ---- | C] () -- C:\Users\MaPa\ESt2010_Kneese_Thomas_und_Kneese_Kerstin.elfo
[2011/03/26 07:27:08 | 000,007,667 | ---- | C] () -- C:\Users\MaPa\AppData\Local\resmon.resmoncfg
[2011/01/23 16:43:55 | 000,002,131 | ---- | C] () -- C:\Users\MaPa\TuneUp Utilities.lnk
[2011/01/09 13:56:34 | 000,001,094 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2011/01/07 18:53:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 20:03:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/18 10:05:55 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/12/18 09:50:42 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
 
========== LOP Check ==========
 
[2011/09/21 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\.minecraft
[2011/07/23 07:18:57 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Auslogics
[2012/02/05 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Autodesk
[2012/02/25 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Canon
[2011/07/25 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/06/09 11:37:20 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\DVDVideoSoft
[2012/02/12 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/16 13:19:42 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\elsterformular
[2012/02/14 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Encryptomatic, LLC
[2011/11/26 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\fotobuch.de AG
[2011/06/20 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Leadertech
[2012/02/14 21:36:42 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\MessageViewer
[2011/01/08 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\RouterControl
[2012/06/23 17:50:19 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Samsung
[2011/07/22 18:24:17 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Systweak
[2011/03/26 06:47:54 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Tific
[2011/01/23 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\TuneUp Software
[2011/08/13 07:34:49 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Unity
[2012/06/25 16:37:01 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Visan
[2011/07/01 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\_MDLogs
[2012/07/04 18:25:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/21 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\.minecraft
[2011/07/25 10:37:45 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Adobe
[2011/08/14 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Apple Computer
[2011/07/23 07:18:57 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Auslogics
[2012/02/05 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Autodesk
[2012/02/25 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Canon
[2011/01/04 20:21:00 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\CyberLink
[2011/07/25 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/11/20 13:57:09 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\dvdcss
[2012/06/09 11:37:20 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\DVDVideoSoft
[2012/02/12 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/16 13:19:42 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\elsterformular
[2012/02/14 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Encryptomatic, LLC
[2011/11/26 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\fotobuch.de AG
[2011/01/04 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Hewlett-Packard
[2011/01/04 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\hpqLog
[2011/01/04 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Identities
[2011/01/04 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Intel Corporation
[2011/06/20 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Leadertech
[2011/06/20 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Logishrd
[2011/06/20 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Logitech
[2011/01/04 20:25:41 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Macromedia
[2012/07/04 10:52:49 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Media Center Programs
[2012/02/14 21:36:42 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\MessageViewer
[2012/05/04 17:21:58 | 000,000,000 | --SD | M] -- C:\Users\MaPa\AppData\Roaming\Microsoft
[2011/01/04 20:30:16 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Mozilla
[2011/01/08 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\RouterControl
[2012/06/23 17:50:19 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Samsung
[2012/07/05 22:53:21 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Skype
[2011/07/22 18:24:17 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Systweak
[2011/03/26 06:47:54 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Tific
[2011/01/23 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\TuneUp Software
[2011/08/13 07:34:49 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Unity
[2012/06/25 16:37:01 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\Visan
[2011/11/05 18:52:16 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\vlc
[2011/09/13 15:33:41 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\WinRAR
[2011/07/01 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\MaPa\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2011/09/02 13:18:46 | 000,270,142 | ---- | M] () -- C:\Users\MaPa\AppData\Roaming\.minecraft\Minecraft.exe
[2011/11/27 12:36:43 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MaPa\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/07/24 07:21:47 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011/01/08 11:23:50 | 000,010,134 | R--- | M] () -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012/06/25 16:14:59 | 000,010,134 | R--- | M] () -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\ARPPRODUCTICON.exe
[2012/06/25 16:14:59 | 000,008,854 | R--- | M] () -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\ck_software.de.url_E80714D0951E4B4F8716F24C9CCC27C9.exe
[2012/06/25 16:14:59 | 000,204,800 | R--- | M] (Macrovision Corporation) -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\grusskarten.exe1_E80714D0951E4B4F8716F24C9CCC27C9.exe
[2012/06/25 16:14:59 | 000,204,800 | R--- | M] (Macrovision Corporation) -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\grusskarten.exe_E80714D0951E4B4F8716F24C9CCC27C9.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/12/18 10:38:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/12/18 10:38:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/12/18 10:38:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/12/18 10:38:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/18 10:31:32 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/18 10:31:32 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Alt 08.07.2012, 20:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\MaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/04 08:21:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4e566610-326b-11e1-80b9-a7cdc643bb09}\Shell - "" = AutoRun
O33 - MountPoints2\{4e566610-326b-11e1-80b9-a7cdc643bb09}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e566619-326b-11e1-80b9-a7cdc643bb09}\Shell - "" = AutoRun
O33 - MountPoints2\{4e566619-326b-11e1-80b9-a7cdc643bb09}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012/06/25 16:16:17 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/06/25 16:14:59 | 000,204,800 | R--- | M] (Macrovision Corporation) -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\grusskarten.exe1_E80714D0951E4B4F8716F24C9CCC27C9.exe
[2012/06/25 16:14:59 | 000,204,800 | R--- | M] (Macrovision Corporation) -- C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\grusskarten.exe_E80714D0951E4B4F8716F24C9CCC27C9.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.07.2012, 12:04   #9
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



hallo cosinus, hier der log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Extension32.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File move failed. C:\Users\MaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching not found.
Registry value HKEY_USERS\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation not found.
Registry value HKEY_USERS\S-1-5-21-2297059376-1916024115-1595925278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e566610-326b-11e1-80b9-a7cdc643bb09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e566610-326b-11e1-80b9-a7cdc643bb09}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e566610-326b-11e1-80b9-a7cdc643bb09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e566610-326b-11e1-80b9-a7cdc643bb09}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e566619-326b-11e1-80b9-a7cdc643bb09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e566619-326b-11e1-80b9-a7cdc643bb09}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e566619-326b-11e1-80b9-a7cdc643bb09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e566619-326b-11e1-80b9-a7cdc643bb09}\ not found.
File F:\AutoRun.exe not found.
File C:\user.js not found.
File C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\grusskarten.exe1_E80714D0951E4B4F8716F24C9CCC27C9.exe not found.
File C:\Users\MaPa\AppData\Roaming\Microsoft\Installer\{E80714D0-951E-4B4F-8716-F24C9CCC27C9}\grusskarten.exe_E80714D0951E4B4F8716F24C9CCC27C9.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: MaPa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 84106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33377756 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser.MaPa-Compi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6556 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 119936377 bytes
 
Total Files Cleaned = 146.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: MaPa
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
User: UpdatusUser.MaPa-Compi
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07092012_120010

Files\Folders moved on Reboot...
File\Folder C:\Users\MaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk not found!
C:\Users\MaPa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\MaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk not found!
File C:\Users\MaPa\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 09.07.2012, 13:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.07.2012, 19:07   #11
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



hier der report, Funde sind noch nicht gelöscht.

Code:
ATTFilter
19:03:08.0395 5020	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
19:03:08.0863 5020	============================================================
19:03:08.0863 5020	Current date / time: 2012/07/09 19:03:08.0863
19:03:08.0863 5020	SystemInfo:
19:03:08.0863 5020	
19:03:08.0863 5020	OS Version: 6.1.7601 ServicePack: 1.0
19:03:08.0863 5020	Product type: Workstation
19:03:08.0863 5020	ComputerName: MAPA-COMPI
19:03:08.0863 5020	UserName: MaPa
19:03:08.0863 5020	Windows directory: C:\Windows
19:03:08.0863 5020	System windows directory: C:\Windows
19:03:08.0863 5020	Running under WOW64
19:03:08.0863 5020	Processor architecture: Intel x64
19:03:08.0863 5020	Number of processors: 8
19:03:08.0863 5020	Page size: 0x1000
19:03:08.0863 5020	Boot type: Normal boot
19:03:08.0863 5020	============================================================
19:03:10.0470 5020	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:03:10.0501 5020	============================================================
19:03:10.0501 5020	\Device\Harddisk0\DR0:
19:03:10.0501 5020	MBR partitions:
19:03:10.0501 5020	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:03:10.0501 5020	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72B64800
19:03:10.0501 5020	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72B97000, BlocksNum 0x1B6E800
19:03:10.0501 5020	============================================================
19:03:10.0532 5020	C: <-> \Device\Harddisk0\DR0\Partition1
19:03:10.0704 5020	D: <-> \Device\Harddisk0\DR0\Partition2
19:03:10.0704 5020	============================================================
19:03:10.0704 5020	Initialize success
19:03:10.0704 5020	============================================================
19:03:17.0583 2784	============================================================
19:03:17.0583 2784	Scan started
19:03:17.0583 2784	Mode: Manual; SigCheck; TDLFS; 
19:03:17.0583 2784	============================================================
19:03:18.0972 2784	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:03:19.0190 2784	1394ohci - ok
19:03:19.0284 2784	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:03:19.0315 2784	ACPI - ok
19:03:19.0331 2784	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:03:19.0409 2784	AcpiPmi - ok
19:03:19.0518 2784	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:19.0533 2784	AdobeARMservice - ok
19:03:19.0814 2784	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:19.0845 2784	AdobeFlashPlayerUpdateSvc - ok
19:03:19.0939 2784	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:19.0970 2784	adp94xx - ok
19:03:20.0048 2784	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:03:20.0079 2784	adpahci - ok
19:03:20.0173 2784	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:03:20.0173 2784	adpu320 - ok
19:03:20.0204 2784	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:03:20.0329 2784	AeLookupSvc - ok
19:03:20.0407 2784	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:03:20.0469 2784	AFD - ok
19:03:20.0516 2784	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:03:20.0532 2784	agp440 - ok
19:03:21.0062 2784	Akamai          (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
19:03:21.0062 2784	Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
19:03:21.0062 2784	Akamai ( HiddenFile.Multi.Generic ) - warning
19:03:21.0062 2784	Akamai - detected HiddenFile.Multi.Generic (1)
19:03:21.0234 2784	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:03:21.0327 2784	ALG - ok
19:03:21.0405 2784	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:03:21.0421 2784	aliide - ok
19:03:21.0452 2784	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:03:21.0468 2784	amdide - ok
19:03:21.0515 2784	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:03:21.0624 2784	AmdK8 - ok
19:03:21.0655 2784	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:03:21.0717 2784	AmdPPM - ok
19:03:21.0764 2784	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:03:21.0780 2784	amdsata - ok
19:03:21.0842 2784	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:21.0920 2784	amdsbs - ok
19:03:21.0936 2784	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:03:21.0951 2784	amdxata - ok
19:03:21.0983 2784	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:03:22.0123 2784	AppID - ok
19:03:22.0139 2784	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:03:22.0201 2784	AppIDSvc - ok
19:03:22.0232 2784	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:03:22.0263 2784	Appinfo - ok
19:03:22.0388 2784	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:22.0404 2784	Apple Mobile Device - ok
19:03:22.0451 2784	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:03:22.0466 2784	arc - ok
19:03:22.0482 2784	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:03:22.0497 2784	arcsas - ok
19:03:22.0529 2784	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:22.0575 2784	AsyncMac - ok
19:03:22.0622 2784	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:03:22.0622 2784	atapi - ok
19:03:22.0794 2784	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:03:22.0887 2784	AudioEndpointBuilder - ok
19:03:22.0887 2784	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:03:22.0919 2784	AudioSrv - ok
19:03:22.0965 2784	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:03:23.0059 2784	AxInstSV - ok
19:03:23.0137 2784	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:23.0184 2784	b06bdrv - ok
19:03:23.0231 2784	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:23.0277 2784	b57nd60a - ok
19:03:23.0340 2784	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:03:23.0402 2784	BDESVC - ok
19:03:23.0418 2784	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:03:23.0496 2784	Beep - ok
19:03:23.0589 2784	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:03:23.0636 2784	BFE - ok
19:03:23.0948 2784	BHDrvx64        (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
19:03:23.0995 2784	BHDrvx64 - ok
19:03:24.0323 2784	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:03:24.0401 2784	BITS - ok
19:03:24.0479 2784	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:24.0510 2784	blbdrive - ok
19:03:24.0635 2784	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:03:24.0666 2784	Bonjour Service - ok
19:03:24.0713 2784	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:03:24.0775 2784	bowser - ok
19:03:24.0806 2784	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:24.0869 2784	BrFiltLo - ok
19:03:24.0884 2784	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:24.0900 2784	BrFiltUp - ok
19:03:24.0931 2784	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:03:25.0009 2784	Browser - ok
19:03:25.0103 2784	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:03:25.0196 2784	Brserid - ok
19:03:25.0227 2784	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:25.0259 2784	BrSerWdm - ok
19:03:25.0305 2784	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:25.0352 2784	BrUsbMdm - ok
19:03:25.0368 2784	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:25.0399 2784	BrUsbSer - ok
19:03:25.0430 2784	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:25.0461 2784	BTHMODEM - ok
19:03:25.0508 2784	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:03:25.0571 2784	bthserv - ok
19:03:25.0602 2784	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:03:25.0633 2784	cdfs - ok
19:03:25.0680 2784	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:03:25.0711 2784	cdrom - ok
19:03:25.0742 2784	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:03:25.0820 2784	CertPropSvc - ok
19:03:25.0836 2784	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:03:25.0883 2784	circlass - ok
19:03:25.0929 2784	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:03:25.0961 2784	CLFS - ok
19:03:26.0023 2784	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:26.0039 2784	clr_optimization_v2.0.50727_32 - ok
19:03:26.0101 2784	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:26.0132 2784	clr_optimization_v2.0.50727_64 - ok
19:03:26.0195 2784	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:26.0226 2784	clr_optimization_v4.0.30319_32 - ok
19:03:26.0241 2784	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:26.0257 2784	clr_optimization_v4.0.30319_64 - ok
19:03:26.0288 2784	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:26.0319 2784	CmBatt - ok
19:03:26.0351 2784	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:03:26.0366 2784	cmdide - ok
19:03:26.0444 2784	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:03:26.0475 2784	CNG - ok
19:03:26.0491 2784	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:03:26.0507 2784	Compbatt - ok
19:03:26.0569 2784	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:03:26.0600 2784	CompositeBus - ok
19:03:26.0600 2784	COMSysApp - ok
19:03:26.0678 2784	cpuz135         (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
19:03:26.0694 2784	cpuz135 - ok
19:03:26.0709 2784	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:26.0741 2784	crcdisk - ok
19:03:26.0803 2784	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:03:26.0850 2784	CryptSvc - ok
19:03:26.0928 2784	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:03:27.0006 2784	DcomLaunch - ok
19:03:27.0037 2784	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:03:27.0099 2784	defragsvc - ok
19:03:27.0131 2784	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:03:27.0193 2784	DfsC - ok
19:03:27.0271 2784	dg_ssudbus      (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
19:03:27.0287 2784	dg_ssudbus - ok
19:03:27.0333 2784	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:03:27.0380 2784	Dhcp - ok
19:03:27.0411 2784	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:03:27.0489 2784	discache - ok
19:03:27.0599 2784	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:03:27.0614 2784	Disk - ok
19:03:27.0645 2784	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:03:27.0692 2784	Dnscache - ok
19:03:27.0739 2784	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:03:27.0801 2784	dot3svc - ok
19:03:27.0895 2784	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:03:27.0942 2784	DPS - ok
19:03:27.0957 2784	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:03:27.0989 2784	drmkaud - ok
19:03:28.0004 2784	dump_wmimmc - ok
19:03:28.0113 2784	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:03:28.0145 2784	DXGKrnl - ok
19:03:28.0160 2784	EagleX64 - ok
19:03:28.0191 2784	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:03:28.0269 2784	EapHost - ok
19:03:28.0893 2784	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:03:29.0003 2784	ebdrv - ok
19:03:29.0112 2784	eeCtrl          (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:03:29.0143 2784	eeCtrl - ok
19:03:29.0268 2784	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:03:29.0346 2784	EFS - ok
19:03:29.0549 2784	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:03:29.0627 2784	ehRecvr - ok
19:03:29.0673 2784	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:03:29.0705 2784	ehSched - ok
19:03:29.0829 2784	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:03:29.0876 2784	elxstor - ok
19:03:30.0001 2784	EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:03:30.0017 2784	EraserUtilRebootDrv - ok
19:03:30.0063 2784	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:03:30.0126 2784	ErrDev - ok
19:03:30.0188 2784	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:03:30.0282 2784	EventSystem - ok
19:03:30.0344 2784	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:03:30.0391 2784	exfat - ok
19:03:30.0391 2784	ezSharedSvc - ok
19:03:30.0438 2784	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:03:30.0485 2784	fastfat - ok
19:03:30.0578 2784	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:03:30.0828 2784	Fax - ok
19:03:30.0843 2784	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:03:30.0875 2784	fdc - ok
19:03:30.0906 2784	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:03:30.0953 2784	fdPHost - ok
19:03:30.0968 2784	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:03:30.0999 2784	FDResPub - ok
19:03:31.0046 2784	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:03:31.0046 2784	FileInfo - ok
19:03:31.0062 2784	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:03:31.0109 2784	Filetrace - ok
19:03:31.0389 2784	FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:03:31.0452 2784	FLEXnet Licensing Service 64 - ok
19:03:31.0701 2784	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:31.0733 2784	flpydisk - ok
19:03:31.0811 2784	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:03:31.0842 2784	FltMgr - ok
19:03:31.0982 2784	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:03:32.0060 2784	FontCache - ok
19:03:32.0169 2784	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:32.0185 2784	FontCache3.0.0.0 - ok
19:03:32.0232 2784	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:03:32.0247 2784	FsDepends - ok
19:03:32.0279 2784	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:03:32.0279 2784	Fs_Rec - ok
19:03:32.0341 2784	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:03:32.0372 2784	fvevol - ok
19:03:32.0388 2784	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:32.0403 2784	gagp30kx - ok
19:03:32.0435 2784	GEARAspiWDM     (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:32.0450 2784	GEARAspiWDM - ok
19:03:32.0575 2784	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:03:32.0622 2784	gpsvc - ok
19:03:32.0684 2784	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:03:32.0762 2784	hcw85cir - ok
19:03:32.0918 2784	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:03:32.0934 2784	HdAudAddService - ok
19:03:32.0981 2784	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:03:32.0996 2784	HDAudBus - ok
19:03:33.0027 2784	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:03:33.0043 2784	HECIx64 - ok
19:03:33.0074 2784	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:33.0105 2784	HidBatt - ok
19:03:33.0137 2784	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:03:33.0168 2784	HidBth - ok
19:03:33.0215 2784	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:03:33.0261 2784	HidIr - ok
19:03:33.0293 2784	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:03:33.0339 2784	hidserv - ok
19:03:33.0386 2784	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:03:33.0417 2784	HidUsb - ok
19:03:33.0433 2784	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:03:33.0495 2784	hkmsvc - ok
19:03:33.0527 2784	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:03:33.0573 2784	HomeGroupListener - ok
19:03:33.0605 2784	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:03:33.0651 2784	HomeGroupProvider - ok
19:03:33.0698 2784	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:03:33.0714 2784	HpSAMD - ok
19:03:33.0792 2784	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:03:33.0870 2784	HTTP - ok
19:03:33.0932 2784	hwdatacard      (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:03:33.0948 2784	hwdatacard ( UnsignedFile.Multi.Generic ) - warning
19:03:33.0948 2784	hwdatacard - detected UnsignedFile.Multi.Generic (1)
19:03:33.0979 2784	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:03:34.0010 2784	hwpolicy - ok
19:03:34.0041 2784	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:03:34.0073 2784	i8042prt - ok
19:03:34.0213 2784	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
19:03:34.0244 2784	iaStor - ok
19:03:34.0353 2784	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:03:34.0369 2784	IAStorDataMgrSvc - ok
19:03:34.0431 2784	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:03:34.0463 2784	iaStorV - ok
19:03:34.0634 2784	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:34.0697 2784	idsvc - ok
19:03:34.0931 2784	IDSVia64        (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120705.001\IDSvia64.sys
19:03:34.0962 2784	IDSVia64 - ok
19:03:35.0071 2784	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:03:35.0087 2784	iirsp - ok
19:03:35.0211 2784	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:03:35.0289 2784	IKEEXT - ok
19:03:35.0648 2784	IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
19:03:35.0695 2784	IntcAzAudAddService - ok
19:03:35.0867 2784	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:03:35.0898 2784	intelide - ok
19:03:35.0929 2784	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:03:35.0960 2784	intelppm - ok
19:03:35.0991 2784	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:03:36.0069 2784	IPBusEnum - ok
19:03:36.0085 2784	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:36.0147 2784	IpFilterDriver - ok
19:03:36.0225 2784	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:03:36.0288 2784	iphlpsvc - ok
19:03:36.0319 2784	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:03:36.0335 2784	IPMIDRV - ok
19:03:36.0381 2784	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:03:36.0428 2784	IPNAT - ok
19:03:36.0693 2784	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:03:36.0740 2784	iPod Service - ok
19:03:36.0771 2784	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:03:36.0834 2784	IRENUM - ok
19:03:36.0865 2784	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:03:36.0896 2784	isapnp - ok
19:03:36.0990 2784	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:03:37.0021 2784	iScsiPrt - ok
19:03:37.0052 2784	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:37.0052 2784	kbdclass - ok
19:03:37.0083 2784	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:37.0115 2784	kbdhid - ok
19:03:37.0146 2784	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:37.0177 2784	KeyIso - ok
19:03:37.0255 2784	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:03:37.0286 2784	KSecDD - ok
19:03:37.0302 2784	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:03:37.0333 2784	KSecPkg - ok
19:03:37.0349 2784	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:03:37.0411 2784	ksthunk - ok
19:03:37.0676 2784	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:03:37.0754 2784	KtmRm - ok
19:03:37.0817 2784	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:03:37.0879 2784	LanmanServer - ok
19:03:37.0910 2784	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:03:37.0988 2784	LanmanWorkstation - ok
19:03:38.0019 2784	LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:03:38.0035 2784	LHidFilt - ok
19:03:38.0066 2784	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:03:38.0113 2784	lltdio - ok
19:03:38.0175 2784	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:03:38.0238 2784	lltdsvc - ok
19:03:38.0269 2784	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:03:38.0285 2784	lmhosts - ok
19:03:38.0347 2784	LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:03:38.0363 2784	LMouFilt - ok
19:03:38.0456 2784	LMS             (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:03:38.0487 2784	LMS - ok
19:03:38.0534 2784	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:38.0550 2784	LSI_FC - ok
19:03:38.0565 2784	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:38.0581 2784	LSI_SAS - ok
19:03:38.0597 2784	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:38.0612 2784	LSI_SAS2 - ok
19:03:38.0628 2784	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:38.0643 2784	LSI_SCSI - ok
19:03:38.0675 2784	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:03:38.0737 2784	luafv - ok
19:03:38.0799 2784	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:03:38.0815 2784	MBAMProtector - ok
19:03:38.0924 2784	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:03:38.0955 2784	MBAMService - ok
19:03:38.0987 2784	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:03:39.0018 2784	Mcx2Svc - ok
19:03:39.0033 2784	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:03:39.0049 2784	megasas - ok
19:03:39.0111 2784	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:39.0127 2784	MegaSR - ok
19:03:39.0158 2784	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:03:39.0205 2784	MMCSS - ok
19:03:39.0221 2784	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:03:39.0283 2784	Modem - ok
19:03:39.0330 2784	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:03:39.0361 2784	monitor - ok
19:03:39.0392 2784	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:03:39.0408 2784	mouclass - ok
19:03:39.0439 2784	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:03:39.0470 2784	mouhid - ok
19:03:39.0517 2784	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:03:39.0533 2784	mountmgr - ok
19:03:39.0611 2784	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:39.0642 2784	MozillaMaintenance - ok
19:03:39.0673 2784	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:03:39.0689 2784	mpio - ok
19:03:39.0720 2784	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:03:39.0751 2784	mpsdrv - ok
19:03:39.0985 2784	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:03:40.0063 2784	MpsSvc - ok
19:03:40.0094 2784	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:03:40.0110 2784	MRxDAV - ok
19:03:40.0141 2784	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:40.0172 2784	mrxsmb - ok
19:03:40.0219 2784	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:40.0250 2784	mrxsmb10 - ok
19:03:40.0281 2784	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:40.0313 2784	mrxsmb20 - ok
19:03:40.0328 2784	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:03:40.0344 2784	msahci - ok
19:03:40.0391 2784	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:03:40.0406 2784	msdsm - ok
19:03:40.0437 2784	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:03:40.0469 2784	MSDTC - ok
19:03:40.0531 2784	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:03:40.0578 2784	Msfs - ok
19:03:40.0593 2784	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:03:40.0640 2784	mshidkmdf - ok
19:03:40.0656 2784	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:03:40.0656 2784	msisadrv - ok
19:03:40.0703 2784	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:03:40.0765 2784	MSiSCSI - ok
19:03:40.0765 2784	msiserver - ok
19:03:40.0781 2784	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:03:40.0812 2784	MSKSSRV - ok
19:03:40.0827 2784	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:40.0874 2784	MSPCLOCK - ok
19:03:40.0890 2784	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:03:40.0937 2784	MSPQM - ok
19:03:41.0233 2784	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:03:41.0280 2784	MsRPC - ok
19:03:41.0295 2784	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:03:41.0311 2784	mssmbios - ok
19:03:41.0358 2784	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:03:41.0436 2784	MSTEE - ok
19:03:41.0451 2784	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:41.0483 2784	MTConfig - ok
19:03:41.0514 2784	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:03:41.0529 2784	Mup - ok
19:03:41.0639 2784	N360            (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
19:03:41.0654 2784	N360 - ok
19:03:41.0717 2784	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:03:41.0779 2784	napagent - ok
19:03:41.0857 2784	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:03:41.0888 2784	NativeWifiP - ok
19:03:42.0091 2784	NAVENG          (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120708.024\ENG64.SYS
19:03:42.0122 2784	NAVENG - ok
19:03:42.0356 2784	NAVEX15         (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120708.024\EX64.SYS
19:03:42.0403 2784	NAVEX15 - ok
19:03:42.0590 2784	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:03:42.0621 2784	NDIS - ok
19:03:42.0653 2784	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:42.0731 2784	NdisCap - ok
19:03:42.0746 2784	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:42.0777 2784	NdisTapi - ok
19:03:42.0793 2784	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:42.0809 2784	Ndisuio - ok
19:03:42.0840 2784	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:42.0902 2784	NdisWan - ok
19:03:42.0918 2784	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:03:42.0965 2784	NDProxy - ok
19:03:42.0996 2784	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:03:43.0043 2784	NetBIOS - ok
19:03:43.0074 2784	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:03:43.0121 2784	NetBT - ok
19:03:43.0152 2784	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:43.0152 2784	Netlogon - ok
19:03:43.0199 2784	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:03:43.0245 2784	Netman - ok
19:03:43.0292 2784	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:03:43.0323 2784	netprofm - ok
19:03:43.0417 2784	netr28x         (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
19:03:43.0433 2784	netr28x - ok
19:03:43.0479 2784	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:43.0495 2784	NetTcpPortSharing - ok
19:03:43.0885 2784	Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
19:03:43.0963 2784	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
19:03:43.0963 2784	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
19:03:44.0244 2784	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:44.0259 2784	nfrd960 - ok
19:03:44.0306 2784	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:03:44.0353 2784	NlaSvc - ok
19:03:44.0431 2784	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:03:44.0478 2784	Npfs - ok
19:03:44.0478 2784	npggsvc - ok
19:03:44.0493 2784	NPPTNT2 - ok
19:03:44.0509 2784	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:03:44.0540 2784	nsi - ok
19:03:44.0571 2784	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:03:44.0603 2784	nsiproxy - ok
19:03:44.0930 2784	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:03:44.0977 2784	Ntfs - ok
19:03:45.0164 2784	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:03:45.0227 2784	Null - ok
19:03:45.0273 2784	NVHDA           (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
19:03:45.0289 2784	NVHDA - ok
19:03:47.0177 2784	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:03:47.0317 2784	nvlddmkm - ok
19:03:47.0457 2784	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:03:47.0489 2784	nvraid - ok
19:03:47.0520 2784	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:03:47.0535 2784	nvstor - ok
19:03:47.0660 2784	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
19:03:47.0691 2784	nvsvc - ok
19:03:47.0879 2784	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:03:47.0925 2784	nvUpdatusService - ok
19:03:48.0066 2784	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:03:48.0097 2784	nv_agp - ok
19:03:48.0269 2784	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:03:48.0315 2784	ohci1394 - ok
19:03:48.0378 2784	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:03:48.0393 2784	ose - ok
19:03:48.0471 2784	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:03:48.0518 2784	p2pimsvc - ok
19:03:48.0581 2784	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:03:48.0612 2784	p2psvc - ok
19:03:48.0627 2784	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:03:48.0659 2784	Parport - ok
19:03:48.0783 2784	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:03:48.0799 2784	partmgr - ok
19:03:48.0846 2784	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:03:48.0893 2784	PcaSvc - ok
19:03:48.0924 2784	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:03:48.0955 2784	pci - ok
19:03:48.0971 2784	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:03:48.0971 2784	pciide - ok
19:03:49.0017 2784	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:49.0017 2784	pcmcia - ok
19:03:49.0049 2784	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:03:49.0064 2784	pcw - ok
19:03:49.0236 2784	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:03:49.0392 2784	PEAUTH - ok
19:03:49.0532 2784	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:03:49.0704 2784	PerfHost - ok
19:03:49.0969 2784	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:03:50.0031 2784	pla - ok
19:03:50.0109 2784	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:03:50.0156 2784	PlugPlay - ok
19:03:50.0219 2784	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:03:50.0250 2784	PNRPAutoReg - ok
19:03:50.0328 2784	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:03:50.0359 2784	PNRPsvc - ok
19:03:50.0468 2784	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:03:50.0531 2784	PolicyAgent - ok
19:03:50.0593 2784	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:03:50.0640 2784	Power - ok
19:03:50.0702 2784	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:03:50.0765 2784	PptpMiniport - ok
19:03:50.0780 2784	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:03:50.0811 2784	Processor - ok
19:03:50.0921 2784	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:03:50.0952 2784	ProfSvc - ok
19:03:51.0108 2784	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:51.0123 2784	ProtectedStorage - ok
19:03:51.0155 2784	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:03:51.0186 2784	Psched - ok
19:03:51.0435 2784	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:03:51.0498 2784	ql2300 - ok
19:03:51.0825 2784	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:51.0857 2784	ql40xx - ok
19:03:51.0919 2784	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:03:51.0966 2784	QWAVE - ok
19:03:51.0997 2784	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:03:52.0044 2784	QWAVEdrv - ok
19:03:52.0200 2784	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
19:03:52.0231 2784	RapiMgr - ok
19:03:52.0247 2784	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:03:52.0309 2784	RasAcd - ok
19:03:52.0356 2784	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:52.0371 2784	RasAgileVpn - ok
19:03:52.0403 2784	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:03:52.0449 2784	RasAuto - ok
19:03:52.0465 2784	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:52.0527 2784	Rasl2tp - ok
19:03:52.0574 2784	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:03:52.0637 2784	RasMan - ok
19:03:52.0683 2784	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:52.0730 2784	RasPppoe - ok
19:03:52.0761 2784	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:03:52.0808 2784	RasSstp - ok
19:03:52.0855 2784	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:03:52.0933 2784	rdbss - ok
19:03:52.0949 2784	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:52.0964 2784	rdpbus - ok
19:03:52.0980 2784	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:53.0027 2784	RDPCDD - ok
19:03:53.0042 2784	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:03:53.0089 2784	RDPENCDD - ok
19:03:53.0089 2784	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:03:53.0120 2784	RDPREFMP - ok
19:03:53.0198 2784	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:03:53.0261 2784	RDPWD - ok
19:03:53.0292 2784	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:03:53.0307 2784	rdyboost - ok
19:03:53.0339 2784	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:03:53.0385 2784	RemoteAccess - ok
19:03:53.0417 2784	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:03:53.0479 2784	RemoteRegistry - ok
19:03:53.0495 2784	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:03:53.0541 2784	RpcEptMapper - ok
19:03:53.0573 2784	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:03:53.0604 2784	RpcLocator - ok
19:03:53.0666 2784	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:03:53.0713 2784	RpcSs - ok
19:03:53.0760 2784	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:03:53.0822 2784	rspndr - ok
19:03:53.0869 2784	RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:53.0900 2784	RTL8167 - ok
19:03:53.0994 2784	RTL8192su       (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
19:03:54.0025 2784	RTL8192su - ok
19:03:54.0041 2784	S3XXx64         (4f55bc63dca859a6dedc1106e0062135) C:\Windows\system32\DRIVERS\S3XXx64.sys
19:03:54.0072 2784	S3XXx64 - ok
19:03:54.0087 2784	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:03:54.0119 2784	SamSs - ok
19:03:54.0134 2784	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:03:54.0150 2784	sbp2port - ok
19:03:54.0197 2784	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:03:54.0243 2784	SCardSvr - ok
19:03:54.0259 2784	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:03:54.0306 2784	scfilter - ok
19:03:54.0649 2784	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:03:54.0743 2784	Schedule - ok
19:03:54.0758 2784	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:03:54.0789 2784	SCPolicySvc - ok
19:03:54.0805 2784	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:03:54.0867 2784	SDRSVC - ok
19:03:54.0930 2784	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:03:54.0992 2784	secdrv - ok
19:03:55.0008 2784	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:03:55.0070 2784	seclogon - ok
19:03:55.0101 2784	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:03:55.0133 2784	SENS - ok
19:03:55.0148 2784	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:03:55.0164 2784	SensrSvc - ok
19:03:55.0195 2784	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:03:55.0195 2784	Serenum - ok
19:03:55.0242 2784	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:03:55.0289 2784	Serial - ok
19:03:55.0320 2784	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:03:55.0351 2784	sermouse - ok
19:03:55.0398 2784	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:03:55.0445 2784	SessionEnv - ok
19:03:55.0445 2784	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:03:55.0491 2784	sffdisk - ok
19:03:55.0507 2784	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:03:55.0538 2784	sffp_mmc - ok
19:03:55.0554 2784	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:03:55.0585 2784	sffp_sd - ok
19:03:55.0616 2784	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:55.0647 2784	sfloppy - ok
19:03:55.0725 2784	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:03:55.0788 2784	SharedAccess - ok
19:03:55.0835 2784	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:03:55.0897 2784	ShellHWDetection - ok
19:03:55.0944 2784	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:55.0944 2784	SiSRaid2 - ok
19:03:55.0959 2784	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:55.0975 2784	SiSRaid4 - ok
19:03:56.0100 2784	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:03:56.0115 2784	SkypeUpdate - ok
19:03:56.0193 2784	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:03:56.0271 2784	Smb - ok
19:03:56.0287 2784	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:03:56.0303 2784	SNMPTRAP - ok
19:03:56.0303 2784	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:03:56.0318 2784	spldr - ok
19:03:56.0381 2784	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:03:56.0427 2784	Spooler - ok
19:03:58.0065 2784	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:03:58.0190 2784	sppsvc - ok
19:03:58.0331 2784	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:03:58.0393 2784	sppuinotify - ok
19:03:58.0721 2784	SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
19:03:58.0721 2784	SRTSP - ok
19:03:58.0767 2784	SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
19:03:58.0783 2784	SRTSPX - ok
19:03:58.0845 2784	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:03:58.0892 2784	srv - ok
19:03:58.0955 2784	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:03:59.0001 2784	srv2 - ok
19:03:59.0001 2784	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:03:59.0033 2784	srvnet - ok
19:03:59.0064 2784	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:03:59.0142 2784	SSDPSRV - ok
19:03:59.0142 2784	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:03:59.0173 2784	SstpSvc - ok
19:03:59.0235 2784	ssudmdm         (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
19:03:59.0251 2784	ssudmdm - ok
19:03:59.0391 2784	StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
19:03:59.0423 2784	StarMoney 7.0 OnlineUpdate - ok
19:03:59.0438 2784	Steam Client Service - ok
19:03:59.0563 2784	Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:03:59.0594 2784	Stereo Service - ok
19:03:59.0625 2784	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:03:59.0641 2784	stexstor - ok
19:03:59.0719 2784	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:03:59.0766 2784	stisvc - ok
19:03:59.0813 2784	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:03:59.0828 2784	swenum - ok
19:04:00.0031 2784	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:04:00.0109 2784	swprv - ok
19:04:00.0234 2784	SymDS           (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
19:04:00.0249 2784	SymDS - ok
19:04:00.0359 2784	SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
19:04:00.0390 2784	SymEFA - ok
19:04:00.0437 2784	SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:04:00.0452 2784	SymEvent - ok
19:04:00.0483 2784	SymIM           (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
19:04:00.0499 2784	SymIM - ok
19:04:00.0561 2784	SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
19:04:00.0577 2784	SymIRON - ok
19:04:00.0624 2784	SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
19:04:00.0639 2784	SymNetS - ok
19:04:00.0858 2784	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:04:00.0920 2784	SysMain - ok
19:04:01.0092 2784	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:04:01.0123 2784	TabletInputService - ok
19:04:01.0201 2784	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:04:01.0248 2784	TapiSrv - ok
19:04:01.0279 2784	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:04:01.0310 2784	TBS - ok
19:04:01.0638 2784	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:04:01.0669 2784	Tcpip - ok
19:04:01.0981 2784	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:04:02.0012 2784	TCPIP6 - ok
19:04:02.0121 2784	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:04:02.0199 2784	tcpipreg - ok
19:04:02.0215 2784	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:04:02.0246 2784	TDPIPE - ok
19:04:02.0262 2784	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:04:02.0309 2784	TDTCP - ok
19:04:02.0355 2784	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:04:02.0418 2784	tdx - ok
19:04:02.0636 2784	TelekomNM6      (4283d7125ba4bd0cb50bb0f78b54257a) C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
19:04:02.0652 2784	TelekomNM6 - ok
19:04:02.0683 2784	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:04:02.0699 2784	TermDD - ok
19:04:02.0777 2784	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:04:02.0823 2784	TermService - ok
19:04:02.0839 2784	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:04:02.0870 2784	Themes - ok
19:04:02.0901 2784	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:04:02.0933 2784	THREADORDER - ok
19:04:02.0948 2784	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:04:02.0995 2784	TrkWks - ok
19:04:03.0057 2784	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:04:03.0135 2784	TrustedInstaller - ok
19:04:03.0151 2784	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:03.0167 2784	tssecsrv - ok
19:04:03.0198 2784	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:04:03.0245 2784	TsUsbFlt - ok
19:04:03.0385 2784	TuneUp.Defrag   (e78bfed571b62d4d8b299902939c1d95) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
19:04:03.0416 2784	TuneUp.Defrag - ok
19:04:03.0588 2784	TuneUp.UtilitiesSvc (6842df1c70e5c53b24352d03044e5fb2) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
19:04:03.0619 2784	TuneUp.UtilitiesSvc - ok
19:04:03.0666 2784	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
19:04:03.0681 2784	TuneUpUtilitiesDrv - ok
19:04:03.0915 2784	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:04:03.0947 2784	tunnel - ok
19:04:03.0993 2784	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:04:04.0009 2784	uagp35 - ok
19:04:04.0071 2784	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:04:04.0103 2784	udfs - ok
19:04:04.0134 2784	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:04:04.0165 2784	UI0Detect - ok
19:04:04.0196 2784	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:04:04.0212 2784	uliagpkx - ok
19:04:04.0227 2784	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:04:04.0243 2784	umbus - ok
19:04:04.0274 2784	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:04:04.0321 2784	UmPass - ok
19:04:04.0586 2784	UNS             (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:04:04.0649 2784	UNS - ok
19:04:04.0867 2784	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:04:04.0914 2784	upnphost - ok
19:04:04.0992 2784	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:04:04.0992 2784	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:04:04.0992 2784	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:04:05.0039 2784	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:05.0117 2784	usbccgp - ok
19:04:05.0179 2784	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:04:05.0210 2784	usbcir - ok
19:04:05.0257 2784	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:04:05.0288 2784	usbehci - ok
19:04:05.0351 2784	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:04:05.0397 2784	usbhub - ok
19:04:05.0429 2784	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:04:05.0460 2784	usbohci - ok
19:04:05.0491 2784	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:04:05.0538 2784	usbprint - ok
19:04:05.0585 2784	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:04:05.0616 2784	usbscan - ok
19:04:05.0631 2784	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:05.0663 2784	USBSTOR - ok
19:04:05.0694 2784	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:04:05.0709 2784	usbuhci - ok
19:04:05.0725 2784	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:04:05.0787 2784	UxSms - ok
19:04:05.0834 2784	UxTuneUp        (f10e3434396b76c7e0413975262fac13) C:\Windows\System32\uxtuneup.dll
19:04:05.0850 2784	UxTuneUp - ok
19:04:05.0928 2784	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:04:05.0959 2784	VaultSvc - ok
19:04:05.0990 2784	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:04:05.0990 2784	vdrvroot - ok
19:04:06.0115 2784	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:04:06.0162 2784	vds - ok
19:04:06.0224 2784	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:06.0240 2784	vga - ok
19:04:06.0271 2784	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:04:06.0318 2784	VgaSave - ok
19:04:06.0380 2784	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:04:06.0380 2784	vhdmp - ok
19:04:06.0411 2784	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:04:06.0427 2784	viaide - ok
19:04:06.0443 2784	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:04:06.0443 2784	volmgr - ok
19:04:06.0489 2784	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:04:06.0521 2784	volmgrx - ok
19:04:06.0536 2784	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:04:06.0552 2784	volsnap - ok
19:04:06.0583 2784	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:04:06.0583 2784	vsmraid - ok
19:04:06.0786 2784	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:04:06.0895 2784	VSS - ok
19:04:07.0082 2784	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:04:07.0113 2784	vwifibus - ok
19:04:07.0145 2784	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:04:07.0176 2784	vwififlt - ok
19:04:07.0191 2784	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:04:07.0223 2784	vwifimp - ok
19:04:07.0285 2784	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:04:07.0363 2784	W32Time - ok
19:04:07.0379 2784	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:04:07.0410 2784	WacomPen - ok
19:04:07.0457 2784	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:07.0519 2784	WANARP - ok
19:04:07.0535 2784	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:07.0550 2784	Wanarpv6 - ok
19:04:07.0815 2784	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:04:07.0893 2784	wbengine - ok
19:04:08.0081 2784	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:04:08.0112 2784	WbioSrvc - ok
19:04:08.0361 2784	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
19:04:08.0377 2784	WcesComm - ok
19:04:08.0455 2784	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:04:08.0502 2784	wcncsvc - ok
19:04:08.0533 2784	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:04:08.0564 2784	WcsPlugInService - ok
19:04:08.0627 2784	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:04:08.0642 2784	Wd - ok
19:04:08.0705 2784	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:04:08.0736 2784	Wdf01000 - ok
19:04:08.0783 2784	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:04:08.0861 2784	WdiServiceHost - ok
19:04:08.0861 2784	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:04:08.0876 2784	WdiSystemHost - ok
19:04:08.0923 2784	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:04:08.0970 2784	WebClient - ok
19:04:09.0017 2784	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:04:09.0095 2784	Wecsvc - ok
19:04:09.0110 2784	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:04:09.0157 2784	wercplsupport - ok
19:04:09.0173 2784	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:04:09.0204 2784	WerSvc - ok
19:04:09.0251 2784	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:04:09.0282 2784	WfpLwf - ok
19:04:09.0297 2784	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:04:09.0313 2784	WIMMount - ok
19:04:09.0344 2784	WinDefend - ok
19:04:09.0344 2784	WinHttpAutoProxySvc - ok
19:04:09.0438 2784	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:04:09.0500 2784	Winmgmt - ok
19:04:09.0953 2784	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:04:10.0031 2784	WinRM - ok
19:04:10.0171 2784	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:04:10.0218 2784	WinUsb - ok
19:04:10.0327 2784	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:04:10.0389 2784	Wlansvc - ok
19:04:10.0717 2784	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:04:10.0779 2784	wlidsvc - ok
19:04:10.0904 2784	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:04:10.0935 2784	WmiAcpi - ok
19:04:11.0013 2784	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:04:11.0045 2784	wmiApSrv - ok
19:04:11.0091 2784	WMPNetworkSvc - ok
19:04:11.0123 2784	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:04:11.0154 2784	WPCSvc - ok
19:04:11.0201 2784	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:04:11.0216 2784	WPDBusEnum - ok
19:04:11.0263 2784	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:04:11.0294 2784	ws2ifsl - ok
19:04:11.0341 2784	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:04:11.0372 2784	wscsvc - ok
19:04:11.0372 2784	WSearch - ok
19:04:11.0747 2784	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:04:11.0793 2784	wuauserv - ok
19:04:11.0918 2784	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:04:11.0981 2784	WudfPf - ok
19:04:12.0012 2784	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:12.0043 2784	WUDFRd - ok
19:04:12.0090 2784	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:04:12.0121 2784	wudfsvc - ok
19:04:12.0168 2784	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:04:12.0215 2784	WwanSvc - ok
19:04:12.0261 2784	X6va003 - ok
19:04:12.0277 2784	X6va005 - ok
19:04:12.0308 2784	MBR (0x1B8)     (0f29683d7e6179fe51d7abe3386b400b) \Device\Harddisk0\DR0
19:04:12.0698 2784	\Device\Harddisk0\DR0 - ok
19:04:12.0698 2784	Boot (0x1200)   (ddf2652202b766b64abefa2e12a65927) \Device\Harddisk0\DR0\Partition0
19:04:12.0698 2784	\Device\Harddisk0\DR0\Partition0 - ok
19:04:12.0745 2784	Boot (0x1200)   (9889575b383b11c6892be2e8e7053f43) \Device\Harddisk0\DR0\Partition1
19:04:12.0745 2784	\Device\Harddisk0\DR0\Partition1 - ok
19:04:12.0776 2784	Boot (0x1200)   (b4018ada627548347e163bee3cb7d4b2) \Device\Harddisk0\DR0\Partition2
19:04:12.0776 2784	\Device\Harddisk0\DR0\Partition2 - ok
19:04:12.0776 2784	============================================================
19:04:12.0776 2784	Scan finished
19:04:12.0776 2784	============================================================
19:04:12.0792 2104	Detected object count: 4
19:04:12.0792 2104	Actual detected object count: 4
19:06:23.0802 2104	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:06:23.0802 2104	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
19:06:23.0802 2104	hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:23.0802 2104	hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:06:23.0802 2104	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:23.0802 2104	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:06:23.0802 2104	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:23.0802 2104	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.07.2012, 10:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.07.2012, 12:15   #13
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



hier das Ergebnis:

Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/10/2012 at 12:05:25
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MaPa - MAPA-COMPI
# Running from : C:\Users\MaPa\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\MaPa\AppData\Roaming\Mozilla\Firefox\Profiles\kl0bo0mk.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6OyG1Kd8zU&loc=FF_NT");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "81702884D9A97E99A31EB43FDE412C32");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "9c1b32c40000000000006c626d926927");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15516");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:16:16");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 79194067);
Found : user_pref("extensions.incredibar.prtkHmpg", 1);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyG1Kd8zU&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6OyG1Kd8zU");
Found : user_pref("extensions.incredibar.upn2n", "92261646662307242");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:16:16");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "9c1b32c40000000000006c626d926927");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15516");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyG1Kd8zU&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyG1Kd8zU");
Found : user_pref("extensions.incredibar_i.upn2n", "92261646662307242");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:16:16");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect2[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect3[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect3[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect4[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect6[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect7[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect8[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect9[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HRcollect4[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HR[...]
Found : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HR[...]
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyG1Kd8zU&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [9517 octets] - [10/07/2012 12:05:25]

########## EOF - C:\AdwCleaner[R1].txt - [9645 octets] ##########
         

Geändert von Silenttom (10.07.2012 um 12:27 Uhr)

Alt 10.07.2012, 15:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.07.2012, 16:31   #15
Silenttom
 
Mystart Incredibar - Ein Virus? - Standard

Mystart Incredibar - Ein Virus?



Hier die Logdatei:
Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/10/2012 at 16:24:48
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MaPa - MAPA-COMPI
# Running from : C:\Users\MaPa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\MaPa\AppData\Roaming\Mozilla\Firefox\Profiles\kl0bo0mk.default\prefs.js

C:\Users\MaPa\AppData\Roaming\Mozilla\Firefox\Profiles\kl0bo0mk.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6OyG1Kd8zU&loc=FF_NT");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "81702884D9A97E99A31EB43FDE412C32");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "9c1b32c40000000000006c626d926927");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15516");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:16:16");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 79194067);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyG1Kd8zU&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyG1Kd8zU");
Deleted : user_pref("extensions.incredibar.upn2n", "92261646662307242");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:16:16");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "9c1b32c40000000000006c626d926927");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15516");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyG1Kd8zU&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyG1Kd8zU");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261646662307242");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:16:16");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect1[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect2[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect3[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect3[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect4[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect6[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect7[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect8[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HHcollect9[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/74435/Infozentrale.HRcollect4[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HH[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HR[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/85124/Pfandflaschensammler.HR[...]
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyG1Kd8zU&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [9628 octets] - [10/07/2012 12:05:25]
AdwCleaner[R2].txt - [9686 octets] - [10/07/2012 12:06:48]
AdwCleaner[S1].txt - [9526 octets] - [10/07/2012 16:24:48]

########## EOF - C:\AdwCleaner[S1].txt - [9654 octets] ##########
         

Antwort

Themen zu Mystart Incredibar - Ein Virus?
administrator, anleitung, anti-malware, autostart, brauch, dateien, downloads, durchgeführt, explorer, firefox, google, heuristiks/extra, heuristiks/shuriken, infos, melde, meldet, minute, mystart incredibar, pcs, posten, registrierung, seite, service, speicher, test, version, virus, virus?



Ähnliche Themen: Mystart Incredibar - Ein Virus?


  1. MyStart/Incredibar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (9)
  2. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 06.05.2013 (11)
  3. mystart incredibar virus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (13)
  4. Mystart incredibar Virus nach Treiberdownload
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (18)
  5. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (18)
  6. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  7. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (37)
  8. MyStart Incredibar Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (50)
  9. mystart.incredibar.com
    Log-Analyse und Auswertung - 29.09.2012 (2)
  10. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  11. mystart incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  13. MySTart by Incredibar
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (1)
  14. Mystart Incredibar
    Log-Analyse und Auswertung - 20.07.2012 (32)
  15. MyStart by IncrediBar
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (11)
  16. "MyStart Incredibar"-Virus nach Schriftartdownload?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. MyStart by IncrediBar - Was tun um "Virus" zu löschen?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)

Zum Thema Mystart Incredibar - Ein Virus? - Hallo liebe Community, in meinem Firefox meldet sich seit neustem bei einer Tab-Öffnung eine Mystart - Seite, und wie mir Doktor Google schon verraten hat, ist das wohl kein einfaches - Mystart Incredibar - Ein Virus?...
Archiv
Du betrachtest: Mystart Incredibar - Ein Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.